Ideco UTM

The main articles are:

• Firewall
• VPN and privacy (anonymity)

2024

Ideco UTM 16.4

An updated version of Ideco-certified FSTEC firewall UTM 16.4, offers improved functionality and increased security to manage information security the company. The developer announced this on February 26, 2024. Read more here.

In this release, important changes are the implementation of Zone Based Firewall for managing zones in firewall rules, IPSec and client VPN connections, as well as the ability to authorize terminal server users on a proxy server. There is integration with Astra ALD Pro, which includes user authorization, and protection against DDoS attacks for published web resources in the reverse proxy server.

The release also added a web access log in traffic reports, improved the configuration of VPN authorization of users with 2FA support, added the ability to issue an arbitrary gateway via DHCP and configure routes for IPSec connections, as well as the configuration of a BGP neighborhood in IPSec connections. Much attention is paid to maximizing the use of disk space for optimal system operation.

The intrusion prevention system module has been updated to address critical vulnerabilities (CVE-2024-23839, CVE-2024-23836, CVE-2024-23837). Fixed memory leakage in the WAF module under high load, which helps improve system stability. The rules of protection against brute force - VPNservers were strengthened. These updates will improve the security and efficiency of the Ideco UTM 16.4 system, providing information protection a variety of threats and attacks.

The following changes and corrections have been made to the current system:

• Removed the ability to create IPSec connections between the "branch office and the home office." Now all connections are made through devices, and settings from older versions will be transferred automatically when updated.
• The Monitoring - VPN Users section has been removed. Information about VPN users can now be viewed in the Monitoring - Authorized Users section, including the use of a quick filter.
• The system is now updated much faster.
• The ability to use the "IP Address List" object in exceptions and routes of external networks has been added.
• files content File extensions ON (xodt, My office xods, xodp, xott, xots) have been added to the filter category.

Ideco UTM 15.7

Ideco January 18, 2024 released an updated release of the certified FSTEC RUSSIAN FEDERATION version of Ideco UTM 15.7. This release is a step forward information security in the field and offers improved features and capabilities for public sector, companies dealing with privacy from a variety information of internal and external threats.

Among the features of UTM 15.7, 6.1-based updates kernels Linux are designed to improve system performance and security. To provide an additional layer of protection, the system allows you to use an extended database of intrusion prevention rules from. In Kaspersky Lab order to improve the performance and stability of published web resources, the ability to balance traffic by several servers using a reverse proxy server is available. For efficient work with multimedia data , the system supports the passage of multicast traffic using IGMP Proxy, and to simplify the management of user data, the system allows you to enter the domain ALD Pro to be integrated and with domestic OS and domains created on the basis of Samba DC (including). BaseALT Linux

WCCP L2/L3 support is now used to filter redirected web traffic, as well as integration with the Multifactor service to use multifactor authentication when connecting via VPN. Updated L7 filtering module - added new protocols to Application Control: ADS_Analytic (advertising trackers), AdultContent (porn content distribution services), SRTP, improved application definition to improve system control and security.

Other changes include:

• Traffic processing of DPI modules was optimized in multi-core configurations, which led to an increase in system efficiency and performance;
• Syslog logs and settings have been moved to the Reports and Logs section, which will improve the availability and usability of this information.
• In the main dashboard, the number of sessions in the top5 widget was added, which will allow users to quickly assess the current activity and workload of the system;
• The intrusion prevention module has been updated to provide better protection against potential threats and improve overall system security.

{{quote "We are confident that Ideco UTM 15.7 will be a reliable protection of information systems and will help prevent many potential threats. Among the features of Ideco UTM 15.7 are an improved monitoring and analytics system, advanced access control functions, increased speed and reliability. This version is enhanced protection against data leaks, "said Dmitry Khomutov, director of Ideco. }}

2023

UTM 15.0 based on Linux 6.1.18

Ideco on September 1, 2023 announced the release of the updated release of the UTM 15.0 firewall. Ideco UTM is a domestic software solution for protecting the network perimeter, controlling and filtering traffic in corporate and private networks. The developers not only created additional opportunities to distinguish between network access and the protection of company data scanning by unauthorized employees, but also made changes for faster screen operation, based on the development of technologies and user feedback.

Among the features of UTM 15.0 that have appeared:

• updated platform based on kernels Linux 6.1.18;
• the ability to use the expanded database of intrusion prevention rules from Kaspersky Lab (requires additional licensing);
• balancing traffic to multiple servers by a reverse proxy server;
• IGMP Proxy;
• Login to the ALD Pro domain
• Integration with Samba DC (including BaseALT Linux)
• Audit of administrator actions
• WCCP L2/L3;
• Integration with the Multifactor service for 2FA
• Interception of NTP requests to external servers (in NTP server settings)
• uploading reports from the "Traffic" section in csv format;
• The following protocols have been added to Application Control: ADS_Analytic (advertising trackers), AdultContent (porn content distribution services), SRTP. Improved application definition.

The developers also added more sessions to this version of the firewall in the top5 widget in the main dashboard, removed the "old" VPN_agent and authorization agent, accelerated traffic processing by DPI modules in multi-core configurations several times, and updated the intrusion prevention system module.

{{quote "Every year we are improving the Ideco UTM firewall, keeping our hands on the pulse of technology development to protect against DDoS attacks on corporate and private networks. In the new version of UTM 15.0, we updated the platform based on the Linux kernel, expanded the databases of intrusion prevention rules, etc. Improving the functionality of the screen will allow you to prevent cyber attacks several times faster and qualitatively configure protection at all stages of the firewall, - said Dmitry Khomutov, director of Ideco. }}

Ideco UTM 14 FSTEC on Linux 5.18 platform

On March 28, 2023, Ideco announced the release of the FSTEC version of the Ideco UTM firewall.

