Outpost VPN/FW

Main articles:

• Firewall
• Cryptography

The outpost VPN/FW is a complex of the software products providing protection of corporate information systems at the network layer by means of technologies of virtual private networks (Virtual Private Networks — VPN) and the distributed firewalling (ME, FW).

2020

Compatibility "Zastava-Client « VPN/FW "Outpost, Version 6" with electronic identifiers and smart cards of Rutoken

On December 16, 2020 the Elvis-Plus company, the domestic developer program and hardware of data protection and one of system integrators in the field of information security, reported that together with Asset, the Russian developer of means of information security, the producer of electronic identifiers, electronic keys and solutions for software protection, carried out a series of tests on compatibility of the products.

On the basis of the received results the certificate of compatibility confirming correct work of a software package "ZASTAVA-Client " VPN/FW "OUTPOST, version 6" with electronic identifiers and smart cards Rutoken is issued.

In a research the following devices were used: Rutoken of the EDS of 2.0 (micro), Rutoken of the EDS 2.0 2100 (micro/Type C), Rutoken of the EDS of 2.0 3000 (micro/Type-C), Rutoken of the EDS of 2.0 Flash, Rutoken Lite (micro), Rutoken of S (micro), Rutoken 2151 and smart cards Rutoken of the EDS 2.0 2100, Rutoken 2151. Testing was held in operating environment of Windows.

Developers also confirmed correctness of joint functioning of a software package "ZASTAVA-Client " VPN/FW "OUTPOST, version 6" and EDS intellectual Rutoken device 2.0 Flash in an image of operating environment of Astra Linux Portable on the basis of Astra Linux of SE 1.6 placed in internal a token flash memory.

Pavel Anfimov, Head of department of products and integratsy Rutoken, Asset

Together with our partners we can offer the market the qualitative and demanded systems for solving of tasks of information security. Thanks to correct joint work of our products users have additional opportunities of security when carrying out transactions with a secure access, the regulating authorities conforming to requirements.

Pavel Vlasov, Director of the department of special works, ELVIS-PLUS

Safety of remote access to corporate resources more than ever remains a priority task for each company. In the conditions of mass transfer of employees to remote work user authentication by means of digital certificates and electronic keys is of great importance. Use of smart cards and USB keys Rutoken in the software package ZASTAVA-Client is the synergy of solutions of domestic developers which is increasing security of the solutions provided to our customers and reliably protecting corporate information from unauthorized access.

Compatibility with "Red OS"

Within technology partnership of the company "RED SOFTWARE" and "Elvis-Plus" held testing for compatibility of the products. Developers confirmed correctness of work of the software package "ZASTAVA-Client" (productions ELVIS-PLUS) with operating system RED OS (productions of RED SOFT). The Red Soft company reported about it on December 11, 2020. Results of tests are reflected in the certificate of compatibility.

The information security was always a sensitive topic in the Russian IT. However rapid development of the industry allowed to put on the market reliable products in this direction among which and developments of our partner are ELVIS-PLUS. Expansion of the list of compatibility RED OS according to the results of testing with the VPN agent certified by FSB "ZASTAVA-Client" will allow to propose to customers more than safe import-independent solutions — Rustamov Rustam, the deputy CEO of RED SOFT comments.

In the conditions of the proceeding trend on import substitution the compatibility of products on information security with domestic operating systems is important — the director of the department of special works Pavel Vlasov says. — Thanks to it the Russian market receives the big range of complete cybersecurity solutions allowing customers to create optimal on costs and the protected IT infrastructure constructed on domestic products.

Sotvestimost of Zastava-Client of VPN/FW "Outpost" of version 6 with USB tokens and smart cards of JaCarta

The companies "Aladdin R.D." also Elvis-Plus carried out a series of tests on compatibility of the products. Reported about it to Aladdin R.D. on October 1, 2020.

On the basis of the received results the certificate of compatibility confirming correct work USB- tokens and smart cards JaCarta from Aladdin R.D. with the software VPNFW package "ZASTAVA-Client" / "ZASTAVA", version 6" from Elvis-Plus is issued. In more detail here.

