Managing protection of Administration Server
Selecting an Administration Server protection software
Depending on the type of the Administration Server deployment and the general protection strategy, select the application to protect the Administration Server device.
If you deploy Administration Server on a dedicated device, we recommend selecting the Kaspersky Endpoint Security application to protect the Administration Server device. This allows applying all available technologies to protect the Administration Server device, including behavioral analysis modules.
If Administration Server is installed on a device that exists in the infrastructure and has previously been used for other tasks, we recommend considering the following protection software:
- Kaspersky Industrial CyberSecurity for Nodes. We recommend installing this application on devices that are included in an industrial network. Kaspersky Industrial CyberSecurity for Nodes is an application that has certificates of compatibility with various manufacturers of industrial software.
- Recommended security solutions. If Administration Server is installed on a device with other software, we recommend taking into account the recommendations from that software vendor on the compatibility of security solutions (there may already be recommendations for selecting a security solution, and you may need to configure the trusted zone).
Creating a separate security policy for the protection application
We recommend that you create a separate security policy for the application that protects the Administration Server device. This policy must be different from the security policy for client devices. This allows specifying the most appropriate security settings for Administration Server, without affecting the protection level of other devices.
We recommend dividing devices into groups, and then placing the Administration Server device into a separate group for which you can create a special security policy.
Protection modules
If there are no special recommendations from the vendor of the third-party software installed on the same device as Administration Server, we recommend activating and configuring all available protection modules (after checking the operation of these protection modules for a certain time).
Configuring the firewall of the Administration Server device
On the Administration Server device, we recommend configuring the firewall to restrict the number of devices from which administrators can connect to Administration Server through Administration Console or Kaspersky Security Center Web Console.
By default, Administration Server uses port 13291 to receive connections from Administration Console and port 13299 to receive connections from Kaspersky Security Center Web Console. We recommend restricting the number of devices from which Administration Server can be managed by using these ports.
Prohibition of launching the control panel
If you install Administration Server on a device running Microsoft Windows and use the protection application with the Application Launch Control module, you can prohibit the launch of the control panel (control.exe) for unprivileged users, for example, the Administrators group.
After creating the specified prohibiting control rules of the application launch, users with the privileges of the pre-defined Administrator role lose the ability to control other network accounts, including changing their logins and passwords.