Secret Net

Secret Net (Secret Net Information Protection System) is a system for protecting confidential information on servers and workstations from unauthorized access. Can be used in automated systems up to and including 1B level. "

Secret Net is a system that combines security functionality, centralized management, rapid response and information system security monitoring. Secret Net protects the information resources of workstations and servers from unauthorized access. The availability of certificates FSTEC Russia allows you to use the IPS from the Secret Net NSD to protect confidential information, including personal data, as well as information constituting a state secret.

Appointment

• Organization of delimitation of access to confidential information;
• Control of confidential information distribution channels;
• Centralized, operational management of information security of the organization;
• Simplified certification of the automated organization system.

2023: Compatible Secret Net LSP version 1.12 with Astra Linux Special Edition 1.7

The compatibility of the operating system Astra Linux Special Edition 1.7 and the complex of information protection tools Secret Net LSP version 1.12 from the company "Security Code" has been confirmed. After a series of tests, experts were convinced that the solution works correctly and stably among the Russian OS. The software stack can be used in IT infrastructures that process sensitive information and are subject to certification. Astra Group of Companies announced this on May 23, 2023.

Verifying compatibility with Astra Linux is a critical component of our strategy to protect Linux environments. It is a platform on which we can build robust and effective defenses against the most advanced threats. Astra Linux is a key market player, and confirming compatibility will help protect the infrastructure of many government customers, "said Pavel Korostelev, head of the Security Code product promotion department.

The issue of ensuring information security has become one of the paramount for most organizations, especially those working with this or that type of confidential data. It became obvious that for reliable protection and infrastructures, and the information contained in them, it is necessary to use not foreign, but their own technologies, while it is important to understand: no software product is used in isolation, it always works in some kind of environment, and developers need to ensure their full compatibility, because only in this case the customer can count on the availability of functionality and the correct operation of the software stack. We are grateful to our colleagues from the Security Code for cooperation in this direction: by combining resources, we provide the Russian market with reliable and extremely popular joint solutions, - said Dmitry Tarakanov, Head of the Department for the Development of Technological Cooperation of Astra Group of Companies.

2021

FSTEC Certificate for Secret Net LSP 1.10

The Secret Net LSP 1.10 software package has received a certificate of compliance with the FSTEC. This was reported on February 20, 2021 by the Security Code company, the developer of the complex.

Secret Net LSP 1.10 is a tool information protection for unauthorized access firewall from for - IT based systems. Linux

According to the certificate, the software package corresponds to the 4th class of trust in accordance with the security requirements for the means of technical protection of information and means of ensuring the security of information technologies; Class 5 of security in terms of indicators of protection against unauthorized access, Class 4 of protection in terms of requirements for network screens and profiles of protection of type B firewalls.

The system version 1.10 implements a firewall that protects the computer from network attacks and trains the closed software environment module (IPS), which allows you to form a policy of allowed processes based on a list of applications used, which, in turn, saves administrator time to perform important tasks.

"Secret Net LSP 1.10 was released by us in July 2020 and successfully passed all tests at FSTEC. The firewall implemented in version 1.10 closes almost all possible threats from the network by controlling and filtering network traffic, registering events and neutralizing threats associated with network interaction. We are confident that the use of this version of the product will significantly increase the level of information security of our customers, "said Andrey Golov, General Director of Security Code.

JaCarta Electronic Key Compatibility

On January 14, 2021, Aladdin R.D. announced that, together with Security Code LLC, it had completed test tests for the compatibility of its products.

Based on the test results, compatibility certificates were signed confirming the correctness of the electronic keys of the JaCarta line and the Secret Net LSP information protection tools (IPS). Compatibility and correctness of sharing has been proven for USB tokens and smart cards JaCarta-2 GOST, PKI/GOST JaCarta-2 and USB tokens JaCarta GOST, JaCarta PKI/GOST and JaCarta SF/GOST.

The products of the JaCarta line are designed to organize an enhanced or strict authentications in information systems and services, to ensure the legal significance of documents and user actions electronic signature using and secure storage of containers of software, CIPF user, data certificates, passwords etc.

The Secret Net LSP, developed by Security Code, is an anti-unauthorized security tool for Linux operating systems.