Additional features of Ideco UTM 14 FSTEC:

• updated platform and components based on kernels Linux 5.18
• device authorization by MAC address (including IP + MAC authorization)
• dynamic OSPF, BGP routing
• reporting on web traffic, application traffic and security events (including report designer)
• it is possible to log firewall rule triggers, proxy server events and content filter triggers
• sending intrusion prevention logs by syslog
• LACP (link aggregation)
• Improved DHCP server capabilities
• view system logs in a web interface with the ability to filter data (Monitoring - Logs)
• DDNS (integration with nic.ru service)
• updated version of the application control module (improved protocol definition, additional protocols of VK and Yandex services)
• the certificate of the Ministry of Digital Development is added to entrusted
• Improved software platform performance
• numerous web interface enhancements (including dark theme and central dashboard).

With the departure Russia of NGFW solutions from Western enterprise vendors and increased regulation CUES , certified personal data protection versions of our solutions are in increasing demand. For large projects to import substitution , there are very high requirements for the functionality of the product. In 2022, our developers focused as much as possible on introducing the new capabilities that enterprise customers need. We are pleased to present a certified version, which focuses on the result of the annual work of our specialists and many functionality of interest to large customers - centralized management, advanced logging and reporting, dynamic routing, - said the director of Ideco. Dmitry Khomutov

Ideco UTM 14: NGFW from the new reality

The Russian company Ideco has released a new version of the firewall - the Ideco UTM 14 solution. The system immediately after connection protects the customer's network from attacks, monitors the operation of applications, provides fast GeoIP filtering, has a secure VPN and conducts anti-virus traffic scanning. At the same time, Ideco UTM 14 has a friendly interface and simple settings. Read more here.

Among the innovations of Ideco UTM 14:

• updated platform based on kernels Linux 5.18
• the ability to log the triggers of firewall rules
• LACP (Link Aggregation)
• ability to create GeoIP rules in a firewall
• reporting on events of the Web Application Firewall module
• Address List object and IP add an IP and network list from file
• optimized UI/UX of many modules

2022

Ideco UTM Network Protection "all inclusive"

The topic of information security and data protection today is extremely relevant for Russian companies and government organizations. Today we will talk about the Russian Ideco UTM system from Ideco. Read more here.

Ideco UTM 12.0 with updated Linux 5.15 kernel platform

The company Ideco"" released an updated release of the Ideco UTM 12.0 security gateway. This version is based on the latest platform that supports the most current technologies kernels Linux and modules used:, databases IPS, network stack and web interface.

Added Ideco UTM 12 features:

• Updated platform based on Linux 5.15 kernel;
• Improved performance of deep traffic analysis modules;
• Authorization of devices by MAC addresses;
• The ability to access certain external resources without authorization;
• Web interface for accessing settings; antispam Kaspersky
• Dynamic OSPF routing;
• Updated system reports;
• Ability to roll back to a previous version after updating;
• Filtering banner ads at the DNS level.

Domestic solutions, unfortunately, are still lagging behind the decisions of the leaders of the NGFW market. It is not the decision itself taken 'at the moment' that matters, but the pace of development of the decision. We strive to make the most end-user-friendly product possible and maintain the highest growth rate in the industry. The next release is scheduled for May 2022 - we expect even more changes in it., - said Dmitry Khomutov, Development Director of Ideco.

Ideco UTM FSTEC. Proven efficacy

At the end of 2021, an important stage in the development of the Ideco UTM universal security gateway was completed 一 the certification procedure was successfully passed in the certification system of the FSTEC of Russia and a certificate of conformity of the information security tool No. 4503 dated December 28, 2021 for a period of 5 years was issued. Read more here.

2021

Ideco UTM 10.0 on Linux kernel 5.11

On July 19, 2021, Ideco"" announced the release of the next release of the Ideco UTM 10.0 security gateway. This version is based on a platform that supports technologies kernels Linux and the modules used:,, databases IPS network stack and web interface.

Ideco UTM 10.0 Features:

• A platform based on the Linux 5.11 kernel.
• The ability to work with all security groups from the Active Directory domain as objects in traffic rules.
• Real-time traffic monitoring in terms of users and applications.
• User authorization reports (including VPN authorization) have been added to the Reports section, including the duration of authorization sessions.
• VPN agent for Windows (running over the WireGuard protocol).
• Routing settings are divided into routes for local networks and for external connections.
• A dashboard with general system and license information has been added to the web interface.
• Added events for notifications in Telegramboat-: update, servers authorization of administrators in the web interface.

{{quote 'author
= told Ideco Development Director Dmitry Khomutov.|"Thanks to the capabilities of the modern WireGuard protocol and our VPN agent, you can safely and quickly deploy access to thousands of remote employees, without overloading server equipment. In the next release in Ideco UTM (we are waiting for August 2021), it will be possible to work in a fault tolerance cluster, which will allow the product to fully solve the problems of enterprise-level customers, "-}}

Ideco UTM 9.0 on Linux kernel 5.9.13

Ideco On January 18, 2021, the company "" announced the release of the next release of the Ideco UTM 9.0 security gateway. This version is based on a platform that supports current technologies kernels Linux and the modules used:,, databases IPS network stack, web interface.

Ideco UTM 9.0 Features:

• A platform based on the Linux 5.9.13 kernel.
• Improved structural and faster web interface.
• Added administrator roles: servers Full and read-only.
• Traffic response counters have been added to the firewall.
• Mail relay with the ability to work as a full-fledged mail server, or filter mail for spam and viruses.
• Webmail for users.
• Antispam Kaspersky.

2020

Ideco UTM 8.0 Security Gateway Release.

Ideco On September 14, 2020, the company "" announced the release of the next release of the Ideco UTM 8.0 security gateway. This version is based on a platform that supports the latest technologies kernels Linux and the modules used:,, databases IPS network stack, web interface.

Ideco UTM 8.0 Features:

• an updated platform based on the Linux 5.4.17 kernel.
• Updated web administration interface.
• updated implementation of channel balancing and redundancy, with the ability to work with any number of network connections to providers.
• Routing to users and groups (not just IP addresses and networks)
• access terminal in the web interface (with the ability to perform network diagnostics with the commands ping, mtr, host, tcpdump, view logs, etc.).
• updated firewall rules are applied automatically, without the need to break established connections - to both current and new connections.

The latest platform and the technologies used made it possible to speed up traffic processing and make routing management even more convenient - the administrator can forget about IP addresses and create rules for users and groups, "said Dmitry Khomutov, Development Director of Ideco.

