ViPNet SafeBoot

ViPNet SafeBoot is a high-tech trusted boot software module installed in the UEFI BIOS of various manufacturers. It is designed to protect PCs, mobile devices (x86 architecture) and servers (including virtualization servers) from attacks on the BIOS and various threats of unauthorized access at the boot stage. Unlike most solutions on the market, ViPNet Safeboot is a fully software module and can be installed in UEFI BIOS specifications 2.4 and higher.

2023

Obtaining a certificate of the FSB of Russia for ViPNet SafeBoot 3

On December 18, 2023, InfoTeCS announced that it had received a certificate from the FSB of Russia for the UEFI BIOS ViPNet SafeBoot 3 level trusted boot software module (PMDZ).

Certificate No. SF/527-4669 dated 06.12.2023 certifies that ViPNet SafeBoot 3 meets the requirements for trusted loading mechanisms COMPUTER (security class 2, service class B) and can be used to protect against unauthorized access to a person who information does not contain information constituting a state secret. The obtained certificate confirms the possibility of using ViPNet SafeBoot 3 in scenarios where only the use of trusted boot hardware and software modules was previously available.

ViPNet SafeBoot 3 is a generation of high-tech trusted boot software module, through the use of many additional UEFI BIOS protection mechanisms and the platform as a whole, for example, software SMI control, write protection in WPBT, direct write protection from BIOS to disk and other protection mechanisms, providing a large set of functions for MDC.

ViPNet SafeBoot 3 is certified according to the requirements of the FSB of Russia and the FSTEC of Russia. The module is designed to create a point of trust in the platform and its components, loading the operating system. The key tasks of ViPNet SafeBoot 3 are delimiting platform access, UEFI BIOS protection, monitoring the invariability and protection of personal computer components, as well as organizing a trusted boot of the standard operating system.

ViPNet SafeBoot 3 is presented in two versions:

• Execution 1 is certified according to the requirements of both the FSB of Russia and the FSTEC of Russia. The functionality of ViPNet SafeBoot 3 Version 1 is limited by the platform, does not contain mechanisms for remote control, integration with external systems (LDAP).
• Execution 2 is certified only according to the requirements of FSTEC of Russia. Version 2 of ViPNet SafeBoot 3 supports remote management, interaction with network directories and other information security tools for protecting end nodes.

Version 1 ViPNet SafeBoot 3 is applicable for the protection of information systems requiring certification according to the requirements of ISDS, GIS, APCS, CII, as well as systems created according to the requirements of the FSB of Russia.

Until recently, even the idea of ​ ​ the existence of a software trusted download tools that meets the requirements of the FSB of the Russian Federation and the FSTEC of the Russian Federation was perceived as a utopia. The creation of ViPNet SafeBoot 3 embodies the company's deep expertise in the development of CIPF and CIPF, which allowed us to be the first on the Russian market to receive a unique universal certified product. Our customers can use ViPNet SafeBoot 3 when certifying CIPF-protected workplaces of modern automated information systems ISDS, GIS, APCS, CII, using an integrated approach, without the need to build complex integration solutions and security compromises, - said Nikolai Smirnov, InfoTeCS Product Director.

Obtaining the certificate of FSTEC of Russia for ViPNet SafeBoot 3

On May 31, 2023, InfoTeCS announced that it had received the FSTEC of Russia certificate for the UEFI BIOS ViPNet SafeBoot 3 trusted boot software module.

FSTEC Certificate Russia No. 4673 of 10.05.2023 confirms the compliance of ViPNet SafeBoot 3 with the requirements for information security establishing the levels of trust in technical information protection and security tools according to information technology level 2 of trust, requirements for means of trusted loading, requirements for the protection profile of the trusted download tools of the level of the basic I/O system of the second class of protection.

