Security recommendations for Kaspersky Industrial CyberSecurity for Networks
To ensure secure operation of the application at an enterprise after installation of Kaspersky Industrial CyberSecurity for Networks, it is recommended to reinforce the security of computers on which the Kaspersky Industrial CyberSecurity for Networks Server and sensors are installed. The required level of security ensuring safe operation of the application must be supported by the operating system and its protection tools. To maintain security of the application, it is recommended to regularly install updates for application modules and databases of Kaspersky Industrial CyberSecurity for Networks and security updates for the operating system.
It is recommended to restrict physical access to hardware on which the application is running to prevent the following potential security issues:
- Unauthorized shutdown of hardware (or disconnection from the network)
- Connection of tools that can intercept transmitted data
- Theft of hard drives containing data
- Use of other equipment to destroy or replace data on hard drives
When deploying Kaspersky Industrial CyberSecurity for Networks, you are advised to do the following:
- Restrict remote and local access to computers that have components of Kaspersky Industrial CyberSecurity for Networks installed.
After each use of a script for centralized installation of application components (including for centralized removal or to reinforce computer security) you must block access to computers over the SSH protocol for security purposes. You can block access by using the following command in the operating system console:
sudo systemctl disable --now sshd. To restore access over the SSH protocol (if you need to reuse a script for centralized installation of application components), you can use the command:sudo systemctl enable --now sshd. - Regularly check and update password policies for active user accounts in operating systems on computers that have application components installed. Password policies must comply with the recommendations on ensuring the required level of security of the operating system.
- Ensure that the application interfaces can be accessed only by personnel who are authorized to install and configure the application, and by users (operators) who use the application to perform standard tasks.
- Use hardware or a security service to control physical access to the equipment running the application and to the utilized network equipment.
- Use video surveillance and alarm systems to monitor restricted rooms.
When application events are transmitted to recipient systems (other than Kaspersky Security Center), the application does not guarantee the security of the data transfer. We recommend that you use other means to secure the data transfer.
For use of application management tools, it is also recommended to take the following actions to ensure data security on the intranet:
- Protect traffic within the intranet.
- Protect connections to external networks.
- Use digital certificates published by trusted certificate authorities.
- Use account credentials that meet the requirements for user names and passwords of application user accounts.
- Ensure that passwords are confidential and unique.
If there is a risk that the password was compromised, the application user must promptly change their password.
- Customized time synchronization on the Kaspersky Industrial CyberSecurity for Networks nodes.
- Terminate the web interface connection session before closing your browser.
To force termination of a connection session, you need to use the Log out option in the user menu.
