C-Terra Post

Post - a product for protection of remote access. In its basis technology of the organization of an environment of the entrusted session (SPDS).

The SPDS technology provides at remote access a trusted boot of complete information environment and the isolated network connection with the application server.

Information security tools are a part of an environment for the organization of the entrusted session:

• Special Boot Carrier (SBC) with a capacity from 1 to 4 GB. Construction of SZN guarantees integrity placed on the data medium and the software.
• Hardware authentication
• The Functioning Environment (FE) of the application software on the basis of specially prepared Linux OS (CentOS 5). As a part of the Federation Council means of cryptographic information protection "C-Terra the Gateway", "with Crypto Pro 3.6" work.
• The application software – the web browser, the client of terminal access on the basis of the RDP protocol.

The standard of a working environment is loaded from the protected carrier. Strict two-factor authentication of the user, cryptographic protection of traffic is provided. All traffic of a workplace of the user is protected on the basis of IPSecVPN technologies.

C-Terra Post it is compatible to all products of S-Terra CSP company.

Representation of SPDS "Post" (2012)

Characteristics

• Operating system: Linux (CentOS 5).
• Preparation of a packet of settings using a management system.
• Intellectual tracking of availability of partners of exchange (DPD).
• User authentication and loading of security policy at start of the operating system.
• The integrated network screen.
• Protection of traffic on the basis of enciphering of packets under the IPsec AH and/or IPsec ESP protocols.
• Support of transport and tunnel operation modes within protocols of IPsec.
• Ensuring package traffic filtering using information in fields of headings of network and transport levels.
• Possibility of obtaining certificates and CRL under the LDAP protocol.
• The managed event recording (syslog).
• Monitoring of global statistics on the SNMP protocol, compatibility with CiscoWorks. MonitoringCenterforPerformance 2.0.2, being a part of CiscoWorks VMS 2.3.
• Transparency for work of QoS service.
• Support of encapsulation of a packet of IPSec in UDP (NAT traversal).
• Compatibility with PKI and LDAP services of foreign and Russian producers.
• The product is intended for access or to terminal applications, or Web applications.
• USB interface: 2.0.
• The body in a format an USB carrier flash.
• Power consumption is 2.5 W.

2015: Testing of integration from Rutoken PINPad

On October 28, 2015 the companies S-Terra CSP also "Asset" announced completion of testing of the joint technological solution of security of procedures of the electronic signature in the browser.

Testing is held on the basis of joint work when using the tool of the organization of the entrusted Post environment and the device of the class TrustScreen - Rutoken PINPad.

Application of the electronic signature (ES) becomes safe for the user because in the solution four components are at the same time integrated:

• the entrusted operating environment
• VPN certified C-Terra
• hardware module of the electronic signature Rutoken PINPad with not taken private keys
• Rutoken Plagin ensuring reliable functioning Rutoken PINPad in the browser.

"The new solution provides not only safe confirmation of the EDS, but, due to Sterr VPN'S application, protects the data coming to Rutoken PINPad for the signature, and access to network of the organization, – Hristofor Gazarov, the technical director of S-Terra CSP LLC noted.-If this solution to implement for all client network of bank, then the bank receives exact confidence in truth of user authentication, and the client – the guaranteed authenticity of the signed data".

Rutoken PINPad with not taken keys visualizes data before the signature and demands their confirmation on the separate screen. The C-Terra Post provides the isolated entrusted communication session of the user with the server, protecting it resistant GOST cryptoalgorithms. Protection is executed, both at the level of the operating system, and at the level of the browser.

"I am very happy with this work and partnership with S-Terra CSP company. Both banks, and their clients are undoubtedly interested in reliable methods of protection against any fraudulent activity. And we are glad that through joint efforts we can propose to them the solution which is really providing the maximum level of security", – Dmitry Gorelov, the commercial director of Aktiv company said.

Compatible products have certificates of FSB of Russia and FSTEC of Russia and can be applied in systems to which increased requirements to security according to the Russian legislation are imposed.