Ideco UTM Security Gateway Release 7.9.9 VPN edition

On April 20, 2020, Aydeko released the Ideco UTM 7.9.9 VPN edition security gateway release. This version will help system administrators ensure mass connection of remote users in a few clicks using the latest technologies.

Opportunities:

• IKEv2/IPSEC to connect users. Unlike PPP-based protocols, IKEv2 does not need to double encapsulate packets: it also loads processor servers clients less, and more useful information is transmitted in the packet, so the effective data rate will be higher.
• User's Web Office. The developers have simplified and automated the creation of user connections. Now it is enough to give users a link to the domain so that they connect to the company's server.
• Monitoring and statistics on VPN connections. In the Monitoring section, the VPN Users panel has been added, where you can see all users who are allowed VPN access from outside, as well as all active connections. Including the protocol by which the user connected, his name, external IP address and city via GeoIP. If necessary, you can disable the user by taking away access to VPN connections from outside.

Plus, the ability to reserve channels during site-to-site connections via IPSec was added, the stability of SSTP and PPTP at high load was improved, obtaining a certificate in Let's Encrypt for SSTP was added (now there will be no need to install the root UTM certificate on client computers).

In a massive transition to remote work IT-specialists face challenges. It is necessary to provide access to corporate resources to hundreds and thousands of "home" computers. In the release, we did everything to automate this work and ensure the security of the corporate network in the current environment, - said Dmitry Khomutov, Development Director of Ideco

Lotus OS Compatibility

LLC Ideco and LLC NSTREAM successfully tested the compatibility of their products - the Ideco UTM security gateway operating system Lotus and, accordingly. This was announced on January 20, 2020 by the NSTREAM company. Sharing these software products is possible state in the highest level of security information systems.

The Lotus operating system has revisions for servers, work and terminal stations, as well as information kiosks. The platform comes with a basic set of programs and services. It has a number of capabilities: support for group policies, both in the Active Directory domain and in its own implementation of the directory service - Lotos Directory; Native running of Win32 applications the presence of a graphical administration console; simple migration tools from legacy systems, support for popular CIPF and CIPF. The Lotus operating system is compatible with most government information systems.

As of January 20, 2020, one of the most important tasks is vertical and horizontal integration the Russian information systems. The wider and deeper integration is provided by domestic developers, the easier it is for the Customer to find a set of solutions that satisfies his needs as much as possible, the more freedom of choice he has, commented on the director of the company "NSTREAM " Alexey Kurenev

2019: Ideco UTM 7.9

On November 12, 2019, Ideco announced the release of the "Ideco UTM 7.9" security gateway. Network administrators have even more options for managing and analyzing user traffic.

Opportunities that have emerged:

• Firewall. With flexible rule management for dynamic objects - users, groups, networks, IP addresses, ports. Taking into account the validity time and other rule parameters.
• Manage the traffic of users who exceed the quota - you can allow or deny them resources, application protocols, or limit the speed of the Internet channel.
• SSL VPN (SSTP) для client-to-site VPN.
• Support for 4G USB modems (Huawei E8372 and others).
• Updated version of the application monitoring module. Added support for protocols: TikTok, WhatsApp Video, DNSoverHTTPS, DTLS (i.e. TLS over UDP), WireGuard VPN, Zoom.us.

And lots of other changes and improvements.

The modern UTM solution should have the most flexible capabilities for managing user traffic. The updated version of our product is another step towards the optimal combination of ease of configuration and maximum security of the network perimeter, told Dmitry Khomutov, Development Director of Ideco

2018

Ideco ICS 7.6

• Active Directory security log authorization has been introduced. If earlier the Kerberos authorization process was associated with the need to open a web browser or use authorization scripts, then starting from version 7.6, it became possible to completely transparent authorization for the user. It is enough to log into the system under your credentials, and Ideco ICS will instantly apply the necessary Internet access policies to the computer thanks to the analysis of authorization logs on the domain controller
• Guest add-ons for Hyper-V and VMware ESXi hypervisors data are integrated to dramatically improve performance and health monitoring in a virtual environment.
• Quota calculation is now carried out in megabytes, not in conventional units. Removed network settings in profile rules for calculating quotas.
• All packages used on the system (including the Linux kernel and the OpenSource components used) have been upgraded to the latest versions, including all security updates. The ClamAV antivirus has been updated to the new version, which can be used by owners of the commercial and free edition of Ideco ICS.
• The ability to restart services on a schedule has been removed.
• Removed the ability to block JavaScript with a content filter.
• Added the ability to edit computers when importing them from Active Directory.
• Cosmetic fixes in the web interface.
• Accelerated system boot.

Ideco ICS 7.4

• Added blocking of cryptomainer pools by intrusion prevention system. Due to the growing popularity of cryptocurrencies, the main malicious load of clients of botnet clients, Trojans and loaders is not ransomware, as it was recently, but cryptocurrency miners. Thus, attackers use infected computers for their own purposes, causing increased consumption of electricity and computing resources. A new rule group in Intrusion Prevention blocks cryptomainer pools and prevents them from running. In addition, attempts to connect to these pools are logged, and the administrator can investigate these incidents (in addition to virus activity, mining software can be installed by unscrupulous users). The Ideco ICS security gateway was the first Russian UTM solution to block malicious traffic of this kind.
• Integration with multiple Active Directory domains is enabled. From this release, the Ideco ICS Security Gateway supports integration with multiple Active Directory domains. It became possible to join several domains, import users (from an LDAP or security group) and authorize them. In addition, the import of even a large number of users is significantly accelerated (for example, 10,000 users will be imported in just 4 minutes).
• An integration module with SIEM has appeared. To be able to integrate with the SIEM systems used or other external log processing services, the Ideco ICS monitoring module has added the ability to send logs to a remote server using the syslog protocol. You can configure it in the "Monitor" - "Remote syslog server."
• Accelerated operation of the web traffic processing module by 30%. Thanks to the optimization of the content filter module, web traffic processing began to occur 30% faster. At the same time, traffic delays to users will be almost invisible. With a large amount of RAM, the proxy cache will be automatically increased for even faster access to web resources. For users using direct connections to a proxy server on Ideco ICS, its configuration will become even easier - now there is no need to manually open some ports for applications to access the Internet. By default, the proxy server will allow you to work on any port.
• All system packages in use have been upgraded to the latest version. All packages used on the system (including the Linux kernel and the OpenSource components used) have been upgraded to the latest versions, including all security updates. Also, the intrusion prevention system module has been updated to the latest version for more efficient and error-free deep traffic analysis. We remind you that the modern intrusion prevention signature base is supported only in Ideco ICS 7.2 and older.

