Kaspersky Embedded Systems Security 3.4 for Linux Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Configuring Device Control in the Administration Console

Configuring Device Control in the Administration Console

In the Administration Console, you can configure Device Control settings in the policy properties (Security Controls→ Device Control).

Device Control settings

Setting	Description
Enable Device Control	This check box enables or disables Device Control. The check box is selected by default.
Trusted devices	This group of settings contains the Configure button. Clicking this button opens the Trusted devices window. In this window, you can add a device to a list of trusted devices by the device ID or by selecting it from the list of devices detected on the client devices.
Device Control operating mode	Response to attempts to access a device that is restricted according to Device Control rules: Inform. If you select this option, Kaspersky Embedded Systems Security tests the selected access mode and generates an event about detection of an attempt to access a device. Block (default value). When this option is selected, Kaspersky Embedded Systems Security applies the access mode defined for the device or bus.
Device Control settings	This group of settings contains buttons that open windows where you can configure access mode for devices by type and connection buses.

Page top

Trusted devices window

The table contains a list of trusted devices. The table is empty by default.

Trusted device settings

Setting	Description
Device ID	ID of a trusted device.
Device name	Name of a trusted device.
Device type	Trusted device type (for example, Hard drive or Smart card reader).
Host name	Name of the client device the trusted device is connected to.
Comment	Comment related to a trusted device.

You can add a device to the list of trusted devices by ID or by mask or by selecting the required device in the list of devices detected on the user device.

You can edit and delete trusted devices in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

You can also import the list of devices from a file by clicking Advanced -> Import and export the list of added devices to a file in JSON format by clicking Advanced -> Export selected or Advanced -> Export all. When importing, you will be prompted to replace the list of trusted devices or add the devices to the existing list.

Page top

Trusted device window

In this window, you can add a device to the list of trusted devices by its identifier.

Adding device by ID

Setting	Description
Device ID	The field for entering the identifier or the identifier mask of the device that you want to add to the list of trusted devices. To specify an identifier, you can use the following wildcards: * (any sequence of characters) or ? (any single character). For example, you can specify the USBSTOR* mask to allow access to all USB drives.
Find on hosts	Clicking the button displays the devices found on the connected client devices using the specified ID or mask. The button is available if the Device ID field is not empty.
Devices found	The table contains the following columns: Device type – type of device found (for example, Hard drive or Smart card reader). Device ID – ID of the device found. Device name – name of the device found. Host name — name of the client device that the found device is connected to.
Comment	The field for entering a comment for the device that you want to add to the list of trusted devices (optional).

Page top

Device window on client devices

In this window you can add a device to the list of trusted devices by selecting it in the list of existing devices detected on client devices.

Information about existing devices is available only if there is an active policy and there has been synchronization with the Network Agent (performs within the limits specified in the Network Agent policy, 15 minutes by default). If you create a new policy and there are no other active ones, the list will be empty.

Adding device from list

Setting	Description
Host name	Field for entering the name or the name mask for the managed device for which you want to find connected devices. The default mask is * – all managed devices.
Device type	In this drop-down list, you can select the type of connected device to search for (for example, Hard drives or Smart card readers). The All devices option is selected by default.
Device ID	Field for entering the identifier or identifier mask for the device you want to find. The default mask is * – all devices.
Find on hosts	When you click this button, the application searches the device with the specified settings. The search results are displayed in the table below.

Page top

Device type window

In this window, you can configure access mode for various types of devices.

Access mode for device types

Setting	Description
Device type	Device type (for example, Hard drives, Printers).
Access mode	Device access mode. Right-clicking with the mouse opens a context menu where you can select one of the following options: Allow: allow access to devices of the selected type. Block: prohibit access to devices of the selected type. Depends on bus (default value): allow or block access to the devices depending on the access mode for a connection bus. By rule – allow or block access to devices, depending on the access rule and schedule.

Setting

Description

Device type

Device type (for example, Hard drives, Printers).