As a part of the protected solution for remote access to objects of KII

On May 12, 2020 the ELVIS-PLUS company presented the protected solution for remote access to objects of critical information infrastructure.

According to the company, for industrial enterprises, the energy companies and other organizations which according to Federal law No. 187-FZ treat subjects of the critical information infrastructure (CII) transition to remote work presents considerable difficulties. At the organization of remote access to technology network of an object of KII it is necessary to fulfill all requirements of regulating documents of FSTEC of Russia and FSB of Russia, to provide full control of actions of users and to completely exclude risks of unauthorized access to critical management systems. For objects of KII use as remote jobs of home computers and own mobile devices of employees is not possible because of high risks of unauthorized access and distribution of a malicious code.

"Outpost shopping mall"

ELVIS-PLUS proposes the complex and most protected solution for remote access to objects of KII which includes:

• the hardware thin client of ZASTAVA-TK agrarian and industrial Complex performing connection to network of an object of KII using terminal access and VDI with high degree of security;
• USB smart cards/tokens ESMART Token of GOST of production of the company ISBC for two-factor authentication and storages keys/certificates of users;
• control system of actions of administrators and users on the basis of the solutions CyberArk Privileged Access Security Solution or IT Bastion SKDPU which provides full control and monitoring of remote connections at accomplishment of tasks of administration and control of functioning of objects of KII.

ZASTAVA-TK allows to be connected far off to a virtual working environment on server farms or to the standard computer of the employee on an object of KII, having saved at the same time all usual corporate information environment. Use of ZASTAVA-TK agrarian and industrial Complex allows to exclude all risks connected with violation of security of technology network of objects of KII, even in the presence of the compromised devices in a home network of employees who can become the base for the attack of malefactors.

To all employees keys and certificates on USB tokens of ESMART Token of GOST are issued for establishment of the protected encoded remote connection of employees to technology network of an object of KII. At the same time the solution does not require local settings at deployment and provides reliable two-factor authentication of users using the GOST smart ESMART Token cards / USB-tokens. ZASTAVA-TK agrarian and industrial Complex does not allow to connect information media to external ports that guarantees lack of a possibility of accidental or intended entering of a malicious code into corporate network and also excludes copying of confidential information on removable mediums.

Settings, security policy change, updating of keys and certificates and also software updating of ZASTAVA-TK agrarian and industrial Complex are made on a centralized basis by means the OUTPOST Management.

ZASTAVA-TK agrarian and industrial Complex works based on the certified FSTEC Russia and FSB of Russia of operating systems Alt Linux SPT 7.0/Viola 8 joint ventures and creates completely closed protected working environment with an opportunity VPN- connections to corporate network.

ZASTAVA-TK agrarian and industrial Complex has the certificate of FSB of Russia on a CIPF on class KC3 and provides protection of traffic due to enciphering of IP packets on the basis of the IPsec AH and/or IPsec ESP protocols according to GOST 28147-89.

Being a part of ZASTAVA-TK agrarian and industrial Complex of software "ZASTAVA-Client" executes traffic filtering and it is certified by FSTEC of Russia as ME of class B on level 4.

Application of ZASTAVA-TK agrarian and industrial Complex in a complex with USB tokens of ESMART Token of GOST and the solution on control of actions of privileged users using means of CyberArk Privileged Access Security Solution or IT Bastion SKDPU allows not only to provide fulfillment of requirements of the Order of FSTEC of Russia of 12/25/2017 No. 239 about prohibition of direct (direct) access to program and to software and hardware tools of significant objects of KII for management (updating) of the persons who are not workers of the subject of KII but also to implement control mechanisms (observations of the executed transactions in real time), registration (fixings of the entered commands, videos of sessions of administration), the analysis of actions (a possibility of carrying out the retrospective analysis and investigation of incidents of cybersecurity) at accomplishment of remote administration and management (control) of objects of KII both employees of external service organizations, and administrators of subjects of KII.

ZASTAVA-TK agrarian and industrial Complex provides the necessary level of information security conforming to requirements imposed to information security tools for security of objects of KII of the first category of the importance, the state information systems (SIS) of the first class of security (K1) and also personal data information systems (ISPDN) of UZ1.