2020

Compatibility of Secret Net LSP versions 1.8, 1.9, 1.10 with USB tokens and Rutoken smart cards

Aktiv"" and Security Code"" on July 23, 2020 reported positive results for compatibility of electronic identifiers Rutoken and the latest versions information protection of Secret Net LSP tools for OS the family. Linux

During the tests, the correctness of the Secret Net LSP information protection tool version 1.8 (Secret Net LSP-C), 1.9, 1.10, designed for use with USB tokens and Rutoken smart cards in Russian and foreign Linux operating systems was confirmed:

• Rutoken S;
• Rutoken S RF;
• Rutoken Lite (in version 1.10);
• Rutoken EDS 2.0;
• Rutoken EDS PKI;
• Rutoken SC EDS Smart Card (version 1.9 and later).

Based on the results of the work, a number of compatibility certificates were signed. Using Secret Net LSP in conjunction with Rutoken products significantly increases the level of security when authenticating users.

Work with Russian developers of information security tools is carried out on a regular basis. The knowledge and experience of the technical specialists of Asset and Security Code allowed us to implement a number of projects with the joint use of Russian solutions. As part of our technology partnership with Aktiv, we continue to test various versions of our products. We work with companies from various industries and it is important for us to support the authentication solutions that are used by our customers, "said Oleg Schmidt, Product Manager at Security Code.

It is gratifying that together with our partners from the Security Code, we can offer the information security market purely Russian solutions based on high-quality proven technologies. In particular, with the introduction of two-factor authentication. I hope that there will be only more projects using this technology, "said Pavel Anfimov, Head of Product and Integration Department at Rutoken Aktiv.

Compatibility of Secret Net LSP 1.9 with Red OS

On February 25, 2020, RED SOFT announced that, together with the Security Code company, they conducted another compatibility test of their products within the framework of a technological partnership. The developers confirmed the correctness of the work of the Secret Net LSP 1.9 (manufactured by "Security Code") on the Russian import-independent operating system RED OS (manufactured by RED SOFT).

The test results are reflected in a two-sided certificate of compatibility.

RED SOFTWARE places great emphasis on ensuring the compatibility of the RED OS operating system with leading solutions in the field of information protection. Security Code is our strategic partner in this area, comments Rustamov Rustam, Deputy General Director of RED SOFT

As part of the protection of Linux platforms, we are primarily focused on supporting Russian operating systems in order to give our customers the opportunity to most fully comply with the modern requirements of information protection legislation. Ensuring compatibility with RED OS and other leading Russian operating systems is fully consistent with our objectives, comments Alexander Kotov, Head of Security Code for Servers and Workstations

Secret Net LSP 1.9 passed the control of FSTEC of Russia

On February 20, 2020, the company Security Code"" announced the passage of the Secret Net LSP product (version 1.9) inspection control in. The FSTEC Russia updated version implements the ability to control the launch of applications and scripts on those protected computers using the "Closed Software Environment" module. Among the important features, it is also worth noting with integration the trusted download tool PAC "Sable" versions 3.0 and 4.2 and the expansion of the list of supported personal hardware identifiers.

In addition to the above innovations, Secret Net LSP 1.9 was provided on a significantly expanded set. operating systems Linux

IPS Secret Net LSP 1.9 passed the inspection control of the FSTEC of Russia in confirmation of the previously issued certificate No. 2790. According to this document, the product meets the requirements for the 5th class of security of the SVT and the 4th level of control of the absence of undeclared capabilities (EID). The product can be used for protection of ISDS up to 1 level of protection, logging up to 1 class of protection, APCS up to 1 class of protection, as well as NP up to 1G class of protection inclusive. When upgrading to version 1.9 in a certified information system, customers must notify the certification authority of the Secret Net LSP update. Recertification of the information system is not required.

2019: Secret Net LSP 1.9

On June 18, 2019, Security Code"" announced the release of an updated version of the Secret Net LSP product designed to protect against unauthorized access on workstations servers and under management. OS Linux

According to the company, Secret Net LSP provides protection against unauthorized access on workstations and servers running Linux, and also allows you to control user access to protected files and devices. The product allows you to bring the automated system into compliance with the legal requirements for the protection of personal data and confidential information.