Access mode

Device access mode. Right-clicking with the mouse opens a context menu where you can select one of the following options:

Allow: allow access to devices of the selected type.
Block: prohibit access to devices of the selected type.
Depends on bus (default value): allow or block access to the devices depending on the access mode for a connection bus.
By rule – allow or block access to devices, depending on the access rule and schedule.

You can configure access rules and schedules in the Configure device access rule window, which opens when you double-click the device type.

Page top

Configure device access rule window

In this window, you can configure access rules and schedules for the selected device type.

This window is opened by double-clicking the device type in the Device type window.

Device access rules and schedules

Setting	Description
Users and/or user groups	The list contains users and groups for which you can configure access schedule. By default, the table contains the \Everyone item (all users). You can add, edit, and delete users or user groups.
Device access rules	This table contains access schedules for users and user groups. It consists of the following columns: Access schedule – names of existing access schedules. The check box next to the schedule indicates whether this schedule is used by the component. Access – access type for the schedule: Allow (grant access to devices of the selected type) or Block (deny access to devices of the selected type). You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives. By default, the table contains the Default access schedule, which provides all users with full access to devices (the \Everyone item is selected in the Users and/or user groups list) at any time if access via the connection bus is allowed for this type of device. You can add, edit, and delete access schedules for selected users. The Default schedule cannot be modified or removed. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table.

Setting

Description

Users and/or user groups

The list contains users and groups for which you can configure access schedule.

By default, the table contains the \Everyone item (all users).

You can add, edit, and delete users or user groups.

Device access rules

This table contains access schedules for users and user groups. It consists of the following columns:

Access schedule – names of existing access schedules. The check box next to the schedule indicates whether this schedule is used by the component.
Access – access type for the schedule: Allow (grant access to devices of the selected type) or Block (deny access to devices of the selected type).

You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives. By default, the table contains the Default access schedule, which provides all users with full access to devices (the \Everyone item is selected in the Users and/or user groups list) at any time if access via the connection bus is allowed for this type of device.

You can add, edit, and delete access schedules for selected users. The Default schedule cannot be modified or removed.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

User or group window

In this window, you can specify a user or group of users to which the device access rule applies.

Configure device access rule

Setting	Description
Type	The User or Group to which the Application Control rule applies.
User or group name	Name of a local or domain user (without specifying the full name with the domain, if the system allows entering user names in this format, or in the <`domain name`>\<`user name`> or <`user name`>@<`domain name`>) format, or the name of a group of users to which the rule applies.

Page top

Access schedule window

In this window, you can configure the device access schedule.

Schedule for access to devices

Setting	Description
Name	Entry field for the access schedule name.
Time intervals	The table where you can select time intervals for the schedule (days and hours). Intervals highlighted in green are included to the schedule. To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray. By default, all intervals (24/7) are included to the schedule.

Setting

Description

Name

Entry field for the access schedule name.

Time intervals

The table where you can select time intervals for the schedule (days and hours).

Intervals highlighted in green are included to the schedule.

To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray.

By default, all intervals (24/7) are included to the schedule.

Page top

Connection buses window

In this window, you can configure access mode for connection buses.

Access mode for connection buses

Setting	Description
Connection bus	Connection bus used by devices to connect to the client device: FireWire USB
Access mode	Connection bus access mode. Right-clicking opens a context menu where you can select one of the following options: Allow (default): provide access to devices connected through this bus. Block: deny access to devices connected using this connection bus.

Setting

Description

Connection bus

Connection bus used by devices to connect to the client device:

FireWire
USB

Access mode

Connection bus access mode. Right-clicking opens a context menu where you can select one of the following options:

Allow (default): provide access to devices connected through this bus.
Block: deny access to devices connected using this connection bus.

Page top

Contents

Configuring Device Control in the Administration Console

Trusted devices window

Trusted device window

Device window on client devices

Device type window

Configure device access rule window

User or group window

Access schedule window

Connection buses window