Hardware and software requirements

Hardware requirements

Kaspersky Industrial CyberSecurity for Networks has the following minimum hardware requirements for computers on which application components will be installed:

• Computer that will perform Server functions:
  • CPU: Intel® Core™ i7 or equivalent (highest single-core frequency configurations are recommended)
  • RAM: 32 GB
  • Free space on the hard drive: 500 GB (SSD is recommended)
• Computer that will perform sensor functions:
  • CPU: Intel Core i5 / i7 or equivalent (maximum core configurations are recommended)
  • RAM: 8 GB, and an additional 4 GB when using monitoring points on this computer (for any number of monitoring points)
  • Free space on the hard drive: 250 GB (SSD is recommended)

We recommend a distributed deployment with a Server and external sensors. Configure industrial network traffic to be sent to sensor monitoring points. Sensors reduce the load on the Application Server thanks to traffic preprocessing and data storage.

All industrial network traffic must be load-balanced across Servers and sensors for stable performance. The recommended maximum incoming traffic rates are 500 Mbit/s for a Server node and 250 Mbit/s for a Sensor node.

Avoid sending duplicate traffic to the Server or sensor node and correctly configure the network equipment to transmit a copy of the traffic (for examples of configuring port mirroring for some switch models, see the Appendix). When duplicate traffic is detected, the application automatically drops the duplicate network packets, which increases the load on the computer hardware resources and in some cases may slow down the traffic processing.

When using sensors, the bandwidth of the dedicated Kaspersky Industrial CyberSecurity network between the Server and each sensor must be at least 1 Mbps, excluding the speed of the traffic coming to the sensor monitoring points. Considering the speed of the traffic coming to the monitoring points, the bandwidth of the channel between the sensor and the Server must be increased by at least 50% of the total incoming traffic to the sensor (for all monitoring points of the sensor).

Example: Two sensor monitoring points are being used, one of these receiving 100 Mbit/s, and the other, 200 Mbit/s. The bandwidth between the sensor and the Server in that case must be at least 151 Mbit/s (1+(200+100)/2=151).

Software requirements

Kaspersky Industrial CyberSecurity for Networks has the following software requirements for computers on which application components will be installed:

• Astra Linux Special Edition RUSB.10015-01 (scheduled update 1.8)

  When installing the operating system, it is recommended to allocate the entire hard drive (minus the minimum space required for the boot and swap partitions) to the system (root) partition. To improve the performance of software, you can also mount the /var/ folder to a high-speed hard drive (if you have an additional drive, such as an SSD drive). If you choose to do so, the /var/ folder must be completely mounted to the other drive. Subfolders within the /var/ folder (such as /var/opt/) cannot be mounted to different drives.

• The same version of operating system must be installed on all computers where application components are installed.
• To install application components in the Astra Linux Special Edition operating system, the following conditions must be fulfilled:
  • UEFI or BIOS software settings allow operating system-level control of CPU performance. This enables the application to automatically set the CPU to maximum performance mode during installation or after a reboot.
  • The standard operating system components "Internet tools" and "Network services" are installed (in addition to the standard components that are installed by default in the operating system).
  • The operating system has an active firewall implemented by the UFW network security configuration application (for automatic configuration of network filtering).
  • Repositories containing up-to-date stable versions of installation packages are connected in the operating system (for example, connected repositories on discs containing an update of the installation disc for the operating system and an update of the disc containing development tools). To do this:
    1. Insert the disc that you want to use to connect a repository.
    2. In the operating system console, carry out the following commands:

       sudo apt-cdrom add
sudo apt update

  • Chrony time synchronization package version 4.3 or later is installed.

    You can install the Chrony time synchronization package by using the following commands in the operating system console:

    sudo apt install chrony
sudo systemctl enable chrony
sudo systemctl start chrony

  • The rsync package is installed.

    You can install the rsync package by running the following command in the operating system console:

    sudo apt install rsync

  • The libcap2-bin package is installed.

    You can install the libcap2-bin package by carrying out the following command in the operating system console:

    sudo apt install libcap2-bin

  • python3-apt is installed.