During the global changes happening for May, 2020 in all spheres of our life, very much the particularly important for the organizations becomes reduction of compliance of their activity to the changed conditions. The organizations which will manage to build the processes according to the changed realities have serious chances not only of preserving of the positions in the market, but also on development and growth. Vladimir Akimenko, the head of the Center of cyber security of critical infrastructures of JSC ELVIS-PLUS emphasized

The joint solution Elvis-Plus and ISBC based on the products "Outpost" and ESMART Token GOST

On March 27, 2020 the companies "Elvis-Plus" also ISBC presented the solution for providing safe remote work the employees.

The possibility of operational transfer of employees to remote work is the only way of ensuring continuity of functioning of business and government institutions. The information security systems applied to remote work should guarantee comprehensive security of the protected information and to be the most convenient and imperceptible, "transparent" for users and applications.

The joint solution ELVIS-PLUS and ISBC based on a product line "OUTPOST" and the GOST smart ESMART Token cards / USB-tokens fully conforms to qualifying standards to data protection at remote work. The solution "OUTPOST" which can be delivered also in the form of virtual machines assumes installation in the central office of the company of a failover cluster of the gateways CIPFs "OUTPOST" and command center. To all employees keys and certificates on USB tokens of ESMART Token of GOST are issued for establishment of the protected encoded remote connection of employees to corporate network.

ELVIS-PLUS and ISBC offer several versions of solutions for protection of a remote workplace:

• Installation of a packet of the CIPF SOFTWARE "ZASTAVA-Client" on own or office notebook/computer the employee. The packet contains a distribution kit and settings, necessary for connection, is developed 'in one click'.
• Use hardware-program the ZASTAVA-TK complex as the ready-made solution for a remote workplace. ZASTAVA-TK allows to unroll as fast as possible remote jobs and to be connected to corporate network without installation of additional software on remote computers of employees. When using the thin client of ZASTAVA-TK the maximum level of information security conforming to requirements to the state information systems of GIS K1 and also ISPDN is provided to UZ1 and a CIPF of KC3 level.

The product line "OUTPOST" has all necessary certificates of FSB of Russia and FSTEC of Russia that allows to use them for the organization of remote work of government institutions and large corporations.

ELVIS-PLUS and ISBC companies are ready to provide to all customers creation of secure remote access of "turnkey" employees in most short time.

Information security policy should not be broken at transfer of employees to remote access even at the declaration of high alert. ELVIS-PLUS and ISBC are already prepared by the companies the solutions ensuring information security of the organizations of any scale. Both the large holding, and the enterprises of small and medium business can easily pass to remote access with products of the line "OUTPOST" and the smart ESMART Token cards / USB-tokens, – Sergey Panov, the CEO of AT byuro LLC entering into ISBC Group notes

2017

Compatibility with Assistant from SAFIB

Specialists of the companies SAFIB and "Elvis-Plus" in November, 2017 on the basis of the carried-out tests confirm compatibility of a software package of remote monitoring and management "Assistant" with the built-in means of protecting of remote access with a product of network security VPN/FW "Outpost" providing protection of corporate information systems at the network layer using technologies VPN and distributed firewalling. Results of the conducted researches confirmed correctness of joint work of products of the companies which evidence was a release of the certificate of compatibility.

"Assistant" is the multifunction tool allowing to increase convenience of remote work with the computer equipment and efficiency of rendering technical support at problem solving, arising at users. The system of remote monitoring and management Assistant is intended for the organization of secure remote access, management and administration of the computer equipment and the server hardware in the isolated protected local network or on the Internet.

VPN/FW "Zastava" is a complex of the software products providing protection of corporate information systems at the network layer using technologies of virtual private networks (Virtual Private Networks — VPN) and the distributed firewalling (F) on the basis of Internet protocols of IPsec/IKE. The products VPN/FW "Zastava" work at different hardware platforms, running almost all popular operating systems.

It is expected that the technology union of SAFIB and Elvis-Plus will allow the Russian companies to provide implementation of measures for data protection, the regulators determined by documents in the field of data protection.

