Scenario for preparing to receive data from EPP applications

The scenario for preparing to receive data from EPP applications consists of the following phases:

1. Installing EPP applications to computers of the monitored network

   During this phase, you need to install Kaspersky applications that perform functions for protecting workstations and servers (EPP applications). EPP applications need to be installed on all computers whose data you want to receive in Kaspersky Industrial CyberSecurity for Networks. These computers must either reside outside of the industrial network (whose traffic is monitored through monitoring points) or have an additional connection to another network that includes one of the nodes that has a Kaspersky Industrial CyberSecurity for Networks component installed (for example, a connection to the Kaspersky Industrial CyberSecurity dedicated network). Kaspersky Endpoint Agent must be installed together with EPP applications.

   The current version of Kaspersky Industrial CyberSecurity for Networks can receive and process data only from Kaspersky Industrial CyberSecurity for Nodes version 3.0 or later. You can use Kaspersky Endpoint Agent version 3.11 or later to transfer data from Kaspersky Industrial CyberSecurity for Nodes to Kaspersky Industrial CyberSecurity for Networks. For information on installing these applications, please refer to the Help Guide for the specific application.

2. Adding integration servers for nodes of Kaspersky Industrial CyberSecurity for Networks

   This phase involves the completion of procedures for adding integration servers to nodes that computers with Kaspersky Endpoint Agent will connect to. Network interactions between nodes and these computers are possible only through network interfaces that are not being used as monitoring points. Specific network interfaces and IP addresses are not configured for integration servers because any available network interface and IP address of a computer can be used for an external connection to the integration server.

3. Creating communication data packages for integration server clients

   At this phase, you need to create and download communication data packages in which the application saves certificates and keys for connections between clients and integration servers. Each communication data package is an archive containing the following data:

   • Public certificate key of the integration server.
   • Certificate for integration server clients (with private key). This certificate is added if client certificate verification is enabled on the integration server. The certificate and key are saved in encrypted form with the password that was specified when the communication data package was created.
4. Uploading integration server connection data to client computers

   This phase is implemented by using the Kaspersky Security Center Administration Console and the Kaspersky Endpoint Agent administration plug-in. Computers with Kaspersky Endpoint Agent installed serve as clients for Kaspersky Industrial CyberSecurity for Networks integration servers. During this phase, you need to upload certificates and/or keys from communication data packages to the Kaspersky Security Center Administration Server by using the Kaspersky Endpoint Agent administration plug-in. Then, in the Kaspersky Security Center Administration Console, you need to create policies for uploading data to computers with Kaspersky Endpoint Agent. For information about working with data and creating policies, please refer to the Kaspersky Endpoint Agent documentation.

   For each integration server, you must create at least one policy containing the following data to be uploaded to the computers of clients:

   • Public certificate key of the integration server.
   • IP address for connecting to the integration server. You can indicate any of the available IP addresses of the node containing the integration server (you can view the IP addresses when connected to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface on the Integration servers tab under Settings → Connection Servers). Port 8081 is the default port used for the connection.
   • Certificate for integration server clients (with private key). This certificate is added if client certificate verification is enabled on the integration server.
5. Enabling integration servers

   This phase is completed after applying policies and uploading data to computers with Kaspersky Endpoint Agent. During this phase, you need to enable all integration servers that will receive data from EPP applications. When an integration server is enabled on a node, the kics4net-epp-proxy service is activated.

When this scenario is fulfilled, Kaspersky Industrial CyberSecurity for Networks will begin to receive and process data from EPP applications.

Page top