FORT Firewall

FSTEC of Russia issued in 2011 certificate of conformity No. 2522 of 12/21/2011 on the software package "FORT". This certificate confirms that the software package "FORT" (ME "FORT") is the software tool of the data protection of limited access processed on the local computer networks with TCP/IP the protocol from unauthorized access from external computer networks conforms to requirements of regulating documents "Computer aids. Firewalls. Protection against unauthorized access to information. Security indicators from unauthorized access to information" (State Technical Commission of Russia, 1997) – on the 3rd class of security and "Protection against unauthorized access to information. Part 1. Information security software. Classifications by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) – on the 3rd level of control and also it can be used during creation of personal data information systems up to 1 class inclusive.

ME "FORT" functions running operating systems of the Linux and MS Windows family. An owner of ME "Fort" is LISSI-Crypto LLC.

The software package "FORT" (ME "FORT") is the software tool of the data protection of limited access processed on the local computer networks with TCP/IP the protocol from unauthorized access from external computer networks, conforms to requirements of regulating documents "Computer aids. Firewalls. Protection against unauthorized access to information. Security indicators from unauthorized access to information" (State Technical Commission of Russia, 1997) – on the 3rd class of security and "Protection against unauthorized access to information. Part 1. Information security software. Classifications by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) – on the 3rd level of control and also it can be used during creation of personal data information systems up to 1 class inclusive. (Certificate of conformity No. 2522 of 12/21/2011).

ME "FORT" provides:

• Access control. ME "FORT" provides filtering at the network layer. The decision on filtering can be made for each network packet independently on the basis of, at least, network source addresses and the receiver or on the basis of other equivalent attributes. In addition ME "FORT" provides:
  • filtering of packets of the office protocols serving for diagnostics and management of operation of network devices;
  • filtering taking into account the entrance and output network interface, as means of authentication of the network addresses;
  • filtering taking into account any significant fields of network packets;
  • filtering at the transport layer of requests for establishment of virtual connections. At the same time, at least, are considered transport source addresses and the receiver;
  • filtering at the application layer of requests to application services. At the same time, at least, are considered applied source addresses and the receiver;
  • filtering taking into account date/time.

• Identification and authentication. ME "FORT" provides a possibility of authentication of the entering and outgoing requests with the methods steady against passive and/or active listening of network.
• Registration. ME "FORT" provides a possibility of registration and accounting of the filtered packets. Parameters of registration join the address, time and result of filtering. In addition ME "FORT" provides:
  • registration and accounting of requests for establishment of virtual connections;
  • local signaling of attempts of abuse of regulations of filtering.

• Administration: identification and authentication. ME "FORT" provides identification and authentication of the administrator of ME "FORT" at its local requests for access. ME "FORT" should give an opportunity for identification and authentication by the identifier (code) and the password of conditional and permanent action. In addition ME "FORT" interferes with access of not authenticated subject or subject which authenticity of identification at authentication was not confirmed At remote queries of the administrator of ME "FORT" for access identification and authentication is provided with the methods steady against passive and active interception of information.
• Administration: registration. ME "FORT" provides registration of an input (exit) of the administrator of ME "FORT" in a system (from a system) or loadings and initialization of a system and its program stop. Registration of leaving the system is not carried out to the moments of hardware shutdown of ME "FORT". Are specified in parameters of registration:
  • date, time and the code of the registered event;
  • result of attempt of implementation of the registered event - successful or unsuccessful;
  • the identifier of the administrator of ME "FORT" shown in attempt of implementation of the registered event. In addition ME "FORT" provides registration of start of programs and processes (tasks, tasks). In addition ME "FORT" provides registration of actions of the administrator of ME "FORT" for change of rules of filtering.

• Administration: ease of use. ME "FORT" provides a possibility of remote control of the components, including, a possibility of configuring of filters, checks of mutual coordination of all filters, the analysis of registration information.
• Integrity. ME "FORT" contains control facilities behind integrity of the program and information part. Control of integrity of a program and information part of ME "FORT" on checksums is in addition provided.
• Recovery. ME "FORT" provides the procedure of recovery after failures and hardware failures which provides operational recovery of properties of ME "FORT".