Network Control

To control an industrial network using Kaspersky Industrial CyberSecurity for Networks, you can configure monitoring of the communications between devices in the industrial network.

The application monitors communications between industrial network devices based on Network Control rules. A Network Control rule describes the authorized communications for devices.

A Network Control rule can apply one of the following technologies:

• Network Integrity Control – the rule describes network interaction between devices using a specific set of protocols and connection settings.
• Command Control – the rule describes the monitored system commands during communications between devices over one of the supported protocols for Process Control.

Generally, a Network Control rule contains the following information about communications:

• Sides participating in network communications.
• Allowed protocol or system commands.

Network Control rules may be active or inactive.

By default, a rule is active after it is created and is applied to allow the described communications. The application does not register events when it detects interactions that are described in active network control rules.

Inactive rules are intended for describing unwanted network communications. . In Network Control learning mode, inactive rules prevent automatic creation of new active rules for detected network interactions that are described in inactive rules. In Network Control monitoring mode, inactive rules are not taken into account.

The application processes network control rules based on Network Integrity Control and Command Control technology if the use of these technologies is enabled.

The following methods are provided for creating a list of Network Control rules:

• Automatic generation of rules in learning mode.
• Manual creation of rules.

The list of Network Control rules is stored on the Server and is independent of the security policy loaded in the Console or applied on the Server.

You can configure network control rules in the Network Control section of the Kaspersky Industrial CyberSecurity for Networks web interface.

You can configure the settings for registration of Network Control events in the Application Console on the Configure events tab. Events registered based on Network Integrity Control and Command Control technologies are categorized as system events.

You can view Network Control events in the table of registered events. Events registered based on Network Integrity Control technology have the Warning severity level. Events registered based on Command Control technology are assigned a severity that depends on the severity level defined for the detected system command.

In this section: Network Control learning mode Network Control monitoring mode Selecting the applied technologies and changing the Network Control mode Automatic generation of Network Control rules in learning mode Viewing the table of Network Control rules Selecting Network Control rules Manually creating Network Control rules Editing Network Control rule settings Changing the state of Network Control rules Deleting Network Control rules

Page top