Hardware and software requirements

Hardware requirements

Kaspersky Industrial CyberSecurity for Networks has the following minimum hardware requirements for computers on which application components will be installed:

• Computer that will perform Server functions:
  • CPU: Intel® Core™ i7 or equivalent (highest single-core frequency configurations are recommended)
  • RAM: 32 GB
  • Free space on the hard drive: 500 GB (SSD is recommended)
• Computer that will perform sensor functions:
  • CPU: Intel Core i5 / i7 or equivalent (maximum core configurations are recommended)
  • RAM: 8 GB, and an additional 4 GB when using monitoring points on this computer (for any number of monitoring points)
  • Free space on the hard drive: 250 GB (SSD is recommended)

We recommend a distributed deployment with a Server and external sensors. Configure industrial network traffic to be sent to sensor monitoring points. Sensors reduce the load on the Application Server thanks to traffic preprocessing and data storage.

All industrial network traffic must be load-balanced across Servers and sensors for stable performance. The recommended maximum incoming traffic rates are 500 Mbit/s for a Server node and 250 Mbit/s for a Sensor node.

Avoid sending duplicate traffic to the Server or sensor node and correctly configure the network equipment to transmit a copy of the traffic (for examples of configuring port mirroring for some switch models, see the Appendix). When duplicate traffic is detected, the application automatically drops the duplicate network packets, which increases the load on the computer hardware resources and in some cases may slow down the traffic processing.

When using sensors, the bandwidth of the dedicated Kaspersky Industrial CyberSecurity network between the Server and each sensor must be at least 1 Mbps, excluding the speed of the traffic coming to the sensor monitoring points. Considering the speed of the traffic coming to the monitoring points, the bandwidth of the channel between the sensor and the Server must be increased by at least 50% of the total incoming traffic to the sensor (for all monitoring points of the sensor).

Example: Two sensor monitoring points are being used, one of these receiving 100 Mbit/s, and the other, 200 Mbit/s. The bandwidth between the sensor and the Server in that case must be at least 151 Mbit/s (1+(200+100)/2=151).

Software requirements

Kaspersky Industrial CyberSecurity for Networks has the following software requirements for computers on which application components will be installed:

• CentOS Stream 9 operating system.

  When installing the operating system, it is recommended to allocate the entire hard drive (minus the minimum space required for the boot and swap partitions) to the system (root) partition. To improve the performance of software, you can also mount the /var/ folder to a high-speed hard drive (if you have an additional drive, such as an SSD drive). If you choose to do so, the /var/ folder must be completely mounted to the other drive. Subfolders within the /var/ folder (such as /var/opt/) cannot be mounted to different drives.

• The same version of operating system must be installed on all computers where application components are installed.
• To install application components in the CentOS operating system, the following conditions must be fulfilled:
  • Chrony time synchronization package version 3.1 or later is installed.

    You can install the Chrony time synchronization package by using the following commands in the operating system console:

    sudo dnf install chrony
sudo systemctl enable chronyd
sudo systemctl start chronyd

  • The SELinux access control enforcement system is disabled. To do this:
    1. Open the system configuration file. To do so, enter the following command:

       sudo mcedit /etc/selinux/config

    2. Set the following parameter value:

       SELINUX=disabled

    3. Save and close the configuration file.
    4. Restart the computer.
  • The dnf-utils package is installed.

    You can install the dnf-utils package by using the following command in the operating system console:

    sudo dnf install dnf-utils

  • The compat-openssl package is installed.

    You can install the compat-openssl package by running the following command in the operating system console:

    sudo dnf install compat-openssl11

  • The lttng-ust package with the LTTng library version no newer than 2.12 is installed.

    In CentOS Stream 9 operating system, you can install the lttng-ust package with the required version of the LTTng library using the following command in the operating system console:

    sudo dnf install lttng-ust.x86_64

• To ensure proper functioning of application components on the computer that will perform Server functions, the following conditions must also be fulfilled in the CentOS operating system:
  • Python interpreter 3.9 or later is installed, as well as packages for operation of connectors and data conversion scripts (if the connectors are planned to work on other computers, the packages must also be installed on these computers).

    You can install packages for connectors and data conversion scripts by carrying out the following commands in the operating system console:

    sudo dnf install epel-release

    sudo dnf install python3-psycopg2 python3-cryptography python3-paramiko

  • Mail server is installed (Mail Transfer Agent, MTA) to send emails through the email connector and to send reports by email (for example, Postfix).

    You can install a Postfix mail server by using the following commands in the operating system console:

    sudo dnf -y install postfix
sudo systemctl start postfix
sudo systemctl enable postfix

  • Perl interpreter version 5.10 or later is installed (if Kaspersky Security Center Network Agent is being installed).

For installation of application components, it is recommended to use separate computers on which only software from the operating system is installed. If third-party applications are installed on computers, the performance of components of Kaspersky Industrial CyberSecurity for Networks may be reduced.

You can use the following browsers to connect through the web interface:

• Google™ Chrome™ version 115 or later.
• Mozilla™ Firefox™ version 115 or later.
• Microsoft® Edge® version 115 or later.

Supported Kaspersky Security Center versions

Kaspersky Industrial CyberSecurity for Networks is compatible with Kaspersky Security Center 14.2 and Kaspersky Security Center Linux version 15 and 15.1.

Integration with EPP applications

Kaspersky Industrial CyberSecurity for Networks supports operation in the integration mode with the following applications that perform functions to protect workstations and servers (EPP applications):

• Kaspersky Industrial CyberSecurity for Nodes version 3.1, 3.2, and 4.0.

  Interaction between Kaspersky Industrial CyberSecurity for Networks and this application is facilitated by the Kaspersky Endpoint Agent installed on the devices. Supported versions of Kaspersky Endpoint Agent: 3.15, 3.16, and 4.0.

• Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 and 1.5.

  Interaction between Kaspersky Industrial CyberSecurity for Networks and this application is facilitated by the software modules that are built into Kaspersky Industrial CyberSecurity for Linux Nodes.

All capabilities of integration mode are available when using Kaspersky Industrial CyberSecurity for Nodes version 4.0 with Kaspersky Endpoint Agent version 4.0. When using other versions of the specified software, the following functions of Kaspersky Industrial CyberSecurity for Networks cannot receive data from EPP applications:

• Receive information about threat development chains for EDR incidents: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or 1.5.
• Manage response actions: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or 1.5.
• Hardware control on Linux® devices: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3.
• Device configuration control: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or Kaspersky Endpoint Agent version 3.15 or 3.16.
• User control on devices: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or Kaspersky Endpoint Agent version 3.15 or 3.16.
• Application control on devices: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or Kaspersky Endpoint Agent version 3.15 or 3.16.
• Patch control on devices: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or 1.5, or Kaspersky Endpoint Agent version 3.15 or 3.16.
• Executable file startup control on devices: if you are using Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3 or Kaspersky Endpoint Agent version 3.15 or 3.16.

Integration with Kaspersky SD-WAN

Kaspersky Industrial CyberSecurity for Networks supports integration with Kaspersky SD-WAN version 2.2 or later.

See also: Overview of Kaspersky Industrial CyberSecurity for Networks functionality Application architecture

Page top