Kaspersky Industrial CyberSecurity for Networks
- About Kaspersky Industrial CyberSecurity for Networks
- What's new
- Application architecture
- Common deployment scenarios
- Installing and removing the application
- Preparing for application installation
- Ports used for installation and operation of components
- Using a script for centralized installation of application components
- Centralized installation of application components
- Centralized installation menu commands
- Reconfiguration and centralized reinstallation of application components
- Centralized installation of application components in non-interactive mode
- Reinforcing the security of computers with application components installed
- Upgrading from a previous version of the application
- Centralized removal of application components
- Using a script for local installation of application components
- Using a script for local removal of application components
- Installing the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center
- Getting started
- Initial configuration of the application after Server installation
- Starting and stopping the application
- Application interface
- Licensing the application
- About the End User License Agreement
- About the Privacy Policy
- About the license
- About the license certificate
- About the license key used for activating update functionality
- About the license key file used for activating update functionality
- Adding a license key when connected to the Server through the web interface
- Viewing information about an added license key
- Removing a license key
- Data provision
- Administration of Kaspersky Industrial CyberSecurity for Networks
- Managing nodes that have application components installed
- Managing monitoring points on nodes
- Monitoring the state of Kaspersky Industrial CyberSecurity for Networks
- Monitoring the application state when connected through the web interface
- Viewing application messages
- Viewing user activity audit entries
- Viewing information about nodes with application components installed and about network interfaces on nodes
- Viewing the status of services supporting operation of application components
- Restarting a computer that has application components installed
- Using a test network packet to verify event registration
- Synchronizing the time on nodes of Kaspersky Industrial CyberSecurity for Networks with the time source used for industrial network devices
- Updating SSL connection certificates
- Updating databases and application modules
- Distributing access to application functions
- About application user accounts
- Application functions that are available when connected to the Server through the web interface
- Viewing information about application user accounts
- Creating an application user account
- Changing the role of an application user account
- Deleting an application user account
- Changing a user account password
- Configuring Asset Management
- Asset Management methods and modes
- Selecting the applied methods and changing the Asset Management mode
- Manually adding devices
- Merging devices
- Deleting devices
- Manually changing the statuses of devices
- Generating a list of subnets for asset management
- Viewing information about devices with IP addresses from the selected subnets
- About arranging devices into groups
- Automatic grouping of devices based on a specific criterion
- Manually arranging devices into groups
- Moving nodes and groups to other groups on the network map
- Manually creating a device group tree
- Adding and removing labels for devices
- Editing device information
- Adding, editing and deleting custom fields for a device
- Configuring Process Control
- Supported devices and protocols
- Process Control devices
- Process Control settings for devices
- About automatic detection of Process Control settings for devices
- Enabling and disabling automatic detection of Process Control settings for devices
- Manually adding Process Control settings for a device
- Editing Process Control settings for a device
- Selecting the monitored system commands
- Clearing Process Control settings defined for a device
- Importing configurations of devices and tags from external projects
- Tags
- Process Control rules
- Rules with defined conditions for tag values
- Rules with Lua scripts
- Process Control rules learning mode
- Enabling and disabling rule-based Process Control
- Viewing the table of Process Control rules
- Selecting Process Control rules
- Creating a Process Control rule with settings of conditions
- Creating a Process Control rule with a Lua script
- Editing Process Control rule settings
- Creating, viewing and editing a global Lua script
- Deleting Process Control rules
- Viewing information about devices associated with Process Control rules
- Viewing tags associated with Process Control rules
- Configuring Interaction Control
- Learning mode for Interaction Control technologies