2017

Ideco ICS 7.3

Improved Direct Proxy Mode

In cases of complex local networks, users can access the Internet through direct connections to a proxy server.

As many system administrators know, with such a connection, sometimes there are problems with the passage of traffic of some programs: client bank, other accounting and financial ON and other programs. Most often, errors occur due to attempts by programs to transmit traffic that does not meet HTTP the standards/on HTTPS the ports intended for them.

This version of Ideco ICS has solved these problems: such traffic will be able to freely pass through the proxy server. This is also useful for those who use proxies in transparent (standard for the Internet gateway) mode - resources in proxy server exceptions will have to be added much less.

At the same time, the performance of the proxy server has been increased: traffic filtering will begin to occur with even less delays and load on the server.

Safety

All packages used on the system (including the Linux kernel and SSL cryptography modules) have been updated to the latest versions with security patches enabled.

In addition, an updated version of the brute-force protection module (guessing passwords for services and DoS attacks) has been integrated, which has increased the performance of log analysis and increased system stability in the event of a large amount of attacking traffic.

Fixed the ability to create firewall rules with the "Log" action. Added the ability to view logs of these rules triggered directly in the web interface (in the Monitoring - Log section). This feature can help administrators investigate incidents and diagnose network problems.

Co-promotion with StaffCop Enterprise

Ideco and Atom Security have announced strategic cooperation in promoting their flagship products: Ideco ICS and StaffCop Enterprise. According to company representatives, combining the capabilities of the two products speeds up integration and saves the client time and money. You can read more about this here.

Ideco ICS 7.1

On August 2, Ideco introduced an updated version of the Ideco ICS security gateway. The company continues to optimize the product as a comprehensive UTM solution that provides multi-vector protection against Internet threats, and provides the administrator with every opportunity to control the network perimeter.

The changes affected the distribution kit and server functionality: the collection of information on the amount of HTTPS traffic by the web reporting system was optimized, the Linux kernel, the intrusion prevention system and the brute force attacks were updated.

This is a very important step in the development of our product. The application control module, which is responsible for deep traffic analysis, completes the construction of our solution as a modern product of the UTM and NGFW classes. Now Ideco ICS 7.1 provides ample opportunities to control traffic on the Internet gateway, "said Dmitry Khomutov, Development Director of Ideco.

Among the features of version 7.1:

• Application control (deep analysis of DPI traffic) - with the advent of a special module, the administrator can limit the use of torrents, browser Tor instant messengers and others ON by Deep Packet Inspection at the layer-7 level of the model. OSI
• Optimized mechanisms for filtering e-mail and countering spam and phishing - checking the SPF record of the mail domain when filtering by greylisting and prohibiting sending mail from the local network without authorization to Ideco ICS provide proper protection against vector attacks on e-mail.
• Automatically create users to quickly and easily deploy a server to your network infrastructure-When you attempt to access the Internet from administrator-defined networks, users in Ideco ICS will be created automatically, making it easier to add new devices.

Now setting up Ideco ICS is even easier - maximum network security is ensured by a variety of pre-installed rules and network protection features enabled by default, "added Mark Korenberg, head of development at Ideco.

Ideco ICS 7.0

On December 31, 2017, Ideco announced the release of release 7.0 of the Ideco ICS security gateway.

Ideco ICS Capabilities:

• upgraded system core and modules.
• automated creation of users.
• anti-virus traffic scanning: increased performance and reliability.
• Firewall - Improved the operation of domain name rules.
• Intrusion Prevention - You can turn off your favorite signatures.
• Mail Server - The webmail module has been updated and the server security has been enhanced.
• The traffic quota configuration has been redesigned.
• simplified web interface.

Ideco ICS 6.9

On January 26, 2017, Ideco announced the release of version 6.9 of the security gateway Ideco ICS.

This version overwrites all modules responsible for integrating Ideco ICS with Microsoft Active Directory:

• Logging on to the domain. Now, ordinary user rights are enough to join Ideco ICS to the domain.
• Importing users. Importing LDAP and Active Directory security groups has become much more convenient. In addition, a large number of users will be imported several times faster than before. This feature has been tested in domains with over 20,000 users.
• Transparent Single Sign-On authorization. The new version uses the secure Kerberos protocol for user authorization. Transparent user authorization is possible both when using Ideco ICS as the main gateway, and in a scheme with direct connections to a proxy server.

Many websites use various methods of protecting against certificate spoofing, perceiving it as a Man in the middle (MITM) attack: SSL Pinning, HSTS. Therefore, you have to add more and more new sites that switch to these technologies to the exclusion lists from HTTPS filtering. Some applications (Skype, Windows Update Service, client banks) may not use system certificates or accept third-party encryption keys .

To solve the problem of certificate substitution, this version of Ideco ICS, along with the existing ssl-bump method, introduced a method for filtering HTTPS sites based on Server Name Indication (SNI). At the same time, filtering of sites by categories occurs without replacing the certificate and related problems. The only limitation of the technology is that sites are filtered by category, based on information only about the domain (and not the full URL and content) and enter the web reporting system. At the same time, in most cases, filtering on the content filtering base we use remains relevant.

The SNI-based site filtering method is enabled by default in both new Ideco ICS installations and when upgrading to this version.

You can configure content filtering to block social networks, remote management programs (for example, TeamViewer), and other resources that could previously be difficult to block.

When combining multiple offices over IPsec VPN (site-to-site), it is possible to configure the routing of the required local networks if one or more offices have more than one local subnet.