One of the key innovations of Secret Net LSP version 1.9 is the "Closed Software Environment" module, designed to control the launch of applications and scripts in the protected system: only executable objects specified by the administrator are allowed to run. With this functionality, users have the ability to organize a static controlled software environment at workplaces and servers and prevent unauthorized implementations into existing endpoint workflows.

As part of support for the updated operating systems, Secret Net LSP 1.9 was provided on the following distributions:

• Alt Workstation 8;
• Alt 8 SP;
• Lotus;
• RED OS of 7.1 Moore;
• Astra Linux Common Edition 2.12;
• Astra Linux Special Edition 1.6;
• CentOS 7.6;
• Debian 9.5;
• Oracle Linux 7.6;
• Red Hat Enterprise Linux 7.6.

In addition to the above updates, version 1.9 provides support for working with personal identifiers JaCarta-2 GOST and JaCarta-2 PKI/GOST, designed for two-factor authentication users of the company's production ""Aladdin R.D..

2017: Release of version 1.6 with support for JaCarta hardware identifiers

Security Code On August 18, the company "" announced the start of sales of the updated Secret Net LSP product (version 1.6), designed to protect against unauthorized access computers under the control of/. The OS GNULinux product includes a number of functional improvements that make its use more convenient.

So, in the new version, support is implemented for working with personal JaCarta PKI identifiers/PKI Flash and JaCarta GOST, intended for two-factor authentication users.

Other features of Secret Net LSP 1.6 include support for the following distributions:

• Astra Linux Special Edition 1.5 (kernel version - 4.2.0);
• Astra Linux Special Edition 1.4 (kernel version - 3.16.0);
• MSVS 5.0 (kernel version - 2.6.32);
• CentOS 7.2.1511 (3.10.0-327);
• ROSA Enterprise Linux Server 6.5 (2.6.32-431.el6.x86_64).

The IPS from the Secret Net LSP NSD (version 1.6) passed the inspection control FSTEC Russia in support of the previously issued certificate No. 2790. According to this document, the updated product meets the requirements for the 5th security class of SVT and the 4th level of control over the absence of undeclared capabilities. Thus, the product can be used to protect the ISDS up to 1 level of security and GIS of up to 1 class of security, as well as the IVS up to and including the 1G security class.

Product updates for users of previous versions of the current technical support are free of charge.

2016

Secret Net LSP 1.5

On November 7, 2016, Security Code announced the release of Secret Net LSP 1.5.

The product is supplemented with functional improvements focused on improving usability. This version provides support for working with a personal identifier Rutoken EDS intended for two-factor authentications users. Among other features of Secret Net LSP 1.5 are improving the performance of the audit subsystem, updating the IPS with saving settings, the ability to export/import policy parameters, support for distributions (,,. Debian 8 ALT Linux 7.0.5 Centaurus Red Hat Enterprise Linux 7.0/7.2

The 1.5 release retains integration with Secret Net 7 management tools (Service Pack 6), which allows you to remotely configure security policies on Linux clients.

The release of Secret Net LSP 1.5 passed inspection control at the FSTEC of Russia in confirmation of the previously issued certificate No. 2790. According to this document, the updated product meets the requirements for the 5th security class of SVT and the 4th level of control over the absence of undeclared capabilities. The product can be used for protection of ISDn up to 1 level of protection and GIS of up to 1 class of protection, NPP up to 1G protection class inclusive.

One of the main goals of the release of the new release was to increase the ease of use of the IPS, primarily related to update and export of settings. We also took into account the wishes of customers and expanded the list of supported OS and electronic identifiers. Oksana Ulyankova, Security Code Product Manager

Product updates for users of previous versions of the current technical support are free of charge.

Secret Net LSP 1.4 with advanced management features goes on sale

Security Code announced in April 2016 the launch of an updated version of the Secret Net LSP product (version 1.4). It protects workstations and servers under management, OS Linux allows you to control user access to protected files and devices, as well as bring automated systems into compliance with legal requirements for the protection of personal data and confidential information.

Secret Net LSP 1.4 introduces new integration mechanisms with Secret Net 7 management tools (Service Pack 6). The updated Secret Net management program for Windows provides the following features:

• remote switching on and off of Secret Net LSP security subsystems;
• control of the device monitoring mechanism, including setting of parameters for delimitation of access to devices;
• Launch the PuTTY program to connect to the computer and send control commands using the SSH protocol.