The ViPNet SafeBoot trusted boot software module is installed in the UEFI BIOS. It is designed to protect mobile PERSONAL COMPUTER devices (servers including servers) virtualizations from various threats of unauthorized access at the boot stage and from BIOS attacks. ViPNet SafeBoot also carries out identification authentication users, delimits access based on roles, guarantees trusted loading. operating system

ViPNet SafeBoot 3 is presented in two versions:

• Execution 1. The "local" version does not support remote management and LDAP connection mechanisms. The version is certified by the FSB of Russia and the FSTEC of Russia.
• Execution 2. The "online" version supports remote management. Certificate of FSTEC of Russia received.

The key task in the release of ViPNet SafeBoot 3 was to implement the new requirements of the FSB of Russia. In addition, the "network" version of the product implements trusted download OS over the network, supports HTTP the -Boot and PXE Boot mechanisms, adds support for Astra ALD Pro (by), and authentication LDAP now generates a report on product settings. ViPNet SafeBoot 3 now supports the Guardant ID 2.0 token, which must be used when building high-class systems.

ViPNet SafeBoot can be used to protect state information systems up to and including K1 security class, to ensure level 1 and 2 security of personal data and automated process control systems up to class 1 security class.

At the end of May 2023, certification tests of ViPNet SafeBoot 3 in the FSB of Russia continue. The expected deadline for obtaining a certificate is autumn 2023.

2022

Compatibility with tokens and smart cards "Rutoken"

And InfoTeCS the company Aktiv"" on December 22, 2022 announced the completion of testing and confirmed the correctness of ViPNet SafeBoot's collaboration with tokens and. smart cards Rutoken More. here

Laptop and All-in-One ICL compatibility

On March 31, 2022, InfoTeCS"" announced that it iSiEl Techno had completed testing with "" of the ViPNet SafeBoot 2.1 UEFI BIOS level trusted boot software module on, laptops RAYbook Si1512 RAYbook Si1512 v2 and. monoblock S131Mi

ViPNet SafeBoot is designed to protect workstations, servers, including virtualization servers, from threats of unauthorized access at the boot stage and from attacks on the BIOS. ViPNet SafeBoot meets the requirements of FSTEC of Russia to the trusted download tools of the level of the basic I/O system of the 2nd class and can be used to protect:

• personal data information systems up to and including UZ1;
• state information systems up to and including security class 1;
• automated process control systems up to and including security class 1;
• information systems classified as significant objects of critical information infrastructure up to the category of K1 significance.

According to the conclusion of the Ministry of Industry and Trade, RAYbook laptops and the SafeRAY monoblock from ICL Techno fully meet all the criteria set out in the appendix to Government Decree No. 719 and are considered products manufactured in the Russian Federation.

ViPNet SafeBoot version 3.0

On February 08, 2022, InfoTeCS announced that it was announcing the release of the ViPNet SafeBoot 3.0 version of the UEFI BIOS level trusted boot software module. The product is designed to protect workstations, mobile devices, servers (including virtualization servers) from various threats of unauthorized access at the boot stage and from attacks on the BIOS.

One of the key tasks solved as part of the development of ViPNet SafeBoot version 3.0 was implementation of the requirements of the Federal Security Service of Russia for trusted computer loading mechanisms, which significantly expands the possibilities of using this product on the Russian market. After the ViPNet certification is completed, SafeBoot can be used on supported hardware platforms in information systems containing CIPF classes of KS2 or KS3 protection, instead of hardware-software modules of trusted download (AMDD) of other manufacturers.

When working on the release of ViPNet SafeBoot 3.0, as part of a technological partnership with Baikal Electronics, product support was implemented on motherboards with domestic processor Baikal-M (aarch64).

ViPNet SafeBoot 3.0 features:

• Working with HID Omnikey 5422 readers.
• Guardant ID version 2 tokens were added to the list of supported identifiers.
• Single Sign-On support for LDAP users is implemented.

