Kaspersky Embedded Systems Security 3.4 for Linux Help

Kaspersky Embedded Systems Security for Linux

Print Support Send link

Configuring Device Control in the Web Console

Configuring Device Control in the Web Console

In the Web Console, you can configure Device Control settings in the policy properties (Application settings → Security Controls→ Device Control)

Device Control settings

Setting	Description
Device Control enabled / disabled	This toggle button enables or disables Device Control. The check toggle button is switched on by default.
Configure trusted devices	Clicking this link opens the Trusted devices window. In this window, you can add devices to a list of trusted devices by ID or by selecting them from the list of devices detected on the client devices.
Device Control operating mode	Response to attempts to access a device that is restricted according to Device Control rules: Inform. If you select this option, Kaspersky Embedded Systems Security tests the selected access mode and generates an event about detection of an attempt to access a device. Block (default value). When this option is selected, Kaspersky Embedded Systems Security applies the access mode defined for the device or bus.
Configure access settings for device types	Clicking this link opens the Device types window. In this window, you can configure access to devices by type.
Configure access settings for connection buses	Clicking this link opens the Connection buses window. In this window, you can configure access settings for connection buses.

Page top

Trusted devices window

The table contains a list of trusted devices. The table is empty by default.

Trusted device settings

Setting	Description
Device ID	Trusted device ID.
Device name	Trusted device name.
Device type	Trusted device type (for example, Hard drive or Smart card reader).
Host name	Name of the client device the trusted device is connected to.
Comment	Comment related to a trusted device.

You can add a device to the list of trusted devices by the device ID or by selecting the required device in the list of devices detected on the user device.

You can edit and delete trusted devices in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

You can also import the list of devices from a file by clicking Import and export the list of added devices to a file in JSON format by clicking Export. When importing, you will be prompted to replace the list of trusted devices or add the devices to the existing list.

Page top

Trusted device (Device ID) window

In this window, you can add a device to the list of trusted devices by its identifier.

Adding device by ID

Setting	Description
Device ID	Entry field for a device ID or device ID mask. You can manually specify the device ID or copy the ID of the required device from the Devices detected on hosts list. To specify an identifier, you can use the following wildcards: * (any sequence of characters) or ? (any single character). For example, you can specify the USBSTOR* mask to allow access to all USB drives.
Comment	Entry field for a comment (optional). This field is available after you enter the device ID, and click the Next button.

Setting

Description

Device ID

Entry field for a device ID or device ID mask. You can manually specify the device ID or copy the ID of the required device from the Devices detected on hosts list.

To specify an identifier, you can use the following wildcards: * (any sequence of characters) or ? (any single character). For example, you can specify the USBSTOR* mask to allow access to all USB drives.

Comment

Entry field for a comment (optional). This field is available after you enter the device ID, and click the Next button.

Page top

Trusted device window (List of detected devices)

In this window you can add a device to the list of trusted devices by selecting it in the list of existing managed devices.

Information about existing devices is available only if an active policy exists and synchronization with the Network Agent has been completed (the synchronization interval is specified in the Network Agent policy properties; the default setting is 15 minutes). If you create a new policy and there are no other active ones, the list will be empty.

Adding device from list

Setting	Description
Device type	In this drop-down list, you can select type of devices to be displayed in the Devices detected on hosts table.
Device ID mask	Entry field for a device ID mask.
Comment	Entry field for a comment (optional). This field is available after you select the devices, and click the Next button.

Clicking the Filter button opens the window, where you can set up the filtering of displayed information about devices.

Page top

Device types window

In this window, you can configure access rules for various types of devices.

Access rules for device types

Setting	Description
Settings for access to data storage devices	The table contains the following columns: Type represents device types (for example, Hard drives, Printers). Access mode represents the access mode for this type of device. You can select one of the following access modes: Allow, to allow access to devices of this type. Block, to block access to devices of this type. Depends on bus (default value), to allow or block access to devices depending on the access mode for a bus used for connecting a device. By rule – allow or block access to devices, depending on the access rule and schedule. You can configure the access rule and its schedule by clicking the required device type.
Settings for access to other devices	The table contains the following columns: Type – type of device (for example, Input devices, Sound adapters). Access mode represents the access mode for this type of device. You can select one of the following access modes: Allow, to allow access to devices of this type. Block, to block access to devices of this type. The Block access mode cannot be selected for network adapters. Depends on bus (default value), to allow or block access to devices depending on the access mode for a bus used for connecting a device.

Setting

Description

Settings for access to data storage devices

The table contains the following columns:

Type represents device types (for example, Hard drives, Printers).
Access mode represents the access mode for this type of device. You can select one of the following access modes:
- Allow, to allow access to devices of this type.
- Block, to block access to devices of this type.
- Depends on bus (default value), to allow or block access to devices depending on the access mode for a bus used for connecting a device.
- By rule – allow or block access to devices, depending on the access rule and schedule. You can configure the access rule and its schedule by clicking the required device type.

Settings for access to other devices

The table contains the following columns:

Type – type of device (for example, Input devices, Sound adapters).
Access mode represents the access mode for this type of device. You can select one of the following access modes:
- Allow, to allow access to devices of this type.
- Block, to block access to devices of this type. The Block access mode cannot be selected for network adapters.
- Depends on bus (default value), to allow or block access to devices depending on the access mode for a bus used for connecting a device.

