N2OS Configuration
The N2OS Configuration - Reference Guide.
- Features
- Edit sensor configuration
- Basic rules
- Garbage Collector
- Alerts
- Incidents
- Nodes
- Assets
- Links
- Variables
- Protocols
- Vulnerability assessment
- Smart Polling
- Discovery
- Monitored subnets
- Customize node identifier generation
- Decryption
  - Overview
    Nozomi Networks offers tools to decrypt network protocols and apply standard deep packet inspection (DPI) to the decrypted communication. Depending on the specific protocol, different constraints and configuration steps are applicable.
  - IEC 60870-5-7 / 62351-3/5
    - Overview
      IEC TC57 (POWER SYSTEMS management and associated information exchange) develops the standards 60870 and 62351. IEC 60870 part 5 (by WG3) describes systems used for telecontrol. IEC 62351 (by WG15) handles the security of TC 57 series.
    - Configuration
- Trace
- Time Machine
- Retention
- Bandwidth throttling
- Synchronization
- Slow updates
- Session hijacking
- Passwords
- Sandbox
- Miscellaneous

Configure IEC-62351-3

About this task

The following steps assume we're decoding the communication of a TLS server with the address 192.168.1.26.

Procedure

Upload the TLS server’s private key to /data/cfg. The file name must match the server's address. In our case, the file must be named 192.168.1.26.key.
Your key should be similar to the following:
In Guardian's Features Control Panel, enable link events; this provides visibility to the TLS decoded handshakes; for example:
Specify the key file's location by defining it in the CLI. To continue our example, we would use the following string:
```
conf.user configure probe protocol iec104s tls private_key 192.168.1.26 /data/cfg/192.168.1.26.key
```
Repeat these steps for each applicable TLS server key.
Run the following command in a shell console:
```
service n2osids stop
```