Identification and authentication details from secrets should be used only for remote connections to those devices selected for security audit jobs. To protect this information against possible compromise in the event of device spoofing, the application checks the public key received from the device before sending the information. The device uses the public key to establish SSH connections. A public key helps the application to verify that the SSH connection is being established with the correct device. Identification and authentication details are sent to the device after verifying that the received public key matches the public key saved in the application.
The saved public key of the device is displayed in the details area of the selected device on the General tab.
Receiving and saving devices' public keys in the application
Public keys of devices are not defined in Kaspersky Industrial CyberSecurity for Networks by default. A device's public key is received and saved when an SSH connection is first established with the device for scanning as part of a security audit job that uses Remote connection polling or an Active Poll connector. Identification and authentication details from the selected secret are sent to the device without checking the received public key. Therefore, before starting the security audit job for the first time for the selected device and establishing an SSH connection to it, make sure that there is no spoofed device on the network. To do this, you can run ifconfig to check that the device IP addresses defined in the application match those on the actual device network interfaces.
Resetting saved device public keys
SSH connection keys on devices may change with time. Device users may generate new keys when their current private keys are at a risk of compromise.
When the private key is changed on the device, the public key is changed as well. After changing the public key, the application stops sending information from the secrets to this device because the new public key no longer matches the one saved in the application. Therefore, any subsequent device scans as part of security audit jobs finish with an error.
After changing the public key on the device, reset the currently saved public key for the device stored in the application. This will allow the secrets to be used again when connecting to the device remotely.
After resetting the saved public key, the application saves the newly received public key when an SSH connection is next established with this device. Check that there is no spoofed device on the network, similarly to when initially receiving and saving a public key.
Only users with the Administrator role can reset saved public keys.
To reset saved device public keys:
A window with a confirmation prompt opens.