Security recommendations for Kaspersky Industrial CyberSecurity for Networks

To ensure secure operation of the application at an enterprise after installation of Kaspersky Industrial CyberSecurity for Networks, it is recommended to reinforce the security of computers on which the Kaspersky Industrial CyberSecurity for Networks Server and sensors are installed. The required level of security ensuring safe operation of the application must be supported by the operating system and its protection tools. To maintain security of the application, it is recommended to regularly install updates for application modules and databases of Kaspersky Industrial CyberSecurity for Networks and security updates for the operating system.

It is recommended to restrict physical access to equipment on which the application is running to prevent the following potential impact:

• Unauthorized shutdown of equipment (or disconnection from the network)
• Connection of tools that can intercept transmitted data
• Theft of hard drives containing data
• Use of other equipment to destroy or replace data on hard drives

When deploying Kaspersky Industrial CyberSecurity for Networks, you are advised to do the following:

• Restrict remote and local access to computers that have components of Kaspersky Industrial CyberSecurity for Networks installed.

  After each use of a script for centralized installation of application components (including for centralized removal or to reinforce computer security) you must block access to computers over the SSH protocol for security purposes. You can block access by using the following command in the operating system console: sudo systemctl disable --now sshd. To restore access over the SSH protocol (if you need to reuse a script for centralized installation of application components), you can use the command: sudo systemctl enable --now sshd.

• Regularly check and update password policies for active user accounts in operating systems on computers that have application components installed. Password policies must comply with the recommendations on ensuring the required level of security of the operating system.
• Ensure that the application interfaces can be accessed only by personnel who are authorized to install and configure the application, and by users (operators) who use the application to perform standard tasks.
• Use equipment or a security service to control physical access to the equipment running the application and to the utilized network equipment.
• Use video surveillance and alarm systems to monitor restricted rooms.

We recommend digital certificates issued by trusted certification authorities for secure data transmission within an intranet system. Additionally, to maintain the application's certified status, we recommend using certified or officially approved cryptographic protection tools for enhanced protection of the following network connections:

• Between the machines with the application components (Server and sensors) installed
• To application components via the web interface
• By third-party systems to Kaspersky Industrial CyberSecurity for Networks via special software modules (connectors)
• From a dedicated Kaspersky Industrial CyberSecurity network to external networks

We recommend the following security controls when using application management tools:

• Use account credentials that meet the requirements for user names and passwords of application user accounts.
• Ensure that passwords are confidential and unique.

  If there is a risk that the password was compromised, the application user must promptly change their password.

• Customized time synchronization on the Kaspersky Industrial CyberSecurity for Networks nodes.
• Terminate the web interface connection session before closing your browser.

  To force termination of a connection session, select Log out in the user menu.

Page top