- Monitoring mode for Interaction Control technologies
- Selecting the technologies applied for Interaction Control
- Automatic generation of Interaction Control rules in learning mode
- Viewing Interaction Control rules in the table of allow rules
- Selecting Interaction Control rules in the table of allow rules
- Manually creating Interaction Control rules
- Editing Interaction Control rule settings
- Enabling and disabling Interaction Control rules
- Deleting Interaction Control rules
- Configuring Intrusion Detection
- Intrusion Detection rules
- Additional Intrusion Detection methods
- Enabling and disabling rule-based Intrusion Detection
- Enabling and disabling additional Intrusion Detection methods
- Viewing the table containing sets of Intrusion Detection rules
- Selecting sets of Intrusion Detection rules
- Enabling and disabling sets of Intrusion Detection rules
- Loading and replacing custom sets of Intrusion Detection rules
- Removing custom sets of Intrusion Detection rules
- Managing logs
- Managing technologies
- Managing connectors
- Configuring event types
- Viewing the table of event types
- Selecting event types in the table
- Editing the settings of a system event type
- Configuring automatic saving of traffic for system event types
- Configuring forwarding of events via connectors
- Common variables for substituting values in Kaspersky Industrial CyberSecurity for Networks
- Managing a security policy
- Using the Kaspersky Industrial CyberSecurity for Networks API
- Performing common tasks
- System monitoring in online mode
- Asset Management
- Devices table
- Viewing the devices table
- Viewing subnets for asset management
- Selecting devices in the devices table
- Selecting subnets in the subnets table
- Viewing device information
- Automatically adding and updating devices
- Automatically changing the statuses of devices
- Device group tree
- Monitoring read and write of PLC projects
- Viewing events associated with devices
- Exporting devices to a file
- Exporting subnets to a file
- Working with the network map
- Nodes on the network map
- Groups of devices on the network map
- Links on the network map
- Viewing details about objects
- Changing the network map scale
- Positioning the network map
- Pinning and unpinning nodes and groups
- Manually changing the location of nodes and groups
- Automatic arrangement of nodes and groups
- Filtering objects on the network map
- Saving and loading network map display settings
- Searching nodes on the network map
- Viewing events associated with nodes of known devices
- Viewing events associated with a link
- Viewing information in the devices table for selected nodes
- Viewing information in the devices table for a selected link
- Monitoring events and incidents
- Event severity levels
- Event registration technologies
- Event statuses
- Table of registered events
- Selecting events in the events table
- Viewing events included in an incident
- Filtering events
- Searching events
- Resetting the defined filter and search settings in the events table
- Sorting events
- Configuring the table of registered events
- Viewing event details
- Viewing information about devices associated with events
- Switching to the network map to display event information
- Changing the statuses of events
- Creating allow rules for events
- Setting markers
- Copying events to a text editor
- Exporting events to a file
- Loading traffic for events
- Creating a folder for exporting events to a network resource
- Monitoring vulnerabilities of devices
- Scenario for implementing the continuous vulnerability management process
- Device information used to check for vulnerabilities
- Viewing devices with detected vulnerabilities
- Viewing the vulnerabilities table
- Choosing vulnerabilities in the vulnerabilities table
- Viewing vulnerability information
- Automatically changing the states of vulnerabilities
- Manually changing the states of vulnerabilities
- Viewing information about devices with a detected vulnerability
- Viewing events associated with a vulnerability
- Exporting vulnerabilities to a file
- Deep Packet Inspection
- Detecting security issues in encryption protocols
- Application interaction with Kaspersky Security Center
- Connecting to the Server computer from Kaspersky Security Center
- Adding a license key to Kaspersky Industrial CyberSecurity for Networks from Kaspersky Security Center
- Using the Kaspersky Security Center Administration Server as the source of updates
- Monitoring events via Kaspersky Security Center
- Monitoring the ICS security state: Kaspersky Security Center and SCADA
- Troubleshooting
- The application cannot be installed due to an unavailable repository for DNF
- An application component cannot be installed on a selected node
- Application problems detected
- New application message
- Not enough free space on hard drive