This edition of the product also supports new Linux distributions: Red Hat Enterprise Linux 5 (5.2, 5.5, 5.8) and CentOS 7.1. In addition, the updated version implements automatic connection to the Windows domain.

information protection The Secret Net LSP (version 1.4) has passed the inspection control FSTEC Russia in and received confirmation of the previously issued certificate No. 2790. According to this document, the updated version of the product meets the requirements for the 5th security class of SVT and the 4th level of control of the absence of EID. Thus, Secret Net LSP can be used to protect ISDs up to and including level 1 of security and GIS up to and including class 1 of security, as well as NP up to and including class of 1G security.

FSTEC discovered a critical vulnerability in the product

In April 2016, the Federal Service for Technical and Export Control (FSTEC) of Russia announced that Secret Net users need to switch to more recent versions of the product to fix the vulnerability.

In 2016, a critical vulnerability was found in Secret Net's information protection tools, through which the user could elevate his privileges to administrative privileges by running malicious software. This threat was registered in the FSTEC database under the number 2016-00436.

The Security Code company has fixed this vulnerability in Secret Net 6 and Secret Net 7 by releasing appropriate updates. The problem is also relevant for versions 5.0 and 5.1, but for these products an update is not provided due to the end of their life cycle.

According to a message on the FSTEC website, by January 1, 2017, organizations working with Secret Net 5.0 and 5.1 need to switch to other certified information protection tools supported by their manufacturers. Users of Secret Net versions 6 and 7 should receive and apply the latest updates, including receiving from the developer the appropriate changes to the operational documentation.

As part of the process of updating IT systems, companies need to take measures to limit the software environment, aimed at eliminating the possibility of exploiting the identified vulnerability by launching a specially formed application, the FSTEC said.

The service also notes that updating information protection tools is not the basis for re-certification of IT systems. All software updates are carried out within the framework of existing certificates of conformity for information systems.^[1]

2015

Secret Net LSP 1.2 Technical Release

The Security Code company announced in January 2015 the release of the technical release of Secret Net LSP 1.2, a means of protecting information from unauthorized access for Linux operating systems. The IPS version from NSD Secret Net LSP 1.2 supports new versions of Linux, including Red Hat Enterprise Linux 6.5 and 6.3, CentOS 6.5 and Alt Linux SPT 6.0.2.

Also, as part of the product update, support for NFS and CIFS file systems has been improved, compatibility ON with CryptoPro has been provided and the ability to be end-to-end authentications on a terminal server for an OS Windows with the Secret Net MPS installed has been implemented. In addition, the IPS from the Secret Net LSP version 1.2 received a new licensing scheme and the format of the product activation key, which provides for generation through the user's personal account on the Security Code company website.

The updated version of Secret Net LSP 1.2 has been submitted for inspection control FSTEC Russia in to confirm compliance with the previously issued certificate No. 2790.

Updated version of Secret Net 7 SP3

In early 2015, an updated version of the IPS from NSD Secret Net 7.3, designed to protect information on workstations and servers, went on sale. The updated version of Secret Net passed inspection control at the FSTEC of Russia to confirm compliance with the previously issued certificate No. 2707 for means of protection against unauthorized access to information according to the 3rd security class and can be used to create automated systems up to and including 1B security class and to protect information in personal data information systems up to and including UZ1. The certificate also confirms compliance with the requirements for the absence of PVA at the 2nd level of control.

In the updated version of the IPS from the Secret Net 7 NSD (build 7.3.562), the system control functions have been significantly expanded, new print control capabilities have been added, and the list of supported devices and programs has been expanded. Get acquainted with all the features of the new version.

Network mode of operation

• Implemented a hierarchical mechanism for adding security server policies to the highest priority at the top server);
• When transmitting unauthorized access events (LSD) between servers, filtering support is implemented;
• Grouping of events is provided when transmitting to the Control Program (CP) and the higher server;
• It is possible to transfer operational commands to agents of slave servers.