As a result of the introduction of a preliminary spam filter into the Ideco ICS mail server (spam filter is enabled by default), the level of spam filtering and protection of the server from spambot connections and DoS attacks are increased. DNSBL-based spam filtering has been transferred to the same pre-filter to work more efficiently and reduce the load on the mail server with a large number of incoming messages.

With the strengthening of security settings and the SMTP traffic filtering system, the number of potential brute force attacks on the mail server will decrease by 70-80%, as tested on real mail servers.

Updated many packages used in the distribution (including the Linux kernel) to the latest versions with integrated security patches.

The mail server in Ideco ICS is further enhanced to improve security. Outdated insecure encryption protocols have been disabled to prevent a man-in-the-middle attack and listen to mail traffic. Fixed fetchmail configuration to receive more emails from external mailboxes.

Many changes and fixes have been made to the distribution and server functionality. Outdated options have been removed, the work of services critical to performance has been accelerated. Remote Assistance mode can now be enabled from the local server menu.

2016

Ideco ICS 6.7

On August 5, 2016, Ideco announced the release of version 6.7 of the Ideco ICS security gateway. According to the vendor's statement, the software is the first Russian UTM solution with a built-in web application firewall (WAF).

ICS 6.7 is a protective screen designed to protect web applications (sites, web portals, CRM and ERP systems with a web interface) from attacks. Unlike a regular firewall, WAF analyzes the HTTP protocol at the application level (layer 7) and is able to protect the site from a large number of threats.

The peculiarity of the implementation of a firewall of web applications in Ideco ICS is that in addition to signature analysis and content filtering of requests to the site, Ideco ICS performs preliminary filtering of incoming traffic at a lower level: it blocks calls from the updated database of IP addresses of IP Reputation attackers and from the TOR network. This helps to improve the performance of the solution, saving the modules of deep traffic analysis from analyzing deliberately illegitimate requests, counteracts attackers who scan and collect information about web applications.

Behavioral query analysis helps block attackers through the firewall, which increases the site's resistance to DoS attacks.

The work of the WAF module in the Ideco ICS security gateway makes it possible to improve the protection of servers and services of the corporate network. As part of the UTM solution, WAF is easy to configure and in the basic configuration is able to protect the site from 70-85% of illegitimate requests.

Ideco ICS 6.7 has upgraded the shader and QoS module. Now it is more convenient to manage bandwidth and traffic priorities for users, groups, networks and protocols.

Traffic shapers allow you to divide the channel between users and applications.

For the convenience of configuration, all control of traffic shapers is placed in a separate section (Server - Shapers).

You can restrict the channel width for both inbound and outbound traffic in both directions using the same rule.

You can flexibly configure shapers using "labels," which are aliases available for user settings. Labels can be a protocol configured by selecting ports and protocols, or users and user groups created in Ideco ICS.

Service priorities can also be set for tagged traffic. Higher priority traffic will pass with minimal delays, lower priority traffic will be queued.

Thus, it is possible to give priority in service to privileged groups of users (management, accounting, etc.) and protocols (for example, critical to packet delays, SIP or HTTP (S) traffic).

Version 6.7 enhances the spam filtering capabilities of the mail server and optimizes the server configuration.

• It became possible to sign outgoing messages with a DKIM signature.
• Blocking spam using DNS Blacklists.
• The configuration of incoming mail verification has been optimized, anti-spam protection has been strengthened, even with anti-spam modules turned off.
• Protection of the web interface of the mail server using the Web Application Firewall is activated.

Ideco ICS 6.6

• Central management console. For easy administration of the ICS server group, you can connect servers to the Central Management Console. In this way, the central office administrator can easily administer large (up to several hundred servers) groups of ICS servers. Central Management Console - a separate product installed on a virtual machine or server. Thus, access to the Central Management Console may be limited to central office administrators and is not transferred to third-party cloud services.
• Reverse Proxy Server. The reverse proxy server (reverse proxy), integrated into the product based on the nginx server, allows you to publish an unlimited number of internal web services for access to them via the Internet using HTTP and HTTPS protocols. Thus, you can protect and reduce the load (by caching) on the company's web server.

• View service logs in the web interface. Basic service logs required to diagnose network and other problems are now available in the web interface
• Speed up the server. Significantly (several times) accelerated user authorization (especially NTLM authorization) on the server. Ideco ICS can now authorize 2 minutes before 1000 users, which is relevant for large networks, and also allows you to minimize workstation downtime when the server reboots. Web traffic processing has also been significantly accelerated, the proxy server has been put into multithreaded mode, which allows it to work more efficiently on multi-core systems (with 4 or more cores or threads).
• Intrusion Prevention System. At the end of January, the Open Information Security Foundation presented the release of the 3rd version, intrusion detection and prevention systems Suricata which lasted more than two years. This version has significantly improved attack detection tools, as well as the scalability, performance, accuracy and reliability of the solution. In Ideco ICS 6.6, the intrusion prevention system module was updated to this version and tests showed a system performance increase of up to 300% when running on multi-core processors.
• Mail server. In the new version, the capabilities of the mail server for filtering mail have been significantly expanded, as well as its work with a large amount of incoming traffic has been accelerated. Greylisting mail filtering has been added. Added a common whitelist for all antispam services. Added shared task and event calendar to mail server web interface (iCalendar compatible)

2014

Ideco ICS 5.6

A new module has been added to allow:

• create secure connections between Ideco ICS servers using the IPSec protocol set. Each server can act as the main office and/or branch office;
• connect remote users by L2TP over IPSec + PSK. Users can be:
  • PCs and laptops running operating systems: Windows XP, 7, 8 and later; Mac OS X version 10.6.3 and later;
  • mobile devices (smartphones and tablets) running: Android version 2.3 and newer; iOS version 6.0 and later; Windows Phone version 8.1 and newer;
  • Any network equipment that supports over IPSec + PSK L2TP;

• Starts the memory check from the bootloader menu.
• DNS Server Module Redesigned

Updated services and their components to the current versions:

• DNS
• Local Web Server
• Proxy server
• RP-PPPoE, PPPD
• DHCPD
• Bash. ShellShock vulnerability closed

The main thing in this version: the gateway has the ability to create a VPN using the IPSec protocol. Moreover, this feature is available both for combining several offices (site to site) into a single network, and for remote connection of users (client to site), including when using mobile operating systems.