Elvis-Plus released "A hardware-software complex of "ZASTAVA-TK"

On July 11, 2017 the company ELVIS-PLUS announced development and certification in FSB Russia (It is certified in FSB of Russia according to requirements to a CIPF on class KC3. Certificate No. Federation Council/124-3150 of 6/30/2017) CIPF "Hardware-software complex of "ZASTAVA-TK". This is the hardware "thin client" certified on class KC3. Provides secure access to corporate resources and the electronic signature.

According to the statement of developers, the information system created using HSC is steady against DDoS attacks, allows to implement business logic for a case of time lack of communication with a possibility of the subsequent automatic synchronization of results with DPC at its emergence.

Main properties of release

• readiness at deployment,
• lack of problems of unauthorized installation of emergency software and connection of external devices;
• opportunity quickly and on a centralized basis to trace and analyze actions of the user, without loading communication channels event traffic.

It is important to note that engineers ELVIS-PLUS in ZASTAVA-TK agrarian and industrial Complex implemented architecture in which it was succeeded to fulfill all requirements imposed to KC3 level CIPF without use of the imposed hardware-software modules of a trusted boot. Pavel Vlasov, the head on development of a product line of ZASTAVA

The developed product provides a secure access and the electronic signature stored and on a centralized basis the processed electronic documents and data. We hope that the product will be demanded in the state and corporate geographically distributed information systems and computer networks in which it is required to provide the centralized processing, storage and data access using cloud computing and VDI with high degree of security. Sergey Akimov, deputy CEO of JSC ELVIS-PLUS

Based on tests the product received the certificate of conformity of FSB of Russia No. Federation Council/124-3150 of 6/30/2017. It certifies, compliance of a product to requirements to means of the cryptographic information protection which is not containing the data which are the state secret and to requirements to class KC3 digital signature facilities.

2016: Tests of the PC "VPN/FW "Outpost" in Tizen OS

On September 21, 2016 the ELVIS-PLUS company announced completion of tests of the PC "VPN/FW "OUTPOST" in software environment of Tizen OS.

Creation and upgrade of the operating protected corporate and departmental networks up to federal, level - one of tasks which ELVIS-PLUS designated for itself. The most difficult aspect at the same time - security of mobile jobs which use creates additional threats and risks for the companies.

Interaction with Outpost in network, (2014)

According to the staff of the company, use of the PC "VPN/FW "OUTPOST" in an environment of the entrusted Tizen operating system allows to raise the security level of telecommunication infrastructure and to create a basis for development of a CIPF of the most high-class protection.

The company reported that during testing of the solution the compatibility of the specified software products was confirmed. The main properties of products of the OUTPOST family are saved when functioning in Tizen OS.

We highly appreciate results of partnership with the Тайзен.ру association created by a number of the Russian companies and organizations, and that it would be desirable to note especially, with direct and active participation ELVIS-PLUS. Full disclosure, support of a broad spectrum of devices, architecture of the operating system which, in our opinion, allows to implement as much as possible requirements of regulators – here main advantages which we saw in the Tizen operating system. Let's try to develop a convenient product which will be demanded by operating organizations – for what high performance, the level of scalability and the due system of centralized operation of the applied means of protecting are an indispensable condition of creation of modern telecommunication system.

{{quote|author =
Andrey Tikhonov, president of association "Tayzen. Ru" One of the most important purposes of association – global development of Tizen for all segments and scopes of application: from IT infrastructure to mobile devices and Internet of Things. For us participation in the project of the leading system integrators and developers of systems and security aids on which crucial things are based is very important. New digital services arise only there and then where and when two key conditions are satisfied: communication and security. Distinctive feature of Tizen OS is the integrated security at which the means of protecting implementing different cryptographic functions are built in the operating system at a low level. Emergence of a product, joint with JSC ELVIS-PLUS, is one more confirmation of prospects and demand of the solutions based on use of Tizen OS.

2013: The outpost is Crossbeam RT

The ELVIS-PLUS company and Crossbeam RT joint venture brought in the fall of 2013 to the Russian market the solution for security of network which "OUTPOST" based on the hardware-software Crossbeam RT X-серии platform combines a product line of information security. "ZASTAVA-Crossbeam RT" it is intended for protection of networks of large enterprises and organizations.

