Hardware and software requirements

Hardware requirements

Kaspersky Industrial CyberSecurity for Networks has the following minimum hardware requirements for computers on which application components will be installed:

Computer that will perform Server functions:
- CPU: Intel® Core™ i7 or equivalent (highest single-core frequency configurations are recommended)
- RAM: 32 GB
- Free space on the hard drive: 500 GB (SSD is recommended)
Computer that will perform sensor functions:
- CPU: Intel Core i5 / i7 or equivalent (maximum core configurations are recommended)
- RAM: 8 GB, and an additional 2 GB for each monitoring point on this computer
- Free space on the hard drive: 250 GB (SSD is recommended)

The maximum speed of inbound traffic at all monitoring points of the Server must be no more than 500 Mbps. For stable performance and to prevent data loss from incoming traffic in a distributed network architecture, it is recommended to use the deployment scheme that involves the Server and external sensors. Sensors reduce the load on the Application Server thanks to traffic preprocessing and data storage.

The maximum speed of incoming traffic at all of a sensor's monitoring points must be no more than 250 Mbps. When using sensors in a network with a distributed network architecture, it is recommended to configure receiving all industrial network traffic at a sensor's monitoring points and not at the Server.

If the devices originating the traffic also send duplicate traffic to another network interface of the Server or sensor, the application automatically discards duplicate network packets. However, the application's actions when processing network packets in this way increase the load on the computer's hardware resources and in some cases may slow down traffic processing.

When using sensors, the bandwidth of the dedicated Kaspersky Industrial CyberSecurity network between the Server and each sensor must be at least 1 Mbps, excluding the speed of the traffic coming to the sensor monitoring points. Considering the speed of the traffic coming to the monitoring points, the bandwidth of the channel between the sensor and the Server must be increased by at least 50% of the total incoming traffic to the sensor (for all monitoring points of the sensor).

Example:

A sensor has two monitoring points. One monitoring point receives 100 Mbps of traffic, while the other receives 200 Mbps. In this case, the bandwidth of the channel between the sensor and the Server must be at least 151 Mbps (1+(200+100)/2=151).

Software requirements

Kaspersky Industrial CyberSecurity for Networks has the following software requirements for computers on which application components will be installed:

CentOS Stream 9 operating system.
When installing the operating system, it is recommended to allocate the entire hard drive (minus the minimum space required for the boot and swap partitions) to the system (root) partition. To improve the performance of software, you can also mount the /var/ folder to a high-speed hard drive (if you have an additional drive, such as an SSD drive). If you choose to do so, the /var/ folder must be completely mounted to the other drive. Subfolders within the /var/ folder (such as /var/opt/) cannot be mounted to different drives.
The same version of operating system must be installed on all computers where application components are installed.
To install application components in the CentOS operating system, the following conditions must be fulfilled:

Expand all | Collapse all

Chrony time synchronization package version 3.1 or later is installed
You can install the Chrony time synchronization package by using the following commands in the operating system console:

sudo dnf install chrony
sudo systemctl enable chronyd
sudo systemctl start chronyd
The SELinux access control enforcement system is disabled
1. Open the system configuration file. To do so, enter the following command:
  sudo mcedit /etc/selinux/config
2. Set the following parameter value:
  SELINUX=disabled
3. Save and close the configuration file.
4. Restart the computer.
The dnf-utils package is installed
You can install the dnf-utils package by using the following command in the operating system console:

sudo dnf install dnf-utils
The compat-openssl package is installed
You can install the compat-openssl package by running the following command in the operating system console:

sudo dnf install compat-openssl11
The lttng-ust package with the LTTng library version no newer than 2.12 is installed
In CentOS Stream 9 operating system, you can install the lttng-ust package with the required version of the LTTng library using the following command in the operating system console:

sudo dnf install lttng-ust.x86_64

To ensure proper functioning of application components on the computer that will perform Server functions, the following conditions must also be fulfilled in the CentOS operating system:
- Python interpreter version 3.9 or later is installed, along with packages supporting the operation of connectors and data conversion scripts (if connectors will also operate on other computers, the packages must also be installed on those computers)
  You can install packages for connectors and data conversion scripts by carrying out the following commands in the operating system console:
  
  sudo dnf install epel-release
  
  sudo dnf install python3-psycopg2 python3-cryptography python3-paramiko
- Mail server is installed (Mail Transfer Agent, MTA) to send emails through the email connector and to send reports by email (for example, Postfix)
  You can install a Postfix mail server by using the following commands in the operating system console:
  
  sudo dnf -y install postfix
  sudo systemctl start postfix
  sudo systemctl enable postfix
- Perl interpreter version 5.10 or later is installed (if Kaspersky Security Center Network Agent is being installed).

For installation of application components, it is recommended to use separate computers on which only software from the operating system is installed. If third-party applications are installed on computers, the performance of components of Kaspersky Industrial CyberSecurity for Networks may be reduced.

You can use the following browsers to connect through the web interface:

Google Chrome™ version 115 or later.
Mozilla™ Firefox™ version 116 or later.
Microsoft® Edge® version 115 or later.

Kaspersky Industrial CyberSecurity for Networks is compatible with Kaspersky Security Center 14.2 and Kaspersky Security Center 15 Linux.

Kaspersky Industrial CyberSecurity for Networks supports operation in the integration mode with the following applications: Kaspersky Industrial CyberSecurity for Nodes 3.1 and 3.2 and Kaspersky Industrial CyberSecurity for Linux Nodes version 1.3. In the integration mode, Kaspersky Industrial CyberSecurity for Networks interacts with Kaspersky Endpoint Agent installed on the devices. When interacting with Kaspersky Endpoint Agent, the following functionalities are available in Kaspersky Industrial CyberSecurity for Networks:

Receiving basic data about the devices and running processes (telemetry data).
Receiving extended data about the devices and running processes: data for equipment monitoring, data for determining device categories, and data for building threat chains.
Performing actions on devices: scanning devices as part of security audit jobs, triggering response actions.

Receiving basic data (telemetry data) is available when using Kaspersky Endpoint Agent 3.14 or later. The capabilities of receiving extended data and performing actions on devices are available when using Kaspersky Endpoint Agent 3.15 or Kaspersky Endpoint Agent 3.16. However, to interact with Kaspersky Endpoint Agent 3.15, you must use version 3.15.0.279 with the patch installed, which activates the functionality of integration with Kaspersky Industrial CyberSecurity for Networks. You can request Kaspersky Endpoint Agent 3.15.0.279 and the patch for this version from your personal technical account manager (TAM).