Kaspersky Anti Targeted Attack Platform
5.0
English

Contents

[Topic 161840]

Configuring DNS settings

To configure DNS:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Host name field, enter the name of the server on which you are installing the Sandbox component in FQDN format (for example, sandbox).
  3. To the right of the DNS servers parameter name, click the Add button.

    This will add an empty field for the DNS server IP address input.

  4. Enter the IP address of the primary DNS server in IPv4 format.
  5. Click the Apt_icon_sensors_OK button to the right of the entry field.

    The DNS server will be added.

  6. If you want to add an additional DNS server, repeat steps 2-5.
  7. If you want to remove a previously added DNS server, click the Sandbox_dns_delete button to the right of the line containing the DNS server IP address.

    You can only remove additional DNS servers. You cannot remove the primary DNS server. If you added 2 and more DNS servers, you can remove any of them, and the remaining DNS server will be used as the primary server.

Page top
[Topic 138366]

Configuring settings of the management network interface

A management network interface is intended for providing access to the server with the Sandbox component via the SSH protocol, and the Sandbox component will also receive objects from the Central Node component via this interface.

You can configure a management network interface during installation of the Sandbox component.

You can also configure a management network interface from the Sandbox web interface.

To configure a management network interface from the Sandbox web interface:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Management interface settings group from the Interface drop-down list, select a network interface, which you want to use as a management interface.
  3. In the IP field, enter the IP address that you want to assign to this network interface if no IP address is assigned.
  4. In the Mask field, enter the network mask in which you want to use this network interface.
  5. Click Apply in the lower part of the window.
Page top
[Topic 161842]

Configuring settings of a network interface used for Internet access of processed objects

Objects processed by the Sandbox component may attempt activities on the Internet via the network interface used for Internet access of processed objects. The Sandbox component can analyze the behavior of these objects.

If you block Internet access, the Sandbox component cannot analyze the behavior of objects on the Internet, and will therefore only analyze the behavior of objects without Internet access.

The network interface used for Internet access of processed objects must be isolated from the local network of your organization.

If the security policy of your organization denies access to the Internet from computers of local network users, and you have configured the Sandbox network interface for Internet access of processed objects, there is a risk of the following scenario:

A hacker can attach a malicious program to a random file and initiate a Sandbox scan of this file from the computer of a local network user. This file will be taken over outside the local network through the network interface used for Internet access of processed objects in the course of scanning the file by the Sandbox component.

Unavailability of the Sandbox network interface for Internet access of processed objects eliminates any risk of such data transfer but compromises the quality of alerts.

To configure the network interface used for Internet access of processed objects:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Internet interface settings group from the Interface list, select a network interface that you want to use for Internet access of processed objects.

    The management network interface that you configured previously cannot be selected from this list of network interfaces.

  3. In the IP field, enter the IP address that you want to assign to this network interface.
  4. In the Mask field, enter the network mask in which you want to use this network interface.
  5. In the Default gateway field, enter the gateway address of the network in which you want to use this network interface.
  6. Click Apply in the lower part of the window.
Page top
[Topic 138297]

Adding, changing and removing static network routes

You can configure static network routes during installation of the Sandbox component.

You can also add, remove or change static network routes from the Sandbox web interface.

To add a static network route:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Static Routes settings group, click the Add button.

    A line with empty fields will be added in the list of static network routes.

  3. In the IP field, enter the IP address of the server for which you want to configure a static network route.
  4. In the Mask field, enter the subnet mask.
  5. In the Gateway field, enter the IP address of the gateway.
  6. From the Interface list, select a network interface for which you want to add a static network route.
  7. Click Apt_icon_sensors_OK.
  8. Click Apply in the lower part of the window.

To remove a static network route, proceed as follows:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Static Routes settings group in the line containing the static network route that you want to remove, click the Sandbox_dns_delete button.
  3. Click Apply in the lower part of the window.

To modify a static network route:

  1. Select the Network Interfaces section in the window of the Sandbox web interface.
  2. In the Static Routes settings group in the line containing the static network route that you want to change, click the Sandbox_static_route_edit button.

    The static network route line will become editable. You can change one or more parameters of a static network route.

  3. In the IP field, change the IP address of the server for which you want to configure a static network route.
  4. In the Mask field, change the subnet mask.
  5. In the Gateway field, change the IP address of the gateway.
  6. From the Interface list, select the network interface for which you are editing the network route.
  7. Click Apt_icon_sensors_OK.
  8. Click Apply in the lower part of the window.
Page top
[Topic 161859]