Creating an interaction control rule with blank settings or settings from a template

To create an interaction control rule with blank settings or settings from a template:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
  2. In the Allow rules section, open the details area by clicking Add rule.
  3. If you want to define the values of settings from a template, in the details area click Use template, select the necessary template in the opened window and click Apply.
  4. In the details area, select the rule type corresponding to the relevant Interaction Control technology:
    • If you want to create a rule based on Network Integrity Control technology, click NIC.
    • If you want to create a rule based on Command Control technology, click CC.
  5. In the Protocol field, specify the protocol for interaction between devices.

    When the Protocol field is selected, a window opens showing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.

    If necessary, use the search field above the table to find relevant protocols.

    To specify the protocol:

    1. In the protocols table, select the protocol that you want to specify for the rule. To select the relevant protocol, click the button that is displayed in the left column of the protocols table.

      For a Network Integrity Control rule, you can select any protocol that is displayed in the table of supported protocols. For a Command Control rule, you can select only a protocol from among the supported protocols for process control.

    2. Click OK.

    If you select a protocol that can be identified by the application based on the contents of network packets, a notification about this appears below the Protocol field.

  6. If Command Control technology is selected for the rule, specify the relevant system commands in the Commands field.

    When the Commands field is selected, a window opens with a list of system commands that are available for the selected protocol. To specify the commands:

    1. In the list of system commands, select the check boxes next to the commands that should be allowed. If all commands should be allowed, you can either select all check boxes or clear all check boxes for all commands.
    2. Click OK.
  7. If required, enter additional information about the rule in the Comment field.
  8. In the Side 1 and Side 2 settings groups, specify the editable address information for the participants (sides) of network interaction. Depending on the selected protocol (or set of protocols), address information may contain a MAC address, IP address, and/or port number. If additional address spaces were added to the application, you can specify the names of the address spaces for addresses.

    To autofill the address information of a side of network interaction, you can select devices that are known to the application. To do so:

    1. Open the device selection window by clicking Specify device addresses.
    2. In the device selection window, select the check boxes next to the devices that you want to use.

      The device selection window contains a table in which you can configure the layout and order of columns, and also filter, search and sort similarly to the devices table in the Assets section.

    3. Click OK in the device selection window.
  9. In the details area, click Save.

    The application checks the current list of Interaction Control rules.

  10. If the Interaction Control rules include an enabled rule in which all the settings match, you will see a warning about the presence of a matching rule. In this case, close the warning and change the settings of the created rule.
  11. If the Interaction Control rules include an enabled rule with more general settings, you will see a warning about the presence of a general rule. If a general rule is present, a new specific rule will not be used in the application. The warning will contain a prompt to save the new specific rule. To create a new rule with defined settings, confirm your decision in the prompt window (for example, if you want to then remove the general rule).

    The new rule will be added to the allow rules table.

  12. If the Interaction Control rules include enabled rules with more specific settings, you will see a warning about the presence of more specific rules. After a general rule appears, the specific rules will not be used in the application. The warning will contain a prompt to remove the specific rules. To remove specific rules, confirm your decision in the prompt window.

    If the rules table contains disabled rules with more specific or matching settings, the application removes these rules from the list. The application does not show a prompt when removing these rules.

  13. If there is no enabled rule allowing network interaction between devices for a new rule based on Command Control technology, you will be prompted to create the corresponding rule based on Network Integrity Control technology. In this case, you are advised to create an additional rule together with the current rule being created. To do so, confirm your decision in the prompt window and perform the necessary actions to create a new rule based on Network Integrity Control technology.
Page top