When installing a Server without external sensors, all data to be processed and analyzed is received only by the computer that performs Server functions. You can use this installation method if the computer has a sufficient number of network interfaces to receive data from various sources.
The computer must have network interfaces to receive traffic on monitoring points from all industrial network segments. Due to the limit on the number of monitoring points on the Server, there must be no more than four of these network interfaces.
The computer must also have one more network interface so that other computers can connect to the Server through the web interface. There must be no monitoring points on this network interface. If there are no more free network interfaces on the computer, this same network interface can be used for connections through connectors and for receiving data from EPP applications.
The figure below shows an example scenario for deploying a Server without sensors. The network interfaces of the computer that performs Server functions are connected to the SPAN ports of network switches (SPAN ports and connections are marked yellow) and receive a copy of traffic from three segments of the industrial network. The dedicated Kaspersky Industrial CyberSecurity network is designated by green lines.
Example deployment of a Server without sensors
Page top