ViPNet SafeBoot 3.0 adds integrity and download control operating system over the network (PXE and Http Boot). Thus, the product can be used in terminals loading the OS image on the virtualization server. ViPNet SafeBoot 3.0 submitted for certification according to the requirements of the FSB of Russia for mechanisms trusted computer boot according to protection class II and service class B. Also, the product was transferred for certification to the FSTEC of Russia for compliance with the "Information Security Requirements Establishing Levels of Trust in Information Security Tools and Information Technology Security Tools" (FSTEC of Russia, 2020) - according to level 2 of trust, and "Requirements for means of trusted loading of the level of the basic I/O system" of class 2, which will allow using ViPNet SafeBoot to build personal data information systems up to and including UZ1, state information systems and APCS up to and including class 1 of security.

2020

Extension of the provision of licenses free of charge for a period of 6 months amid the coronavirus epidemic

Due to the increase in the number of applications with a request to provide licenses for software for organizing remote secure access and the difficult situation with the development of coronavirus infection, InfoTeCS announced on October 6, 2020 its readiness to provide licenses for a number of its products free of charge. Including on ViPNet SafeBoot. Read more here.

Granting a license free of charge amid the coronavirus epidemic

On March 19, 2020, InfoTeCS announced that it would provide licenses for its software for organizing secure remote access free of charge. The company announced its readiness to provide the required number of licenses for software,, ViPNet Client ViPNet Connect HS ViPNet IDS and ViPNet SafeBoot. More. here

2019

ViPNet SafeBoot version 1.4 with USB tokens and JaCarta smart cards

On December 24, 2019, Aladdin R.D. announced that it had completed a compatibility test with InfoTeCS for its products. The test results showed that JaCarta electronic keys can be used in conjunction with the ViPNet Client desktop protection software versions 4.5.1 and 4.5.2, CIPF version 4.4 and the trusted boot module for UEFI BIOS ViPNet SafeBoot version 1.4. Read more here.

Compatible with Getac F110G3 tablets and Getac laptops S410

The companies Getac InfoTeCS also announced on August 26, 2019 that they confirmed the compatibility of their products at a joint test bench in the InfoTeCS laboratory in. As a To Moscow result of the tests, the correct operation was confirmed/and with laptopstablets Getac F110G3 4.5 Getac S410 , software ViPNet Client 2.4 ViPNet Connect and ViPNet SafeBoot 1.4. More. here

ViPNet SafeBoot 1.4 Technical Release

On June 19, 2019, InfoTeCS, a domestic developer and manufacturer of software and hardware protection tools, which is a technological partner of Aladdin R.D., announced the release of the technical release of the ViPNet SafeBoot 1.4 software complex.

The ViPNet SafeBoot software package is designed to identify and authenticate users, differentiate access based on roles, as well as organize a trusted boot of the operating system. The solution improves the level of security by authorizing at the BIOS level before loading the main components of the operating system, monitoring the integrity at the BIOS level of the protected components of the operating system and hardware.

The updated version of the product implements the following features:

• Inactive mode is a key feature aimed at the convenience of OEM-delivery of SafeBoot in workstations and servers of hardware platform manufacturers;
• support for authorization according to Western certificates - improving the convenience of working with the product;
• support JaCarta-2 GOST - expanding the list of supported key media for authentication.

The updated version of the product has successfully passed all tests in accordance with test scenarios. As of June 2019, ViPNet SafeBoot version 1.4 was submitted for inspection control in FSTEC Russia order to confirm compliance with the previously issued certificate No. 3823 for the requirements for trusted download tools of the class 2 basic I/O system level.

2018: ViPNet SafeBoot 1.3 Technical Release

On June 6, 2018, InfoTeCS announced the release of the technical release of the ViPNet SafeBoot 1.3 software complex.

The updated version of the product implements the ability to authorize users Active Directory (AD) in or LDAP-, server which allows you to simplify the operation of the solution and use a single user account when identifying authentications and in ViPNet SafeBoot and AD/LDAP MDZ. As part of the presented release, it became possible to monitor the integrity of the registry, and Windows a diagnostic utility was added that collects information about UEFI BIOS in order to assess the possibility of installing a trusted download software module.

