Scenario: Fixing third-party software vulnerabilities in an isolated network
You can install updates and fix vulnerabilities of the third-party software installed on managed devices in an isolated network. Such networks include Administration Servers and managed devices connected to them that have no internet access. To fix vulnerabilities in this kind of network, you need an Administration Server connected to the internet. Then, you will be able to download patches (required updates) by using the Administration Server with internet access, and then transmit the patches to isolated Administration Servers.
You can download the third-party software updates issued by software vendors, but you cannot download updates for Microsoft software on isolated Administration Servers by using Kaspersky Security Center.
To find out how the process of fixing vulnerabilities in an isolated network works, see the description and scheme of this process.
Prerequisites
Before you start, do the following:
- Allocate one device for connecting to the internet and downloading patches. This device will be counted as the Administration Server with internet access.
- Install Kaspersky Security Center, no earlier than version 14, on the following devices:
- Allocated device, which will act as the Administration Server with internet access
- Isolated devices, which will act as the Administration Servers isolated from the internet (hereinafter referred to as isolated Administration Servers)
- Make sure that every Administration Server has enough disk space for downloading and storing updates and patches.
Stages
Installing updates and fixing third-party software vulnerabilities on managed devices of isolated Administration Servers has the following stages:
- Configuring the Administration Server with internet access
Prepare your Administration Server with internet access to handle requests on required third-party software updates and to download patches.
- Configuring isolated Administration Servers
Prepare your isolated Administration Servers so they can regularly form lists of required updates and handle patches downloaded by the Administration Server with internet access. After configuring, isolated Administration Servers do not try to download patches from the internet anymore. Instead, they get updates through patches.
- Transmitting patches and installing updates on isolated Administration Servers
After you finished configuring Administration Servers, you can transmit the required updates lists and patches between the Administration Server with internet access and isolated Administration Servers. Next, updates from patches will be installed on managed devices by using the Install required updates and fix vulnerabilities task.
Results
Thus, the third-party software updates are transmitted to isolated Administration Servers and installed on connected managed devices by using Kaspersky Security Center. It is enough to configure Administration Servers once, and after that you can get updates as often as you need, for example, once or several times per day.