Connection safety
Usage of TLS
We recommend prohibiting insecure connections to Administration Server. For example, you can prohibit connections that use HTTP in the Administration Server settings.
Please note that by default, several HTTP ports of Administration Server are closed. The remaining port is used for the Administration Server Web Server (8060). This port can be limited by the firewall settings of the Administration Server device.
Strict TLS settings
We recommend using TLS protocol version 1.2 and later, and restricting or prohibiting insecure encryption algorithms.
You can configure encryption protocols (TLS) used by Administration Server. Please note that at the time of the release of a version of Administration Server, the encryption protocol settings are configured by default to ensure secure data transfer.
Restricting access to the Administration Server database
We recommend restricting access to the Administration Server database. For example, grant access only from the Administration Server device. This reduces the likelihood of the Administration Server database being compromised due to known vulnerabilities.
You can configure the parameters according to the operating instructions of the used database, as well as provide closed ports on firewalls.
Configuring an allowlist of IP addresses to connect to Administration Server
By default, users can log in to Kaspersky Security Center Linux from any device where Kaspersky Security Center Web Console is installed. You can configure Administration Server so that users can connect to it only from devices with allowed IP addresses.