Management program

• Added the ability in configuration mode to display only the security server to which the UE and slave servers are connected, hiding the rest of the hierarchy;
• Support for real-time display of up to 10,000 management objects and AD hierarchy objects (domains and OUs);
• It is possible to start the UE under an account without local administrator rights;
• Added the ability to create models for devices in PU policies;
• Added search for objects when displayed in tabular form;
• Added the ability to sort and group domains and OUs by name.

Print control

• Support for the function of printing to a file is implemented;
• It is possible to control printing from scripts using the COM interfaces of Microsoft Word and Excel;
• The operation of print control on the terminal server when local printers are connected has been corrected.

Local protection

• Improved mechanism for discretionary control of access to file system resources;
• Its own user interface for controlling the discretionary access control mechanism is implemented, and the use of OS functions is minimized;
• Added the ability to enable filtering for system processes when registering the start and end of processes;
• Optimized resource lists and monitoring methods in default jobs to reduce monitoring time.

Other changes

• The system can be correctly rolled back to the recovery point;
• The Secret Net snap-in in the "Control Panel" is safe; Windows
• Support for working with Citrix XenApp when interacting between different domains is implemented;
• Increased to three allowed terminal connections to a computer protected by Secret Net without a terminal access license;
• Extended the list of supported software;
• Support for JaCarta electronic ID is implemented.

Secret Net 7 SMT is compatible with eToken USB keys and JaCarta smart cards

On February 26, 2015, Security Code and Aladdin R.D. announced the completion of test tests of the interaction of smart cards and USB tokens of the JaCarta and eToken product lines with the Secret Net 7 information security tool.

Based on the test results, the companies signed compatibility certificates confirming the correctness of the JaCarta and eToken electronic keys with the IPS from the Secret Net 7 NSD (Service Pack 3, version 7.3) to protect information on workstations and servers.

Based on the submitted documents, the IPS from the Secret Net 7 NSD can interact with models of smart cards and electronic keys:

• JaCarta GOST,
• JaCarta GOST/Flash,
• JaCarta PKI,
• JaCarta PKI/Flash,
• JaCarta PKI/GOST,
• eToken PRO (Java).

Secret Net LSP 1.3 technical release is available for OS Linux with support for Secret Net 7 centralized management

The main feature of the IPS from the Secret Net LSP version 1.3 NSD is the ability to use the centralized management tools of the Secret Net 7 IPS (Service Pack 4). The following features are now available for computers protected by Secret Net LSP:

• The Secret Net management program Windows displays basic information about computers running the OS along with agents; Linux
• Centralized monitoring and collection of logs by schedule and administrator command
• in the event of an information security threat, the administrator can send online control commands: lock, unlock, restart and turn off computers.

The IPS Secret Net LSP 1.3 supports domain user authentication. Remote control mode settings are available both in the Secret Net LSP graphical security panel and through the new console utility.

In addition, the updated version provides end-to-end authentication using an electronic identifier on the Citrix server with the Secret Net MPS installed.

In the updated version of the Secret Net LSP, the list of supported operating systems has been replenished with Debian 7.6. Also added is support for installation from the rpm package for RHEL and CentOS, and installation from the deb package is available for Debian OS.

Release of Secret Net 7 Service Pack 4, version 7.4

On August 4, 2015, the company Security Code announced the launch of a version of the IPS from NSD Secret Net 7 (Service Pack 4, version 7.4). The product passed inspection control at the FSTEC of Russia and went on sale.

According to the certificate of FSTEC of Russia dated 07.09.2012 No. 2707, the version of Secret Net 7 meets the requirements for means of protection against unauthorized access to information according to class 3 of security and level 2 of control for the absence of EID and can be used when creating automated systems up to and including 1B security class and for protecting information in personal data information systems up to and including UZ1.

The validity period of the certificate of conformity has been extended until September 7, 2018.

The peculiarity of this version of Secret Net 7 is the ability to connect computers running on the Linux OS platform and protected by Secret Net LSP (versions 1.3 and higher) to the control loop. In the Secret Net 7 management program, the security administrator will be able to obtain basic information about computers connected to the security server on the Linux OS platform, conduct centralized monitoring, collect logs and send online management commands.

The Secret Net 7 version provides full support for the product in systems, virtualizations Citrix supports identifiers (ESMART Token in form factors - USB current and smart card), expands the functions of the print control and login subsystem, system administration capabilities, and much more.

