Ilyushin will create the system of protection against leaks of confidential information for 127 million rubles

On February 26, 2019 it became known that creation of a system of protection against leaks of confidential information in Ilyushin Aviation Complex will perform Ural Center of Security Systems (UCSS) LLC from Yekaterinburg. The company became the winner of competition of aircraft manufacturers, started on January 15, 2019 with the starting cost of lot of 128 million rubles. It unsuccessfully tried to compete with Scientific and Production Association of Computing Systems LLC from Kazan and Informatsionnye sistemy bezopasnosti Scientific and Production Firm LLC from Tomsk.

Information on the contract signed between Ilyushin and UTsSB appeared on the website of state procurements on February 22, 2019. Its price was 127.7 million rubles. Completion date is expected five years — till February 22, 2024.

Solutions at the heart of a protective system

Follows from purchasing documents that a protective system will be created on products of the Circuit of Information Security series of domestic company "SearchInform". Under the terms of the tender the customer assumed that a system will begin to be based on hardware solutions of the Chinese company Huawei. The multinodal Huawei X6800 server, storage system of Huawei OceanStor 2600 V3 and the Huawei 10 GE switches of the S6720-EI series are stated in the specification of the equipment.

In the document there is a mark that the customer allows use of other, similar equipment "with the same characteristics or it is better". Whether the winner of competition seized the opportunity to involve alternative "iron", or its request is focused on Huawei, in public protocols of the tender it is not specified, reported in CNews.

System designation

As it appears from the technical project of tender, the created system will have to provide control of data transmission for 25 thousand employees of head and regional offices "Ilyushina" on a number of channels. Treat like those e-mail, messengers (ICQ QIP MSN Mail.ru Agent Web Whatsapp Yahoo Messenger Jabber), communication client programs (Microsoft Lync Viber Desktop and Telegram Desktop), chats social networks (Facebook"Odnoklassniki" LinkedIn, "VKontakte") FTP Skype.

A system should trace the information obtained and transferred by means of internet- requests, removable devices, printing of documents and connection to cloud to storages (Google Drive OneDrive Office 365 Dropbox Evernote"Yandex.Disk" Cloud.mail.ru).

Besides, a system should perform monitoring of activity of users in the applications started by them, audit of the file system, to check documents for the PC of employees.

In the technical project it is said that a system should provide following features on control of actions of employees: record of events on monitors of controlled RS, record of actions of employees by means of the Internet cameras connected to controlled RS, data writing, entered from the keyboard (including clicking of system keys and their combinations) on controlled RS, a call recording of employees both in office, and beyond its limits using microphones of controlled RS.

Structure of infrastructure of Ilyushin

As it appears from tender documents, for January, 2019 capacity of data transmission channel between the central office "Ilyushina" and its eight branches makes from 10 to 100 Mbps. At the enterprise the directory service is implemented Active Directory, are used mail servers Exchange 2010 and MDaemon, at workstations are set OS Microsoft Windows XP Windows 7 Windows 10.

Besides, on Ilyushin proxy servers Check Point NGFW also terminal servers Microsoft of RDP are involved (Remote Desktop Protocol, protocol a remote desktop), are used antiviruses Kaspersky Endpoint Security different versions in the range of 10.2.1.23 - Kaspersky Anti-Virus 11.0.0.6499 and 6.0.4.1611. Active network equipment is made Avaya, Cisco and Check Point.

Requirements to the created system

The created system of protection against leaks should assume a possibility of installation of the separate module on each of the listed data transmission channels and have the single interface of installation.

Interception of the encoded traffic should be provided both at the level of the PC, and at the level of network gateways. In the first case the agent interceptor of a system should be signed with the digital signature for ensuring its integrity and prevention of a possibility of embedding in it a third-party or malicious code.

Server components of a system should be installed on virtual servers under control of the environment of virtualization Microsoft Hyper-V. For their deployment on each platform physical servers, DWH and a switching equipment for their connection to information network "Ilyushina" should be installed.

The storage module in composition should provide record of the intercepted information in databases under control of Microsoft SQL Server 2008 R2 above.^[1]

Notes