- An error occurs when enabling a monitoring point
- No traffic at monitoring point
- Traffic is not being loaded for events or incidents
- Preventative maintenance and adjustment operations on the ICS
- Unexpected system restart
- After the Kaspersky Security Center Administration Server is reinstalled, Network Agent cannot be synchronized
- Unable to connect to the Server through the web interface
- When connecting to the Server, the browser displays a certificate warning
- Contacting Technical Support
- Sources of information about the application
- Appendices
- Steps to fix the CVE-2024-23836 vulnerability in the Intrusion Detection System
- Configuring time synchronization via the NTP and PTP protocols
- Supported ASDU types identification in protocols of the IEC 60870-5-104 and IEC 60870-5-101 standards
- Sending Kaspersky Industrial CyberSecurity for Networks events to SIEM systems
- Changing the validity period of connection sessions and authentication tokens by using a script
- Files for importing a universal project
- File with descriptions of devices: devices.csv
- File with descriptions of connections and protocols: connections.csv
- File with descriptions of tags and variables: variables.csv
- File with descriptions of enumerations: enums.csv
- File with descriptions of data sets (tag sets): datasets.csv
- File with descriptions of MMS protocol reports: iec61850_mms_reports.csv
- System event types in Kaspersky Industrial CyberSecurity for Networks
- System event types based on Deep Packet Inspection technology
- System event types based on Command Control technology
- System event types based on Network Integrity Control technology
- System event types based on Intrusion Detection technology
- System event types based on Asset Management technology
- System event types based on External technology
- Glossary
- Account role
- ARP spoofing
- Asset Management
- Command Control
- CVE
- Dedicated Kaspersky Industrial CyberSecurity network
- Deep Packet Inspection
- Device
- Device vulnerability
- Event
- Event correlation rule
- Event type
- External
- ICS
- Incident
- Industrial network
- Intelligent electronic device (IED)
- Interaction Control rule
- Intrusion Detection
- Intrusion Detection rule
- Kaspersky Industrial CyberSecurity for Networks Sensor
- Kaspersky Industrial CyberSecurity for Networks Server
- Link on the network map
- Monitoring point
- Network Integrity Control
- Network map
- Node
- Notification
- PLC project
- Process Control rule
- Programmable Logic Controller (PLC)
- SCADA
- Security policy
- SIEM
- System command
- Tag
- Information about third-party code
- Trademark notices
Installing the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center
The Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center (hereinafter also referred to as the "administration plug-in") must be installed on the computer on which the Kaspersky Security Center Administration Server is installed. The administration plug-in needs to be installed using an account that belongs to the group of local administrators.
You can install the administration plug-in in one of the following ways:
- Using the Setup Wizard.
- From the command line.
After installation, the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center appears in the list of installed administration plug-ins in the properties of the Kaspersky Security Center Administration Server. For detailed information on working with the Kaspersky Security Center Administration Server, please refer to the Kaspersky Security Center Help system.
To install the administration plug-in using the Wizard:
- On the computer where the Kaspersky Security Center Administration Server is installed, run the file named kics4net-sc-plugin_<plug-in version number>_<localization code>.msi from the Kaspersky Industrial CyberSecurity for Networks distribution kit.
Run the file with the localization code that matches the localization language of Kaspersky Security Center.
- Follow the instructions of the Setup Wizard.
To install the administration plug-in from the command line:
- On the computer where the Kaspersky Security Center Administration Server is installed, open the command line interface.
- Go to the folder that contains the file named kics4net-sc-plugin_<plug-in version number>_<localization code>.msi from the Kaspersky Industrial CyberSecurity for Networks distribution kit.
- Enter the following command in the command line:
kics4net-sc-plugin_<plug-in version number>_<localization code>.msi <settings for starting MSI files>
where:
<localization code>
– localization code of the administration plug-in. Run the file with the localization code that matches the localization language of Kaspersky Security Center.<settings for starting MSI files>
refers to one or several standard startup settings provided for Windows Installer. You can receive information about available settings by running a file with the/help
setting.