While the Network Threat Protection component is running, the application scans inbound network traffic for activity that is typical for network attacks. Kaspersky Industrial CyberSecurity for Linux Nodes receives the numbers of the TCP ports from the current application databases and scans incoming traffic for these ports.
To scan network traffic, the Network Threat Protection task receives port numbers from the application databases and accepts connections via all these ports. During the network scan process, it may look like an open port on the device, even if no application on the system is listening to this port. It is recommended to close unused ports by means of a firewall.
Upon detection of a network attack attempt aimed at your computer, the application logs the corresponding event, and can also block network activity from the attacking computer.
Network Threat Protection settings
Setting |
Description |
|---|---|
Network Threat Protection enabled / disabled |
This toggle switch enables or disables Network Threat Protection. The check toggle button is switched on by default. |
Action on threat detection |
Actions performed upon detection of network activity that is typical of network attacks.
|
Blocking attacking devices enabled / disabled |
This toggle switch enables or disables blocking network activity when a network attack attempt is detected. The check toggle button is switched on by default. |
Block the attacking device for (min) |
In this field you can specify the duration an attacking device is blocked in minutes. After the specified time, Kaspersky Industrial CyberSecurity for Linux Nodes allows network activity from this device. Available values: integer from The default value is |
Trusted IP addresses |
The table contains a list of IP addresses. Network attacks from these addresses will not be blocked. By default, the list is empty. |