    You can install python3-apt with the following command in the operating system console:

    sudo apt install python3-apt

  • The SSH server package is installed (for centralized installation of application components).

    You can install the SSH server package by carrying out the following commands in the operating system console:

    sudo apt install ssh
systemctl enable ssh
systemctl start ssh

  • The en_US.utf8 locale is enabled (on the computer from which the centralized installation of application components will be performed).

    You can enable the en_US.utf8 locale by carrying out the following command in the operating system console:

    sudo localedef -i en_US -f UTF-8 en_US.utf8

• To ensure proper functioning of application components on all computers that will perform Server and sensor functions, the following conditions must be fulfilled in the Astra Linux Special Edition operating system:
  • Information streams are allowed without limitations from the capability-based access restriction mechanism (a null capability marker is set for all access objects).
  • The closed software environment mechanism is disabled in the operating system.
• To ensure proper functioning of application components on the computer that will perform Server functions, the following conditions must also be fulfilled in the Astra Linux Special Edition operating system:
  • A Python® 3.11 interpreter has been installed along with prerequisite packages for connectors and data transformation scripts. If the connectors will run on other computers, the packages also need to be installed on those computers.

    You can install packages for connectors and data conversion scripts by using the following command in the operating system console:

    sudo apt install python3-psycopg2 python3-cryptography python3-paramiko python3-requests

  • A PostgreSQL secure database management system, part of the operating system distribution (installation package postgresql-15), has been installed. The DBMS must use at least four physical or virtual CPU cores. Using a secure DBMS may require an additional vendor license depending on the operating system version and other factors.
  • A Mail Transfer Agent (MTA) is installed and configured to send email through an email connector and to send reports via email. For example, you can configure an Exim 4 mail server.
  • Perl interpreter version 5.10 or later is installed (if Kaspersky Security Center Network Agent is being installed).

For installation of application components, it is recommended to use separate computers on which only software from the operating system is installed. If third-party applications are installed on computers, the performance of components of Kaspersky Industrial CyberSecurity for Networks may be reduced.

You can use the following browsers to connect through the web interface:

• Google Chrome version 115.
• Mozilla™ Firefox™ version 115.
• Microsoft Edge version 115.
• Chromium™ for Astra Linux version 115.

Supported Kaspersky Security Center versions

Kaspersky Industrial CyberSecurity for Networks is compatible with Kaspersky Security Center 15.1 (version 15.1.0.20748) and Kaspersky Security Center Linux 15.1 (version 15.1.0.12199). Supported Kaspersky Security Center Network Agent version: 15.1.0-20748.

Integration with EPP applications

Kaspersky Industrial CyberSecurity for Networks supports operation in the integration mode with the following applications that perform functions to protect workstations and servers (EPP applications):

• Kaspersky Industrial CyberSecurity for Nodes 4.0.

  Interaction between Kaspersky Industrial CyberSecurity for Networks and this application is facilitated by the Kaspersky Endpoint Agent installed on the devices. Supported Kaspersky Endpoint Agent version: 4.0.

• Kaspersky Industrial CyberSecurity for Linux Nodes 1.5.

  Interaction between Kaspersky Industrial CyberSecurity for Networks and this application is facilitated by the software modules that are built into Kaspersky Industrial CyberSecurity for Linux Nodes.

All capabilities of integration mode are available when using Kaspersky Industrial CyberSecurity for Nodes version 4.0 with Kaspersky Endpoint Agent version 4.0. When using other versions of the specified software, the following functions of Kaspersky Industrial CyberSecurity for Networks cannot receive data from EPP applications:

• Retrieving threat development chain details for EDR incidents when using Kaspersky Industrial CyberSecurity for Linux Nodes.
• Management of response actions when using Kaspersky Industrial CyberSecurity for Linux Nodes.
• Patch management on devices when using Kaspersky Industrial CyberSecurity for Linux Nodes.

Integration with Kaspersky SD-WAN

Kaspersky Industrial CyberSecurity for Networks supports integration with Kaspersky SD-WAN version 2.2 or later.

See also: Overview of Kaspersky Industrial CyberSecurity for Networks functionality Application architecture

Page top