Distinctive feature of the solution – wide use of key features of the hardware-software Crossbeam RT X-серии platform:

• the increased performance due to consolidation of computing modules in a single virtual platform (one or several within one hardware platform);
• consolidation of several devices of information security support on one hardware platform;
• the increased fault tolerance due to use of modular structure (duplication of power modules and management of the platform, network and computing modules).
• The product "ZASTAVA-Crossbeam RT" consists of the VPN gateway which implements enciphering on GOST algorithm, and the firewall. At the expense of the high performance of the Crossbeam RT platform capacity reaches 10 Gbit/sec. when enciphering traffic.

The product implements L3VPN and L2VPN technologies. The first provides interaction of gateways at the level of IP networks. The second technology allows to integrate geographically distributed platforms at the data link layer and also to simplify procedures of a configuration of devices of enciphering and routing of traffic.

The product "ZASTAVA-Crossbeam RT" has potential of centralized operation and administration. Management more than 8,000 nodes in real time is at the moment supported. Administrators of systems have an opportunity to configure flexible rules on work with zones, to create politicians of firewalling for certain users and also to manage access for users to corporate information resources, using the user-friendly graphical interface.

2012

Outpost 5.3

The software package "VPN /a FW OUTPOST" version 5.3 is means for data protection and security of corporate information systems at the network layer using technologies of virtual private networks (VPN) and the distributed firewalling on the basis of Internet protocols of the IPSec family. In the new edition the product supports a broad spectrum of operating systems, conforms to international standards of ensuring safe network interaction and also requirements FSB Russia to firmness of cryptographic (cryptographic) means of class KC1 or KC2 depending on a complete set.

Application of electronic keys of eToken together with "VPN/FW ZASTAVA" of version 5.3 provides safe storage of key information and allows to organize effectively strict two-factor authentication of users during creation of the protected VPN access to corporate information resources. Results of tests were confirmed with the certificate testimonial of full compatibility and correct work of electronic keys of eToken PRO 72K (Java), eToken PRO/32K, eToken PRO/64, eToken NG-FLASH, eToken NG-OTP with the solutions "VPN/FW OUTPOST".

The OUTPOST 5.3 family includes software agents ZASTAVA-Client and the Outpost Office which are established, respectively, on personal computers and gateways of the protected information system. The third product of family, the OUTPOST Management, in the remote mode provides the centralized administration and operational management of agents, their security policies.

Products of the OUTPOST 5.3 family work at different hardware platforms, running almost all popular operating systems.

In more detail about new opportunities of the products OUTPOST 5.3:

• Performance of processing of packets (in comparison with version 5.2) more than is increased by 10%.
• Full support of multifactor authentication of users using PKCS#11 2.10 and above compatible tokens: eToken, Rutoken and also program emulation of a token on a diskette or the hard drive. Support of the Russian cryptography according to PKCS#11 2.30 is implemented.
• Support of a cluster configuration of the hardware and software systems OUTPOST. OUTPOST 5.3 provides to a HSS high availability (High Availability, HA) the protected information systems.
• Version 5.3 can be set on Windows the Server 2008, Windows Server 2008 R2 systems Windows 7, Windows Vista, Windows Server 2003, Windows XP (x86 of x64), Solaris 10 (x86, x64), Linux ALT 4.0 Server, other OS of Linux satisfying to LSB3.1 standard.
• The products OUTPOST are certified by FSTEC of Russia on the 2nd class of security of firewalls and the 2nd level of absence control of not declared opportunities and also on the 3rd class of security of firewalls and the 3rd level of absence control of not declared opportunities according to RD State Technical Commissions of Russia. Products can be used (and are recommended by some departments) for personal data protection up to 1 category inclusive.

The firewall on a hardware platform of ARM

ELVIS-PLUS companies and joint stock company-Sistems announced in June, 2012 creation of a prototype of the compact hardware and software system (HSS), based on the products VPN/FW "ZASTAVA" (OUTPOST Office) and the multifunction IP-Plug Plug-computer.

Thus, along with already existing a HSS the OUTPOST of different performance, using Intel processors and RISC of architecture, the HSS model on the processor of architecture Advanced RISC Machines (ARM) appeared.