As of June 6, 2018, ViPNet SafeBoot version 1.3 was submitted for inspection to the FSTEC of Russia to confirm compliance with the previously issued certificate No. 3823 on the requirements for the means of trusted loading of the level of the basic I/O system of class 2.

2017

ViPNet SafeBoot certified by FSTEC

On December 5, 2017, InfoTeCS, a manufacturer of software and hardware information protection tools, announced that it had received a certificate from the FSTEC of Russia for the ViPNet SafeBoot software complex. Now the ViPNet SafeBoot trusted download module can be used to build state information systems, personal data information systems and automated process control systems.

The FSTEC certificate confirms the compliance of the InfoTeCS product with the requirements of the trusted download tools Requirements documents (FSTEC of Russia, 2013) and the Protection Profile of the trusted download tools of level of the basic I/O system of the second protection class (FSTEC of Russia, 2013). Certificate of Conformity No. 3823 was issued on the basis of certification tests conducted by the testing laboratory of Information Security Center LLC.

ViPNet SafeBoot is compatible with Aquarius products

On March 6, 2017, InfoTeCS and Aquarius announced the completion of tests for the compatibility of the ViPNet SafeBoot trusted boot software module with Aquarius personal devices.

The compatibility certificate confirms the functionality of the ViPNet SafeBoot software module on Aquarius Pro P30 S19ME (thin client), Aquarius TCC Uvl U30 S25 (device for providing terminal access or for working with virtual environments, VDI), Aquarius Pro P30 K15 (personal computer) and Aquarius Cmp NS765 (laptop).

As a result of the compatibility tests of the ViPNet SafeBoot product with Aquarius platforms, the correct operation of the trusted boot module with Aquarius computer equipment was confirmed, including functions such as two-factor authentication (access delimitation), prohibition of loading from external media, integrity control - UEFI, hardware, files and sectors. It is especially important that ViPNet SafeBoot is a UEFI application that can be installed in the UEFI BIOS without opening the computer case, which makes the product easy to implement and administer. Ivan Kadykov, Product Manager ViPNet SafeBoot

The use of a hardware platform from a Russian manufacturer with built-in software trusted download tools from a domestic developer allows you to achieve the level of information security necessary to work in government and corporate structures that require a secure information environment. The test results confirmed the reliable functioning of a thin client, PC and Aquarius laptop with a trusted boot module built into the UEFI BIOS of our partner, InfoTeCS, which allows customers to offer a wide range of secure IT solutions for different types of workplaces and different types of infrastructures. Alexander Buravlev, Technical Director of Aquarius

As of March 6, 2017, ViPNet SafeBoot is being certified by the FSTEC of Russia for compliance with the requirements of guidelines for trusted download tools of the level of the basic class 2 I/O system.

2016: ViPNet SafeBoot

As of March 6, 2017, ViPNet SafeBoot is a trusted boot software module installed in the UEFI BIOS.

The module is designed to protect PCs, mobile devices, servers (including virtualization servers) from various threats of unauthorized access (NSD) at the stage of loading and attacks on the BIOS.

Purpose:

ViPNet SafeBoot is designed to identify and authenticate users, differentiate access based on roles, and organize a trusted boot of the operating system. The module increases the level of security of devices and computers by:

• BIOS level authorizations, before loading the main components of the operating system;
• Control the integrity of BIOS, protected operating system components and hardware;
• Blocking the download of an abnormal copy of the operating system.

ViPNet SafeBoot can be used in conjunction with other ViPNet products and separately.

Features:

• Software MDC with the ability to install in the UEFI BIOS of various manufacturers.
• Non-deliverability.
• Simplified methods for configuring the MDZ through administration templates.
• Complete integrity control of UEFI by checking the integrity of all its modules.
• Russian product.