Scenario for preparing to receive data from EPP applications

The scenario for preparing to receive data from EPP applications consists of the following phases:

1. Installing EPP applications to computers of the monitored network

   During this phase, you need to install Kaspersky applications that perform functions for protecting workstations and servers (EPP applications). EPP applications need to be installed on all computers whose data you want to receive in Kaspersky Industrial CyberSecurity for Networks. These computers must either reside outside of the industrial network (whose traffic is monitored through monitoring points) or have an additional connection to another network that includes one of the nodes that has a Kaspersky Industrial CyberSecurity for Networks component installed (for example, a connection to the Kaspersky Industrial CyberSecurity dedicated network). If the functions of the Endpoint Agent software component for EPP applications are performed by Kaspersky Endpoint Agent, this application must also be installed on the corresponding computers.

   In the current version, Kaspersky Industrial CyberSecurity for Networks supports receiving and processing data only when integrated with Kaspersky Industrial CyberSecurity for Nodes or Kaspersky Industrial CyberSecurity for Linux Nodes. The versions of the specified applications that support operation in the integration mode are listed in the Hardware and software requirements article.

2. Adding integration servers for nodes of Kaspersky Industrial CyberSecurity for Networks

   This phase involves the completion of procedures for adding integration servers to the nodes that computers with the Endpoint Agent software component will connect to. Network interactions between nodes and these computers are possible only through network interfaces that are not being used as monitoring points. Specific network interfaces and IP addresses are not configured for integration servers because any available network interface and IP address of a computer can be used for an external connection to the integration server.

3. Creating communication data packages for integration server clients

   At this phase, you need to create and download communication data packages in which the application saves certificates and keys for connections between clients and integration servers. Each communication data package is an archive containing the following data:

   • Public certificate key of the integration server.
   • Certificate for integration server clients (with private key). This certificate is added if client certificate verification is enabled on the integration server. The certificate and key are saved in encrypted form with the password that was specified when the communication data package was created.
4. Uploading integration server connection data to client computers

   This stage is implemented using Kaspersky Security Center. Computers with the Endpoint Agent software component serve as clients for Kaspersky Industrial CyberSecurity for Networks integration servers. Upload certificates and/or keys from communication data packages to the Kaspersky Security Center Administration Server by using the Endpoint Agent administration plug-in. Then, create policies in Kaspersky Security Center for uploading data to computers with Endpoint Agent. For information about working with data and creating policies, please refer to the Kaspersky Endpoint Agent documentation or the Kaspersky Industrial CyberSecurity for Linux Nodes documentation.

   For each integration server, you must create at least one policy containing the following data to be uploaded to the computers of clients:

   • Public certificate key of the integration server.
   • IP address for connecting to the integration server. You can indicate any of the available IP addresses of the node containing the integration server (you can view the IP addresses when connected to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface on the Integration servers tab under Settings → Connection Servers). Port 8081 is the default port used for the connection.
   • Certificate for integration server clients (with private key). This certificate is added if client certificate verification is enabled on the integration server.
5. Enabling integration servers

   This phase is completed after applying policies and uploading data to computers with Endpoint Agent. During this phase, you need to enable all integration servers that will receive data from EPP applications. When an integration server is enabled on a node, the kics4net-epp-proxy service is activated.

When this scenario is fulfilled, Kaspersky Industrial CyberSecurity for Networks will begin to receive and process data from EPP applications.

Page top