New compact a HSS the OUTPOST are held for use as the corporate firewall with functions of package filtering, broadcast of the addresses, and as the VPN device working under protocols of IKE/IPsec. They provide reliable confidential information protection and personal data, are effective in information systems of average and small scale, can be used for protection even of separately located computers.

The hardware platform of a HSS (the multifunction IP-Plug Plug-computer) is equipped with the Marvel ARM processor, has up to 1 gigabyte of RAM, and to 4 gigabytes of solid-state NAND of memory on which the operating system and the software is placed.

The device can be completed two 1GB Ethernet (10/100/1000) with interfaces and two USB interfaces 2.0 (Host) that allows to use it as the firewall and VPN of the agent in network infrastructures of a difficult configuration. Very modest dimensions (118*76*43 mm — the size about two cigarette packs), low power consumption and a constructive opportunity to turn on the compact server directly in the electric socket (like the charger for the mobile phone), allow not to worry about selection for it specially equipped place.

The complex works running the operating system of ALT Linux 6.0. Functions of firewalling and the VPN organization are implemented by the software the OUTPOST Office having the FSTEC certificate.

Indicators of capacity of a HSS allow to provide simultaneous access to the protected resources of dozens of external users, without noticeable increase in response time.

Previously set and configured by software provides high degree of readiness of a complex. Only the minimum of the settings considering features of IT infrastructure of the customer is necessary for his input in operation. These settings, following the simple instruction, the user even of low qualification is capable to execute. Change of the security policy which is originally set on a HSS is made far off and on a centralized basis from Command center on the basis of the product "OUTPOST Management".

2011

Outpost 6

On October 4, 2013 the Elvis-Plus company provided VPN/FW "Outpost" of version 6 – the first domestic product, completely on the basis of IKEv2 protocol (one of a set of protocols IPsec which is responsible for safe transfer of cryptographic keys between the parties of VPN connection). Thanks to the fact that the new version is based on international standard IKEv2 performance and safety of system operation increased.

Enciphering in the version

IKEv2 has several key advantages in comparison with IKEv1 (on which Outpost 5.3 is constructed):

• more flexible use of cryptoalgorithms is allowed;
• protection against the DoS-attacks is improved;
• load of network infrastructure and the hardware decreases;
• reliability of work of the protocol in conditions when the probability of loss of network packets is high grew;
• use of IKEv2 expansions is possible (for example, QCD and IKE Fragmentation).

The system of centralized operation is significantly processed by the products "Outpost". One of key advantages of the updated system of centralized operation Outpost 6 is the best scalability which is reached thanks to a domain system. It is especially relevant for large-scale (several thousand agents) and geographically distributed networks. Such system allows to integrate agents Outpost in domains on different signs (for example, geographical or on belonging to a certain division) and to set operation parameters for each domain separately. "Outpost Management" of version 6 will also allow to appoint administrators who will have powers only in the domain and to transfer a part of processes of management of certificates, storages of keys and recording to domain level.

The new version is completely adapted to modern OS (Windows 7 Windows 8 Windows Server 2008 ALT Linux 6.0 — both in 32-, and in 64-bit execution), passed a stage of preliminary testing on these platforms. Full compatibility with the previous SOFTWARE Outpost versions is provided.

Main differences

In comparison with the previous version tools of the analysis and recording are improved:

• recording parameters for the best analysis of the arising problems are improved (a format and detail of the message;
• work with several magazines at the same time;
• priority of local settings of recording that reduces load of Zastava-Upravleniye operator at the problem resolution).

The event log can be transferred to the SIEM systems of different producers for the further analysis.

Opportunities for work with the current connections are expanded:

• viewing parameters of active IKE and ESP connections,
• removal of active connections,
• sorting and selection of active connections.

When using the encryption algorithm GOST scaling allows to receive capacity to 10 Gbps.

Tests of functions of firewalling of the VPN/FW ZASTAVA version 5.3 complex

On December 22, 2011 NR together with ELVIS-PLUS company announced completion of the next testing of the software package "VPN/FW "ZASTAVA" version 5.3" implementing functions of firewalling and cryptographic protection of a communication channel on the basis of the IPSec protocol.