2013

Ideco ICS 5.3.0

New Linux kernel: numerous improvements and driver updates, increased security and stability. Please note: despite the fact that the version of the Linux kernel used is 2.6.32, all important changes, security updates and drivers from the latest Linux kernels are ported to it.

Ideco ICS integrates a new powerful antispam Kaspersky Security for Linux Mail Server. Its main features are:

• Increased spam protection and reduced false positives.
• Increased performance and responsiveness.
• Service for forced updating of anti-spam databases, which delivers current updates in real time directly from the Kaspersky Lab cloud database. By reducing the signature update period from 20 minutes to less than 1 minutes, this service helps protect companies from zero-hour spam and spam outbreaks.
• Cloud reputational filtering helps combat unknown spam by increasing detection and reducing false positives.

Major structural changes have been made that increase the reliability of all services and will speed up the introduction of the latest technologies into the software product.

Ideco ICS 5.2

On November 29, 2013, Ideco announced the release of a new version of the Ideco ICS 5.2 Internet Gateway.

The new version includes a completely redesigned web activity reporting module. The reports have become more informative and detailed. In addition, the reporting module now closely interacts with the built-in content filter.

The reporting module serves as an indispensable assistant for tracking and analyzing statistics of Internet activity both for an individual employee and for the entire company. This means that your company will permanently eliminate the problem of misuse of working hours by employees, as well as provide itself with highly reliable protection against network threats.

Integration with Content Filtering Module

Web activity reports are closely integrated with the Ideco Cloud Web Filter content filtering module, as well as with the standard content filter. All visited resources are determined according to content filter categories (500 million URLs, 141 categories). Both the resources that are accessed and the blocked resources are stored. In addition to the volume of traffic and the number of visits, the time of user activity on these resources is also analyzed.

By reviewing user activity reports, managers and administrators can make informed management decisions to improve employee productivity.

Directly from the reports, you can switch to access policy management. If necessary, it is possible to change access rights for users, departments or for the company as a whole.

Content filter blocks access to malicious and phishing resources. Blocked resource reports help you detect and resolve security risks in a timely manner.

Ideco ICS 5.1

In this version, the content filter has become even more efficient and more convenient. In addition to the standard filter, Ideco Cloud WebFilter was added, which includes 144 categories hosted in the "cloud" and updated in real time.

Significant improvements have also been made to the information leak protection system. This is a subsystem for intercepting instant messages sent over the ICQ protocol. In addition, new capabilities for fingerprinting confidential documents have been added.

In version 5.1, the Ideco ICS Internet Gateway includes two types of content filters:

• Standard - includes 19 daily updated categories.
• Advanced - The Ideco Cloud WebFilter module contains 141 categories that are updated in real time to maximize the effectiveness of the content filter.

Why do I need content filtering?

• Protection against malicious sites. Unlike antiviruses, which block only known viruses, the content filtering module protects users from a wider range of sites with dangerous content.
• Phishing Protection Phishing is a type of Internet fraud aimed at gaining access to confidential information, for example, an Internet bank password. In the structure of all phishing attacks, more than 34% falls on the financial sector, more than 32% on payment systems.
• Improving efficiency Social networks, dating sites, forums, online games are the main eaters of working hours and one of the reasons for the decrease in staff efficiency. The analytical agency IDC estimates that 30 to 40 percent of internet activity of office users is not related to work.
• Protecting the reputation of the company Employees visiting web resources from their work computer that host illegal, unethical or other dubious materials can lead to serious reputational and financial costs for the enterprise.
• The content filter demonstrates its effectiveness most clearly when using the Ideco Cloud WebFilter module and its extended categories.

Control of ICQ messages

• For enterprises whose information security policy requires control over employee correspondence using instant messaging systems, Ideco ICS 5.1 implemented an ICQ interception module.
• Both incoming and outgoing messages are intercepted. In addition, the ability to search by correspondence is implemented.

2012

Ideco ICS 5

• New Linux kernel and key services. This is one of the most important improvements that has significantly expanded the list of supported equipment.
• New version of Kaspersky Anti-Virus. Ideco ICS 5 integrates the latest version of Kaspersky Anti-Virus. Improved heuristic technologies, improved work with compressed and archived objects: about 4,000 different formats of compressors and archivers are supported.
• Updated, convenient web interface. Improving the interface by ensuring continuity is one of the most difficult tasks that was solved during the development of the "five." Not only has the design and controls been redesigned, but they have also partially worked on ergonomics, making controlling the gateway even easier and more convenient.
• Expanded support for systems. The virtualizations new Ideco ICS 5 Internet gateway has significantly expanded support for virtualization systems. Now Ideco ICS can be guaranteed to run in hypervisors such as VMWare,, and Citrix Microsoft Hyper-V many others.

2011

Ideco CryptoCom Hardware VPN Server

Ideco CryptoCom hardware VPN server is designed to encrypt confidential information in traffic flows. This solution is based on the MagPro crypto provider and supports GOST encryption algorithms. The main advantage of the new functionality is the ability to raise a VPN server on an additional internal network interface in a matter of minutes to install crypto tunels, create a set of necessary certificates in the Certification Center and distribute them to remote offices.

Load testing has shown that hardware resources allow for high throughput - up to 250 GB per day.

Ideco ICS 4.3

Of the innovations, first of all, it is worth noting the network intrusion prevention subsystem, the completely updated module for working with e-mail, as well as almost the most important novelty - the reporting module. What's new:

• Reporting for IT Manager
• IPS/IDS Snort network attack detector;
• Ideco CryptoCom server management interface
• RoundCube webmail;
• New Traffic Statistics Module.

The new version of the Internet gateway includes a reporting system for the IT manager, an IPS/IDS Snort network attack detector, an Ideco Cryptocom server management interface, RoundCube webmail, and a new traffic statistics module. The IT Manager Reporting System is a new tool that allows a specialist far from IT to generate reports on the network activity of individual users and groups. At the same time, it is possible to build statistics on the used network protocols, visited sites and the most active users, all within the framework of a convenient and visual graphical web interface.