2014

LSD Secret Net 7 Service Pack 7.2.515)

On March 21, 2014, the company Security Code"" announced the start of sales of an updated version of the Secret Net 7 SNE with Windows 88.1 Windows Server 2012 support for/and/2012 R2.

In addition to supporting Windows, the updated version of the Secret Net 7 (build 7.2.515) introduces a number of new features that make it easier for the administrator to work with the system and improve its performance.

New tools

• A new display mode for the protected network has been added to the management program, allowing the administrator to see and manage the entire structure of domains, organizational units, managed servers and workstations.
• Added native centralized policy management mechanisms and a user management program to enable you to deploy your system without making changes to Active Directory.
• installation on the security server is implemented DBMS Oracle and DBMS MS SQL Server the database size is controlled, which is relevant for free versions; DBMS
• work with alarms is established, this makes it easier for the administrator to manage alerts for unauthorized access.

The following are implemented in terminal access systems and virtual workstation (VDI) infrastructures for the operation of the Secret Net 7 IPS:

• monitoring of devices connected from the user's workplace to the virtual workstation or terminal server;
• The ability to log in using electronic identifiers, including thin clients.

Improved protection mechanisms

• support for new types of identifiers (RuToken EDS, RuToken EDS micro and RuToken Lite);
• Support for logon using standard certificates
• expanded the list of monitored devices;
• added a new mode of operation of the print monitoring subsystem, which allows reducing the time for processing the document;
• in the integrity monitoring subsystem, a new mode "Built-in EDS" has been introduced, which allows updating software, the modules of which have an electronic digital signature, without changing the system settings.

The procedure for automatic installation of the system has been modified.

The updated version passed inspection control in the FSTEC of Russia in confirmation of the previously issued certificate No. 2707. The Secret Net 7 IPS can be used to protect the ISDS up to and including level 1 of security and GIS up to and including class 1 of security, as well as the IVS up to and including class 1B security.

Inspection control of the RF Ministry of Defense is completed

On June 25, 2014, the Security Code company announced the passage of inspection control in the Ministry of Defense of the Russian Federation of an updated version of the Secret Net 7 information protection tool and a positive conclusion of the Federal Authority for the Certification of Information Protection Tools of the Ministry of Defense of the Russian Federation in confirmation of the previously issued certificate of conformity No. 2143, valid until 15.05.2016.

Thus, the certificate confirms the compliance of the IPS from NSD Secret Net 7 with the requirements of the Order of the Minister of Defense of the Russian Federation of 1996 No. 058:

• according to the 3rd class of security according to the guiding document "Computer equipment. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information "(State Technical Commission of Russia, 1992);
• according to the 2nd level of control over the absence of undeclared capabilities in accordance with the guiding document "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control over the absence of undeclared opportunities "(State Technical Commission of Russia, 1999);
• compliance with the real and declared functionality in the documentation.

The updated version of the IPS from NSD Secret Net 7 can be used at the facilities of the Ministry of Defense of the Russian Federation and ensure the protection of information constituting a state secret (up to and including the "top secret" stamp).

LSD Secret Net 7 - Service Pack 7.3

In November 2014, the Security Code company announced the release of a technical release of an updated version of the IPS from the Secret Net 7 NSD, designed to protect information on workstations and servers.

In the presented version of the IPS from the Secret Net 7 NSD (Service Pack 7.3), the system management functions have been significantly expanded, new print control capabilities have been added, and the list of supported devices and programs has been expanded.

A number of new features have been added to the management system of the updated version of Secret Net 7, in particular, the following are implemented:

• Hierarchical application of security server policies
• filtering of LSD events sent between security servers;
• possibility to create rules for LSD filters;
• possibility of transitive application of operational control commands (possibility of transmitting commands to agents of subordinate security servers);
• the ability to disable the display of objects that are not related to the connection server;
• optimized display of complex Active Directory structures, implemented sorting and grouping of domains and organizational units, added tools for searching objects in the object tree;
• faster communication between the security server and the management program.

The updated version of Secret Net 7 also expanded the functions of the print control subsystem, added support and print control to the file, and implemented support for printing from scripts. As part of the product update, the mechanism for managing discretionary access control with its own user interface has been improved.