ELVIS-PLUS and the Russian representative office of Hewlett-Packard is the joint work purpose selection of the server configuration allowing to reach the high performance of a complex of cryptographic information protection "VPN/FW "OUTPOST" version 5.3".

On the next test stage data transfer rate was determined by the secure channel of communication organized using the software package "VPN/FW "ZASTAVA" version 5.3" set on servers HP ProLiant with 10-gigabit network interface cards. Existence of ports of 10 GB of Ethernet allowed to solve a problem of limitation of network connections. During testing capacity of the encoded channel was defined, its dependence on characteristics of processors and quantity of the used cores was established.

Testing was held in the remote mode at the stand located at the central office of HP company in To Moscow (Russia). For testing the HP servers of ProLiant DL380 G7 running ALTLinux OS equipped six-nuclear processors Intel® with Xeon® X5660 (2.80 GHz) and 10-gigabit network interface cards were used. During testing system performance in the mode decided firewall on enciphering of traffic according to GOST 28147-89 algorithm and also, on control of integrity of packets by means of hash value calculation in accordance with GOST P 34.11-94.

At system testing in the Firewall mode without enciphering of the transferred traffic capacity of data transmission channel made 9800 Mbit/sec.

When enciphering traffic on GOST 28147-89 algorithm using a cryptocore of Crypto Pro CSP 3.6 average capacity of a secure channel of data transmission made 1740 Mbit/sec., maximum reached 2260 Mbit/sec.

The load of processors during tests to enciphering of traffic was close to 100%. The load of main cores during tests was uniform, at the same time, system performance linearly depended on number of the involved main cores.

The performance measures of the software package "VPN/FW "ZASTAVA" version 5.3" on HP servers of ProLiant DL380 G7 recorded during testing are recognized conforming to requirements imposed to security systems of such level including the systems of personal data protection.

Results of testing can be used when planning of systems integrated to the VPN/FW ZASTAVA version 5.3 complex, including, data networks and external connections of the client equipment.

The next stage of works is determination of performance "VPN/FW "OUTPOST" version 5.3" on ProLiant HP servers with four multi-core processors.

Tests of the VPN/FW OUTPOST complex of version 5.3

In April, 2011 it was announced a successful completion of tests of the software package "VPN/FW OUTPOST" of version 5.3 with means of authentication and storage of key information of eToken. The certificate received as a result of testing confirmed correct work and full compatibility of products.

Certification of a complex "VPN/FW "OUTPOST, version 5.3"

In March, 2011 VPN/FW "OUTPOST, version 5.3" in the system of certification of means of cryptographic information protection of POCC.RU.0001.030001 FSB of Russia was announced completion of certification of a software package ". The new version of the famous family of the OUTPOST software products having designation "VPN/FW "OUTPOST, version 5.3" received the positive decision of the expert organization about compliance to requirements of FSB of Russia to cryptographic (cryptographic) means for classes KC1 or KC2.

Advantage of the new version of a product is its compliance, on the one hand, to international standards of ensuring safe network interaction, and with another - to requirements of the Russian legislation for use of cryptographic means. Therefore the version of a product certified by FSB provides to customers the ready-made solution allowing to integrate organically a product into any information systems without the need for obtaining the additional conclusions about correctness of embedding and providing complete legitimacy of its use for confidential information protection including personal data now.

Other indisputable advantage is the broadest spectrum of options of execution and a complete set to which action of the certificate extends. The product works running the Solaris 10 operating systems for ia32 and h64 platforms, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 for ia32 and h64 platforms, ALT Linux 4.0 Server, ALT Linux 5.0 Ark, other hardware-software environments satisfying to the LSB 3.1 standard for ia32 platform.

The products OUTPOST are also certified by FSTEC of Russia on the 2nd class of security of firewalls and the 2nd level of absence control of not declared opportunities and also on the 3rd class of security of firewalls and the 3rd level of absence control of not declared opportunities according to RD State Technical Commissions of Russia. Products can be used (and are recommended by some departments) for personal data protection up to 1 category inclusive.