The IPS/IDS Snort Network Attack Detector, integrated with Ideco ICS 4.3, will allow the system administrator to be the first to know about dangerous network activity. Moreover, the system is implemented in such a way that the administrator has the opportunity not only to detect threats, but also to break the corresponding sessions.

In turn, the management interface of Ideco Cryptocom servers and other traffic encryption devices provides the opportunity to raise a VPN server on an additional internal network interface in a matter of minutes to install cryptotunners, create a set of necessary certificates at the Certification Center and distribute them to remote offices. Support has also been added for devices based on one of the certified CIPF "MagProCryptoPacket," the main purpose of which is to protect network connections using GOST algorithms in accordance with the legislation of the Russian Federation.

The RoundCube webmail module has a simple and understandable interface, which allows you to replace email clients installed on personal computers with webmail within the corporate IT infrastructure. The main advantage of this approach is the availability of e-mail from anywhere in the world, as well as personal settings that work regardless of which computer an employee of the company enters his mailbox, stressed in "Ideco."

The new traffic statistics module adds the ability to make requests with a large number of selection criteria, both for the administrator and for the user. In addition, the data began to occupy 2.2 times less space compared to the old format.

Ideco ICS 4.1

Ideco ICS 4.1 beta for the first time on the Russian market at the level of a firewall and a gateway used DLP (data leak prevention) technology developed by Ideco specialists.

The DLP Internet and Mail Analysis module solves the tasks of detecting files and documents classified as confidential or confidential in outgoing data streams. If such incidents are detected, the transmission of the message (stream, session) is blocked, information about the incident is logged in the report, and a message is sent to the system administrator or security officer with information about the blocked violation of the privacy policy.

The technology of analyzing outgoing sessions is based on two algorithms for detecting confidential data: identifying the absolute similarity of documents and its own SmartID digital fingerprint technology using linguistic and semantic analysis techniques. The use of high-level analysis algorithms minimizes the risks of disclosing corporate or departmental data intended for business use, even when users modify the source confidential files before sending. Samples of confidential documents are analyzed once and subsequently not stored at the Internet gateway level. The result of the analysis of each document is a set of certain markers (fingerprints) stored in the Ideco ICS server database. The Ideco ICS DLP module supports all major office document formats, including the analysis of files packaged in archives.

The latest version of the Ideco ICS Internet Gateway has significantly improved the ability to synchronize with Active Directory. Interacting with the Windows Directory Service allows you to:

• Migrate an existing enterprise structure from Active Directory to Ideco ICS
• Use NTLM transparent authorization technology
• recursively synchronize any group of users from AD;
• and more.

Ideco ICS 4

Thanks to the new version, system administrators responsible for efficient use of corporate traffic will receive a more comfortable and functional tool. So, for example, the updates made now allow you not to spend a lot of time on point blocking of unwanted traffic, and improving the usability of the web-based server management interface helps to quickly access any components of the administration panel.

In the new version of the Ideco ICS 4 Internet Gateway, the tasks of minimizing "parasitic" traffic successfully solve two new components: layer-7 filter and Windows application branding. With these services, you can completely freely block traffic both through a set of upper-level protocols and traffic from unwanted or dangerous win32 applications, for example, VoIP phones or remote administration tools.

Another feature of the new version of Ideco ICS is closer cross-platform integration. The redesigned synchronization interface with the ActiveDirectory domain controller allows you to easily configure Ideco ICS to communicate with Windows servers 2003/2008. In addition, it became possible to synchronize both individual users and subgroups, with support for several domain controllers and NTLM authorization.

Other improvements to the fourth version include the ability to set auto-response for user groups, increase the server download speed several times, the ability to update the server via the SSH network protocol, change algorithms for working with the MRTG network traffic monitoring and measurement tool, updating web mail, etc.

The Internet gateway continues to develop in the chosen direction of convenience for the user: the installation of the product takes only 20-25 minutes, and the creation of a new user is 15-20 seconds and does not require technical knowledge. Also, traffic consumption limits, restrictions on access to unproductive resources, scenarios for remote access to a mailbox or desktop, and much more are set easily and quickly through a single graphical interface. Kaspersky Lab technologies for spam filtering and anti-virus protection of mail and Internet traffic are additionally integrated into the Internet gateway. To date, the product has received high praise from users in all regions of Russia and the CIS countries.

Ideco ICS

Ideco ICS (Internet Control Server - Access Control Server in) Internet is a kernel-based software Internet gateway Linux used to control and distribute access to Internet corporate and private. networks

Description

Ideco ICS is an integrated Internet gateway and contains built-in modules: firewall, mail server, billing system, antivirus, antispam. It is used for distribution, accounting and control of Internet access at enterprises, in private and provider networks. The Internet gateway is controlled through a graphical interface from under any common operating system (Windows, Linux, Mac OS).

Ideco ICS is installed at the border between the local network of the enterprise and the Internet. And all user interaction with the global network is carried out through Ideco ICS. The server has at least two network interfaces: one interface is connected to the Internet, and the second to the local network of the enterprise. This allows you to fully manage Internet traffic, as well as protect your local network from external threats.

The DLP module built into the Ideco ICS Internet Gateway scans outgoing traffic and blocks the transfer of protected documents through email or web protocols. The DLP module in the Ideco ICS Internet Gateway is a proprietary development created according to the global principles of DLP systems development. At the moment, the module is successfully working out most potentially dangerous situations and is ready to provide protection against leaks to small and medium-sized business networks.

DLP from "Ideco" is able to recognize changed documents using digital fingerprint technology "SmartID," as well as files in archives. Nikolai Zhuravlev, leading developer of the DLP module: "It took more than six months to develop a full-fledged DLP module. Now the module has been fully tested on our corporate gateway, launched and tested in the networks of some of our customers and we are ready to present it to all users. In the next updates, we will add full filtering of instant messengers and expand the list of file types supported by "SmartID." In the future, flexible filtering policy settings and user configuration of the module by the Security Officer will be implemented. " Despite the significant expansion of functionality, the implementation of the DLP module did not affect the cost and licensing policy of the Ideco ICS Internet gateway.

