To ensure secure operation of Kaspersky MLAD at an enterprise, it is recommended to restrict and control access to equipment on which the application is running.
Physical security of equipment
When deploying Kaspersky MLAD, it is recommended to take the following measures to ensure secure operations:
Restrict access to the room housing the server with Kaspersky MLAD installed, and to the equipment of the dedicated network. Access to the room must be granted only to trusted persons, such as personnel who are authorized to install and configure the application.
Employ technical resources or a security service to monitor physical access to equipment on which the application is running.
Use security alarm equipment to monitor access to restricted rooms.
Conduct video surveillance in restricted rooms.
Information security
The ML model settings directly affect anomaly detection, so only system administrators and users in the Manage ML models group are allowed to edit these. The change history is available only in application logs, which are saved for only a limited amount of time.
When using the web interface, it is recommended to take the following measures to ensure the data security of the intranet system:
Provide users with access to the application through the web interface only.
Install certificates to users' computers for authorization of the Kaspersky MLAD server with their browser. To use a trusted certificate, you need to contact a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.
Ensure protection of traffic within the intranet system.
Ensure protection of connections to external networks.
Use a secure TLS connection for data transfer.
Change the name and password of the first application user with the system administrator role when installing the application.
Change the account password when it expires. The password expiration date is defined in the application security settings. The default password expiration is set to 180 days.
For connections through the web interface, use passwords that meet the following requirements:
Must not match previously used account passwords. The specific number of most recently used passwords that must not be reused is defined when configuring the application security settings. The password must be different from the five previous passwords by default.
Must contain at least 8 characters.
Must contain one or more uppercase letters of the English alphabet.
Must contain one or more lowercase letters of the English alphabet.
Must contain one or more numerals.
Must contain one or more of the following special characters: _!@#$%^&*.
Ensure that passwords are confidential and unique. If the password has been possibly compromised, change the password.
While working with Kaspersky MLAD, it is recommended to take the following measures to ensure data security:
Configure the operating system and provide the necessary access to files of the server where Kaspersky MLAD is installed in accordance with the Recommendations on secure configuration of Linux operating systems issued by the Federal Service for Technical and Export Control (FSTEC) of Russia.
Perform periodic data backups of the server that has Kaspersky MLAD installed in accordance with the internal company procedure.
Periodically test the performance of the interface and services of the application. Special attention should be directed to the notification service and logging system.
Check communication channels to make sure they are secure and working properly.
Periodically test the performance of the server:
SMART disk check
Availability of sufficient free space and memory
RAM utilization
Use the monitoring system to make sure that there are no problems with the server protocols.
Store sensitive data in a secure storage location.