Page top

Device access settings window

In this window, you can configure the access mode and access rules for the selected type of device.

Device access settings

Setting	Description
Device access mode	Access mode for devices of the selected type: Allow: allow access to devices of the selected type. Block: prohibit access to devices of the selected type. Depends on bus (default value), to allow or block access to devices depending on the access rule for a bus used for connecting a device. By rule – allow or block access to devices, depending on the access rule and schedule.
Device access rules	The table contains a list of access rules and consists of the following columns: Access schedule – names of existing access schedules. Users and/or user groups – names of users or names of user groups, to which the access rule will apply. Access – access mode for the schedule: Allow (provides access to devices of the selected type). Block (prohibits access to devices of the selected type). Status – status of the access rule: Enabled – the rule is enabled; Application Control applies this rule when it runs. Disabled – the rule is disabled and is not used when Application Control is running. By default, the table contains the Default schedule access schedule, which provides all users with full access to devices (the \Everyone option is selected in the list of users and groups) at any time, if access by the connection bus is allowed for this type of device. You can add, edit, and delete access rules. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table.

Setting

Description

Device access mode

Access mode for devices of the selected type:

Allow: allow access to devices of the selected type.
Block: prohibit access to devices of the selected type.
Depends on bus (default value), to allow or block access to devices depending on the access rule for a bus used for connecting a device.
By rule – allow or block access to devices, depending on the access rule and schedule.

Device access rules

The table contains a list of access rules and consists of the following columns:

Access schedule – names of existing access schedules.
Users and/or user groups – names of users or names of user groups, to which the access rule will apply.
Access – access mode for the schedule:
- Allow (provides access to devices of the selected type).
- Block (prohibits access to devices of the selected type).
Status – status of the access rule:
- Enabled – the rule is enabled; Application Control applies this rule when it runs.
- Disabled – the rule is disabled and is not used when Application Control is running.

By default, the table contains the Default schedule access schedule, which provides all users with full access to devices (the \Everyone option is selected in the list of users and groups) at any time, if access by the connection bus is allowed for this type of device.

You can add, edit, and delete access rules.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

Page top

Device access rules window

In this window, you can configure the device access rule.

Device access rule

Setting	Description
Device access rule settings	Access mode for devices of the selected type: Allow (default value) – provide access to the devices of the selected type. Block: prohibit access to devices of the selected type.
Users and/or user groups	Name of the user or user group to which the rule applies. The default value is \All (all users). You can add, edit, and delete users or user groups. Clicking the Delete button removes the selected item from the table. This button is available if at least one item is selected in the table.
Status	Access rule status: Enabled – the rule is enabled; Application Control applies this rule when it runs. Disabled – the rule is disabled and is not used when Application Control is running.
Schedule for access to devices	Schedule for the specified users' access to devices. The default value is Default schedule. You can set a different schedule.

Page top

Select user or group window

In this window, you can specify a local or domain user or user group for which you want to configure an access rule.

Configuring an access rule

Setting	Description
Manually	If you select this option, in the field below, you need to enter the name of a local or domain user (without specifying the full name with the domain, if the system allows entering user names in this format, or in the <`domain name`>\<`user name`> or <`user name`>@<`domain name`>) format, or the name of a group of users to which the device access rule must apply.
List of users and groups	If this option is selected, in the search field you can enter search criteria for the name of the user or name of the user group, to which the device access control rule will apply, or you can select the name of the user group in the list below.

Page top

Schedules window

In this window, you can specify the schedule for the selected device access rule.

You can add, edit, and delete access schedule.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

You cannot delete the Default schedule.

Page top

Access schedule window

In this window, you can configure the device access schedule. You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives.

In the General settings → Application settings section, if the Block access to files during scans check box is cleared, then it is not possible to block access to devices using an access schedule.

Schedule for access to devices

Setting	Description
Name	Entry field for the access schedule name. The schedule name must be unique.
Time intervals	The table where you can select time intervals for the schedule (days and hours). Intervals highlighted in green are included to the schedule. To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray. By default, all intervals (24/7) are included to the schedule.

Setting

Description

Name

Entry field for the access schedule name. The schedule name must be unique.

Time intervals

The table where you can select time intervals for the schedule (days and hours).

Intervals highlighted in green are included to the schedule.

To exclude an interval from the schedule, click the corresponding cells. Intervals excluded from the schedule are highlighted in gray.

By default, all intervals (24/7) are included to the schedule.

Page top

Connection buses window

In this window, you can configure access mode for connection buses.

Access mode for connection buses

Setting	Description
Connection bus	Connection bus used by devices to connect to the client device: FireWire USB
Access mode	This toggle switch sets the access mode for devices that use this bus: Allow (default): provide access to devices connected through this bus. Block: deny access to devices connected using this connection bus.

Setting

Description

Connection bus

Connection bus used by devices to connect to the client device:

FireWire
USB

Access mode

This toggle switch sets the access mode for devices that use this bus:

Allow (default): provide access to devices connected through this bus.
Block: deny access to devices connected using this connection bus.

Page top

Contents

Configuring Device Control in the Web Console

Trusted devices window

Trusted device (Device ID) window

Trusted device window (List of detected devices)

Device types window

Device access settings window

Device access rules window

Select user or group window

Schedules window

Access schedule window

Connection buses window