Security recommendations for Kaspersky Industrial CyberSecurity for Networks

To ensure secure operation of the application at an enterprise after installation of Kaspersky Industrial CyberSecurity for Networks, it is recommended to reinforce the security of computers on which the Kaspersky Industrial CyberSecurity for Networks Server and sensors are installed.

It is also recommended to restrict access to hardware on which the application is running.

When deploying Kaspersky Industrial CyberSecurity for Networks, you are advised to do the following:

• Restrict access to computers on which the Kaspersky Industrial CyberSecurity for Networks Server and sensors are installed, and restrict access to the network equipment of the dedicated network.
• Grant access to personnel authorized to install and configure the Server's and sensors' equipment and software, and to users of the application.
• Use hardware or a security service to control physical access to the equipment running the application.
• Restrict access to network equipment used for receiving data from the industrial network and for the interaction of application components.
• Use an alarm system to monitor access to restricted rooms.
• Install video surveillance in restricted rooms.

When application events are transmitted to recipient systems (other than Kaspersky Security Center), the application does not guarantee the security of the data transfer. We recommend that you use other means to secure the data transfer.

For use of application management tools, it is also recommended to take the following actions to ensure data security on the intranet:

• Protect traffic within the intranet.
• Protect connections to external networks.
• Use digital certificates published by trusted certificate authorities.
• Use account credentials that meet the requirements for user names and passwords of application user accounts.
• Ensure that passwords are confidential and unique.

  If there is a risk that the password was compromised, the application user must promptly change their password.

• Terminate the Server connection session before the user closes the web browser or Application Console.

  To force termination of a connection session in the web browser, you need to use the Log out option in the user menu. To force termination of a connection session in the Application Console, you need to close the Console window.

Page top