Kaspersky Anti Targeted Attack Platform
5.0
English

Contents

[Topic 196994]

Preparing the IT infrastructure for program components installation

Before installing the program, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:

  1. Ensure that the servers, the computer intended for working with the program web interface, and the computers to be installed with Kaspersky Endpoint Agent all satisfy the hardware and software requirements.
  2. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sandbox component:
    1. For both network interfaces, block access of the server hosting the Sandbox component to the corporate LAN in order to keep the network safe from the objects being analyzed.
    2. For the first network interface, allow Internet access for the server hosting the Sandbox component for the purpose of analysis of the behavior of objects.
    3. For the second network interface, allow inbound connections to the following ports for the server hosting the Sandbox component:
      • TCP 22 for connection to the server over the SSH protocol.
      • TCP 443 for receiving objects to scan from the Central Node component.
      • TCP 8443 for using the program web interface.
  3. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Central Node component:
    1. Allow inbound connections to the server hosting the Central Node component on the following ports:
      • TCP 22 for connection to the server via SSH.
      • TCP 443 for receiving data from computers with Kaspersky Endpoint Agent.
      • TCP 8443 for viewing scan results in the program web interface.
    2. Allow outbound connections to the following ports for the server hosting the Central Node component:
      • TCP 80, 443 and 1443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 443 for sending objects to the Sandbox component so that they can be scanned.
      • TCP 601 for sending messages to a SIEM system.
  4. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sensor component:
    1. For the network interface used for integration with a proxy server and mail server, allow inbound connections to the following ports for the server hosting the Sensor component:
      • TCP 22 for connection to the server via SSH.
      • TCP 1344 for receiving traffic from a proxy server.
      • TCP 25 for receiving SMTP traffic from a mail server.
      • TCP 443 when forwarding traffic from Kaspersky Endpoint Agent computers to the server with the Central Node component.
    2. Allow outbound connections to the following ports for the server hosting the Sensor component:
      • TCP 80 and 443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 995 (or TCP 110 for unprotected connections) for integration with a mail server.

      If you install an additional network interface that receives only mirrored traffic in a VMware ESXi virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.

  5. On network equipment, allow an encrypted communication channel between servers that have the Central Node and Sensor components.

    The connection between servers that have the Central Node and Sensor components is established within the encrypted communication channel based on IPSec using the ESP protocol.

  6. If you are using the distributed solution and multitenancy mode, prepare the corporate IT infrastructure for installation of the Central Node components as follows:
    1. Allow inbound connection to port 8443 for the server with the PCN role.
    2. On network equipment, allow the establishment of an encrypted communication channel between servers that have the Central Node and Sensor components.

      The connection between servers that have the PCN and SCN role is established within the encrypted communication channel based on IPSec using the ESP protocol.

If needed, you can designate other ports for the program's components to use in the administrator menu of the server with the Central Node component. If you change the ports in the administrator menu, you need to allow connections to these ports in your corporate IT infrastructure.

See also

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

Preparing the virtual machine for installing the Sandbox component
Page top
[Topic 196995]

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

If you are using a Microsoft Exchange mail server as your mail server and an email sender configured a request for read receipt notification, you must disable read receipt notifications. Otherwise, read receipt notifications will be sent from the email address that you have configured as the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform. You must also disable automatic processing of meeting requests to prevent filling of the mailbox used for receiving messages of Kaspersky Anti Targeted Attack Platform.

To disable sending read receipt notifications from the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform:

  1. On the Microsoft Exchange server, check whether or not notifications are enabled. To do so, execute the command:

    Get-MailboxMessageConfiguration -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> | fl

  2. If notifications are enabled, run the following command:

    Set-MailboxMessageConfiguration -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> -ReadReceiptResponse NeverSend

This will disable read receipt notifications from the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform.

To disable automatic processing of meeting requests:

  1. On the Microsoft Exchange server, check whether or not notifications are enabled. To do so, execute the command:

    Get-CalendarProcessing -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> | fl

  2. If automatic processing of meeting requests is enabled, run the following command:

    Set-CalendarProcessing -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> -AutomateProcessing:None

Automatic processing of meeting requests will be disabled.

See also

Preparing the IT infrastructure for program components installation

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

Preparing the virtual machine for installing the Sandbox component
Page top
[Topic 196996]

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

To prepare your corporate IT infrastructure for Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol:

  1. On the external mail server, configure rules for forwarding copies of the messages that you want to send for scanning by Kaspersky Anti Targeted Attack Platform to the addresses specified in Kaspersky Anti Targeted Attack Platform.
  2. Specify the route for forwarding email messages to the server with the Sensor component.

    It is recommended to specify a static route – IP address of the server with the Sensor component.

  3. In the firewall of your organization, allow inbound connections to port 25 of the server with the Sensor component from mail servers that are forwarding copies of email messages.

You can also improve the security of Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol.

To improve the security of Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol.

  1. Configure authentication of the Kaspersky Anti Targeted Attack Platform server on the side of the mail servers forwarding email messages for Kaspersky Anti Targeted Attack Platform.
  2. Configure mandatory encryption of traffic on mail servers that are forwarding email messages for Kaspersky Anti Targeted Attack Platform.
  3. Configure authentication of mail servers forwarding email messages for Kaspersky Anti Targeted Attack Platform on the Kaspersky Anti Targeted Attack Platform side.

See also

Preparing the IT infrastructure for program components installation

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

Preparing the virtual machine for installing the Sandbox component
Page top
[Topic 196997]

Preparing the virtual machine for installing the Sandbox component

To prepare the virtual machine for installing the Sandbox component:

  1. Run the VMware ESXi hypervisor.
  2. Open the virtual machine management console.
  3. In the context menu of the virtual machine on which you want to install the Sandbox component, choose Edit Settings.

    This opens the virtual machine properties window.

  4. On the Virtual Hardware tab, expand the CPU settings group and select the Expose hardware-assisted virtualization to guest OS check box.
  5. On the VM Options tab in the Latency Sensitivity drop-down list, select High.
  6. Click OK.

The virtual machine is ready for installing the Sandbox component.

See also

Preparing the IT infrastructure for program components installation

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP
Page top
[Topic 196998]