In addition, the updated version of Secret Net 7 implements support for identifiers, JaCarta improved support for systems virtualizations Citrix and, VMware expanded the list of compatible devices and (software including antiviruses crypto providers and). DLP systems

2013: Secret Net 7

The solution gives customers a new level of security and ease of use of the protection system. Firstly, a new implementation option has been added - this is a more convenient scheme for installing the network version of Secret Net in organizations with a branch structure. The new version provides support for ADAM/LDS, while solving the problem of delegating authority to administrators to install and operate IPS within an organizational unit or branch. An important change is the ability to protect terminal sessions using thin client technology due to its increasing adoption. Terminal access mode support for Citrix and Microsoft platforms. Among other things, Secret Net 7 has expanded the ability to control the leakage of confidential information - now the IPS provides the ability to shadow copy before the operation of writing information to the device. In addition, universal print control has become available, allowing you to display the privacy stamp on documents printed from any application, and the delimitation of access to printers has been implemented - printing confidential documents only on printers specially allocated for this purpose.

Secret Net 7 provides new capabilities for centralized management and monitoring. Among them, remote control of local security policies and the state of EPF protection systems from the administrator's workplace, that is, centralized control of devices at the computer level is implemented. Administrators will also be able to specify a description for controlled alienated media. In the IPS from the Secret Net 7 NSD, alienated media are displayed not only by serial number, but also by the description assigned by the security administrator, which greatly simplifies the monitoring and control of a large number of alienated media in the organization.

The Secret Net 7 information protection tool received a Russian FSTEC certificate in the fall of 2012, confirming the possibility of using a solution to protect confidential information, personal data, as well as information constituting a state secret.

Secret Net 7 provides customers with a new level of security for the information system, and the new version is easy to use, flexible settings and additional capabilities for administrators.

Among the key changes and new functionality, the developers of the company "Security Code" note:

• The new implementation option is the deployment scheme for the network version of Secret Net 7, which does not require an Active Directory modification. This method will allow organizations with a branch structure to solve the problem of delegating authority to administrators to install and operate IPS within an organizational unit or branch.
• The ability to protect terminal sessions using thin client technology.

An important change is the expansion of the ability to control the leakage of confidential information - now the security tool provides shadow copying of information before the operation of writing it to the device. In addition, universal print control has become available, allowing you to display the privacy stamp on documents printed from any application, and the delimitation of access to printers has been implemented - printing confidential documents only on printers specially allocated for this purpose.

Separately, it is worth noting changes in the capabilities of the centralized management and monitoring tool. The program for centralized control of the security mechanisms of the Secret Net 7 system has received a new graphical interface that allows you to visualize the protected network. With the help of the management program, the administrator has the ability to remotely manage local security policies and the state of EPF protection systems from the workplace. In addition to centralized control of device control at the computer level, Secret Net 7 implements the ability to specify descriptions for controlled alienated media, which greatly simplifies the monitoring and control of a large number of alienated media in the organization.

Unlike the previous version, the IPS from the Secret Net 7 NSD has one version. The decision was certified by the FSTEC of Russia and received certificate No. 2707, confirming the compliance of the guiding documents for the 2nd level of control for the absence of NDV and the 3rd class of security for SVT. The Secret Net 7 Information Security Tool can be used in automated systems up to and including Class 1B and Class 1 ISDs.

The version of IPS from NSD Secret Net 7 will add support for MS SQL Server 2008, device control (VDI), the ability to deploy the system without reconfiguring Active Directory, Security Code reported on August 1, 2013.

The company also announced the transition to the development of information protection tools by the iterative method, this, according to the vendor, will allow updating the product line by the end of 2013 and releasing a number of new products.

2012: Secret Net LSP (Linux)

Compliance with regulatory requirements when using distributions Linux in the information system of organizations has its own peculiarity. There are several options to address compliance issues. In particular, you can use a specialized Linux distribution with built-in tools that information protection are certified in. To FSTEC Russia compensate for threats, you can use another option, namely the use of additional certified means of protection against unauthorized access. But there are organizations that are considering the option of migrating to a new platform.