What should a new generation firewall be able to do?

• Not only skip information flows, but also take part in their processing, including monitoring outgoing flows for the presence of data classified as confidential.
• Have flexible policy management options for different groups of users, depending on the connection point, time of day, tolerance levels, or assigned business tasks. For example, access to any sites after business hours or allocate the widest possible channel for the period of video conferencing.
• Provide traffic filtering by application type, for example, with the ability to block any Skype traffic.
• Have a comprehensive arsenal of network security tools: from support for Layer-7 filtering to built-in antivirus engines, the IDS/IPS system and traffic encryption modules with modern cryptographic algorithms.

Ideco ICS Capabilities

• Internet Access Control and Control
• Protect enterprise users and networks
• Traffic Accounting, Planning, and Cost Limitation
• NAT-enabled firewall
• Proxy server with transparent caching
• Antivirus and Content filtering of web traffic
• Intelligent Traffic Prioritization - QoS
• Optimizing and Balancing Channel Load
• Remotely connect employees and local offices
• Enterprise Web Server
• Mail server with Anti-Virus and Anti-Spam
• NEW. Kaspersky Lab technologies for protection against external threats
• DHCP, FTP, VPN, VLAN

Ideco ICS Properties

• Ideco ICS is based on the Linux kernel using unique technologies. Therefore, it has unprecedented reliability and security comparable to hardware routers.

Built-in security provides effective protection against a wide range of external threats: viruses, spam, network attacks, and unauthorized access;

• Automatic installation and easy administration. The solution does not require constant maintenance - operating costs are close to zero;
• User groups and access policies are managed through a convenient and multifunctional web interface that allows you to control the system from any point of administration, at any time;
• Filtering spam and web content can significantly reduce unproductive time spent by users and save resources;
• The reliability of the system is confirmed by examples of Ideco ICS implementation in corporate networks with a number of users of 3000 or more;
• Convenient licensing scheme. There are versions for small businesses: 10-20 users; average: 50-200; and large companies: 500 or more users.
• With cost savings, low operating costs, and free up specialist time, Ideco ICS pays off in a few months.

Ideco ICS 3

Ideco offers a solution that will help protect against the risks of non-compliance with 152-FZ requirements. The Ideco ICS firewall software package has passed all stages of certification tests and received a positive decision on compliance with the following requirements:

• RD "SVT. Firewalls. Protection against unauthorized access to information. Indicators of protection against NSD "(State Technical Commission of Russia) - in class 4 of protection;
• RD "Protection against NSD. Part 1. Information security software. Classification according to the level of absence of NVS "(State Technical Commission of Russia) - according to level 4 of control;
• use of confidential information processing systems up to and including 1G class and personal data - up to and including K2 security class for firewalls.

All certification materials are at the stage of registration of the certificate at the FSTEC of Russia, receipt of the certificate is scheduled for late February - early March 2011.

The Ideco ICS 3 Firewall software package, created on the basis of the popular Russian Internet gateway Ideco ICS, has been certified by the FSTEC of Russia. Recall that by July 01, 2011, all personal data information systems must be brought into line with the requirements of Federal Law No. 152. One of the mandatory methods of protection against unauthorized access of systems for processing confidential information or personal data is to ensure secure interworking. The FSTEC Certificate No. 2283 certifies that the Ideco ICS 3 ME PC meets the requirements of: - the guidance document "Computer Equipment. Firewalls. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information "(State Technical Commission of Russia, 1997) - in class 4 of security; - guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of absence of undeclared opportunities "(State Technical Commission of Russia, 1999) - according to level 4 of control; - requirements of technical specifications, and can be used as part of personal data information systems up to and including K "security class.

Ideco ICS 3 PC is based on the Linux kernel and includes a wide range of network services to solve all the main traffic management tasks. The Ideco ICS 3 ME PC is more than just a firewall. The product concept is aimed at maximizing the automation of all routine network administration processes from a single command center - a convenient graphical web interface. The functionality of the certified version will be regularly updated and expanded through the certified update service.

Since October 2011, all users of the Ideco ICS Internet gateway have become available the ability to use Ideco MagPro GOST-VPN servers based on the certified CIPF "MagPro CryptoPacket" to build secure communication channels between branches of the corporate network. This product meets the requirements of GOST 28147-89, GOST R 34.10 2001, GOST Z 34.10-94 and the requirements of the FSB of Russia for CIPF class KS1. It can be used to cryptographically protect information that does not contain information constituting a state secret.

The solution operates at the level of a separate hardware and software device "Ideco MagPro GOST-VPN," made on the basis of the CIPF "MagPro CryptoPacket," which runs under the Debian operating system. Setting up "Ideco MagPro GOST-VPN" is carried out entirely through the web interface of the Ideco ICS Internet gateway.

2010: Ideco Mail Server 4

Ideco Mail Server 4 is a mail server for small and medium enterprises that provides e-mail and instant messaging. Jabber Ideco Mail Server is kernel-based Linux and is protected from external intrusions by a tiered security system. The deployment of the mail server takes several minutes, and it is immediately ready to protect users from spam, viruses and email DDOS attacks.LDAP AD/support makes it easy to integrate Ideco Mail Server 4 into the enterprise network. At the same time, the ability to work in a virtual environment helps reduce costs and improve usability. All Ideco Mail Server 4 settings are managed through a convenient web interface.

The main functionality of Ideco Mail Server includes: spam protection - Ideco Antispam, DSPAM, whitelisting, RBL; virus protection - Kaspersky Lab and ClamAV technologies; support for SMTP, IMAP, POP3, IMAPS, POP3S protocols; Webmail for users Jabber - instant messaging; Domain and user management, ActiveDirectory/LDAP support flexible mail rule management system (setting filters based on the body mining of a letter; trainable filters); forwarding, auto-reply, mailing; IdecoAntispam's innovative protection technology, a solution for protecting the network from unwanted correspondence; Built-in fault tolerance module that restores the system even in the event of a failure the ability to work in virtual machines KVM, VMWare, VirtualBox.