Scenario: Fixing third-party software vulnerabilities in an isolated network

You can install updates and fix vulnerabilities of the third-party software installed on managed devices in an isolated network. Such networks include Administration Servers and managed devices connected to them that have no internet access. To fix vulnerabilities in this kind of network, you need an Administration Server connected to the internet. By using the Administration Server with internet access, you will be able to download patches (required updates) and then transmit them to isolated Administration Servers.

You can download the third-party software updates issued by software vendors, but you cannot download updates for Microsoft software on isolated Administration Servers by using Kaspersky Security Center.

For more details about the process of fixing vulnerabilities in an isolated network, see the description and scheme of this process.

Prerequisites

Before you start, do the following:

1. Allocate one device for connecting to the internet and downloading patches. This device will be considered the Administration Server with internet access.
2. Install Kaspersky Security Center Linux, no earlier than version 15.1, on the following devices:
   • Allocated device, which will act as the Administration Server with internet access
   • Isolated devices, which will act as the Administration Servers isolated from the internet (hereinafter referred to as isolated Administration Servers)
3. Make sure that every Administration Server has enough disk space for downloading and storing updates and patches.

Stages

Installing updates and fixing third-party software vulnerabilities on the managed devices of isolated Administration Servers consists of the following stages:

1. Configuring the Administration Server with internet access

   Prepare your Administration Server with internet access to handle requests for required third-party software updates and to download patches.

2. Configuring isolated Administration Servers

   Prepare your isolated Administration Servers so they can regularly form lists of required updates and handle patches downloaded by the Administration Server with internet access. After configuring, isolated Administration Servers do not try to download patches from the internet anymore. Instead, they get updates through patches.

3. Transmitting patches and installing updates on isolated Administration Servers

   After you finish configuring Administration Servers, you can transmit the required update lists and patches from the Administration Server with internet access to isolated Administration Servers. Next, updates from patches will be installed on managed devices by using the Install required updates and fix vulnerabilities task.

Results

Thus, the third-party software updates are transmitted to isolated Administration Servers and installed on connected managed devices by using Kaspersky Security Center Linux. It is enough to configure Administration Servers once, and after that, you can get updates as often as you need, for example, once or several times per day.