If the choice is made in favor of the first option using a specialized distribution, then companies may face a number of restrictions. First of all, this is the complexity of updating the software and the rigid binding to the versions of the distribution kit of specific suppliers that have certified their products. The second problem is the loss of flexibility of a system built on the basis of a certified distribution. Changes in the configuration and composition of files from the package of a certified distribution kit are impossible due to the fixation of the set of files during certification of the distribution kit. And, of course, this is the loss of certification of the object of information when installing an application that makes changes to system-wide software. With such disadvantages, the use of a certified Linux distribution is a big question.

The Secret Net LSP IPS based protection system provides the following basic protection mechanisms:

• Identification and authentication of users, including using personal identifiers.
• Delineation of access to protected resources of the Linux machine.
• Clear the available RAM and storage devices.
• Log security events.
• Audit and control of user actions.
• Control the integrity of files and directories.
• Erases the contents of files when they are deleted.

Thus, Secret Net LSP allows you to comply with legal and regulatory requirements using Linux and avoid the need to migrate the system to a new platform. It is worth noting the convenience of working with this software solution. For system administrators, an installation program is available that allows you to easily and quickly deploy the security suite, as well as graphical and console management utilities.

The Secret Net LSP solution is designed on a modular basis, which provides the ability to connect additional modules if necessary. The modular principle allows you to expand the range of tasks to be solved as needed.

So, summing up, we can say that an organization, building a security system based on IPS from the Secret Net LSP NSD, receives effective protection against internal threats, the ability to certify an automated system and avoid problems such as the inability to receive updates, expand functionality and limitation when choosing Linux distributions.

As you know, an integrated approach is the key to success in such a difficult matter as the protection of information, including personal data. Information security of IS can be provided only by comprehensive protection measures, an important part of which is technical means of protection. Security Code solutions can ensure comprehensive security of information systems, as well as their full compliance with the requirements of regulations in the field of personal data protection. With the release of IPS from NSD Secret Net for Linux, the Security Code took a step towards the ability to provide comprehensive protection for automated systems using Linux operating systems. Secret Net LSP has expanded its line of security tools running on Linux:

• "Continent-AP" for Linux - as part of the "Continent" ACS provides protection of communication channels when exchanging information through external networks;
• PAC "Sobol" - provides trusted loading of servers and workstations.

The use of IPS from NSD Secret Net LSP in conjunction with other certified security tools for Linux of the company "Security Code" will create flexible and technological solutions, as well as successfully pass the certification of the informatization object.

2010: Secret Net 6

In December 2010, the company "Security Code" announced the receipt of certificates of conformity of the FSTEC of Russia sn No. 2227 and No. 2228 for the means of protecting information from unauthorized access Secret Net 6 and Secret Net 6 version K.

What's new in Secret Net 6:

• Two versions depending on the class of automated systems: Secret Net 6 for AS 1B, Secret Net 6 Option K for AS 1G.
• Secret Net 6 Option K can be used in ISD K1 without the use of additional means of protection against loading from external media (depending on the threat model).
• The list of operating systems has been expanded, support for 64-bit platforms has been added.
• Simplified security auditing by enabling group log operations. The management program displays registered logs from multiple computers according to different security event criteria.
• The informativity of the online control program ("Monitor") has been improved - the ability to display the state of security subsystems on client workstations has been implemented.
• Added support for Rutoken personal identifiers.
• Data encryption is excluded.

Secret Net 6 Capabilities

• User authentication
• Ensure that access to protected information and devices is differentiated
• Trusted Information Environment
• Control of confidential information distribution channels
• Monitor computer devices and alienated media based on centralized policies that prevent sensitive information leaks
• Centralized management of security policies, allows you to quickly respond to NSD events
• Operational Security Monitoring and Audit
• Scalable security, the ability to use Secret Net (network option) in an organization with a large number of branch offices

Secret Net 6 Deployment Options

• Offline mode - designed to protect a small number (up to 20-25) of workstations and servers. In this case, each machine is administered locally.
• Network Mode (centrally managed) - Designed to be deployed in a domain network with Active Directory. This option has centralized management tools and allows you to apply security policies across your organization. The network variant of Secret Net can be successfully deployed in a complex domain network (domain tree/forest).

Links

• Secret Net IPS Information
• Current SIS Secret Net Certificates
• NIP Informzaschita
• SIS Secret Net Training Course
• A new round in the development of SMT from NSD Secret Net