Developers: | Confidant |
Last Release Date: | 2024/11/25 |
Technology: | Information Security - Information Leakage Prevention |
2024
Dallas Lock Compatibility Release 4, Release 5 and Dallas Lock version 1.0.17 with Inferit Hardware
Confidence and Inferit LLC confirmed the correct joint operation of the Trusted download tools of level of the expansion board (SDZ PR) Dallas Lock Release 4 (versions 348.1 and 348.2) and Release 5 and Trusted download tools of level of the basic input-output system (SDZ UB) Dallas Lock version 1.0.17 with INFERIT equipment. This was announced by "Confidence" on December 16, 2024.
Previously, PCs and INFERIT monoblocks were added to the list of compatible equipment. Now the list has been replenished with workstations and motherboards.
Operability of SDZ CR and Dallas Lock FM with INFERIT equipment does not depend on the operating system.
Compatibility of version v1.0.17 with Giant equipment
The companies "Confidence" and "Giant - Complex Systems" conducted tests and confirmed the full compatibility of the trusted download tools of level of the basic input-output system (SDZ UB) Dallas Lock (version v1.0.17) with the equipment "Giant." This was announced by "Confidence" on December 9, 2024.
The operability of SDZ UB Dallas Lock with Giant equipment does not depend on the operating system.
Compatible Equipment List
- monoblock "Giant Altais"
- system unit "Giant Avior"
Compatibility Release 4 (version 348.1) and Release 5 (version 397) with Graviton equipment
Confidence and Graviton conducted tests and confirmed the correctness of the joint operation of the Dallas Lock Expansion Board Level Trusted Download Tool (SDZ PR Dallas Lock) Release 4 (version 348.1) and Release 5 (version 397) with Graviton equipment. Confidence announced this on December 6, 2024.
The operability of SDZ PR Dallas Lock with Graviton equipment does not depend on the operating system.
Compatible Equipment List
- DMB-H610-TMI01 "Ukhta"
- DMB-H610-TMI02 "Ukhta-2"
- DMB-Q670-TMI01 "Yana"
All-in-Ones:
- Graviton M42I
- Graviton M52I
- Graviton M72I
- Graviton M43I
- Graviton M53I
- Graviton M73I
- Graviton M45I
- Graviton M55I
- Graviton M75I
Personal computers:
- Graviton D12I
- Graviton D13I
- Graviton D15I
- Graviton N14I-T
- Graviton N15I-T
- Graviton N17I-T
Dallas Lock 8.0 with integration of the VMS module with the ECU
On November 25, 2024, the update of the Dallas Lock 8.0 information protection system (revision K) 11.4.2.843 was presented. The system was tested, confirming the compliance of updates with the requirements of the regulator. Confidence announced this on November 25, 2024.
The updated version of the NSD NSD Dallas Lock 8.0-K 11.4.2.843 implemented the following improvements and improvements:
- integration of the module for monitoring the connection of removable machine media information (hereinafter referred to as the "SKN") with the Dallas Lock Unified Control Center (hereinafter referred to as the "ECU");
- migration of the modules of the firewall (hereinafter referred to as ME) and the VMS from the Dallas Lock Security Server to the ECU;
- remote registration of hardware identifiers using the ECU;
- improving the mechanism for countering encryption viruses with the ability to restore files;
- Blocking the sending of Windows Telemetry
- Upgrade the Intrusion Detection and Prevention Wizard
- support of protocol commands in ME filters;
- a pre-installed set of application control rules for secure system and application software;
- Unify policy name, scope, default values
- Automatically run a specific application in a Safe Environment
- inclusion of ME rules for processes started in the "Safe Environment";
- other improvements.
Compatibility with Red ADM
Administrators managing the domain using RED ADM can now integrate Dallas Lock Linux into the IT infrastructure. The Trusted product provides advanced tools for configuring security policies, monitoring hardware environment integrity, and managing information rights on devices. This was announced by "Confidence" on October 31, 2024.
As part of the tests, various interaction scenarios between RED ADM and Dallas Lock Linux for operating systems both the graphical environments of the OS firewalls and, VPN as well as system programs, were tested. Experts checked the correct configuration - in ssh,servers OS centralized deployment through a single control center, the performance of the Dallas Lock Linux tool. The stable and correct operation of VPN connections and the firewall possibility of installing and using the program on the AWS has been confirmed.
Obtaining the certificate of FSTEC of Russia
On October 11, 2024, the company Confident LLC announced the completion of certification tests of WAF Dallas Lock, which passed the certification procedure of the FSTEC of Russia and confirmed compliance with the requirements of the regulator.
Certificate of conformity of the FSTEC of Russia No. 4863 dated October 8, 2024:
- protection class 4 ME (IT. МЕ.Б4.ПЗ);
- protection class 4 ME (IT. МЕ.Г4.ПЗ);
- Class 4 of protection of network level EPS (IT. СОВ.С4.ПЗ);
- 4 level of trust (CD 4).
The Dallas Lock WAF is an application-level firewall that protects web servers, web services, and applications from network attacks and unwanted traffic. Includes two functional modules, WAF (Web Application Firewall) and UTM (Unified Threat Management), making it an effective network security solution.
Compatibility v1.0.17 with All-in-One HN-X730 and HN-G700
The company "Confidence" and LLC "Megapolis Telecom Region" confirmed the correctness of the joint work of SDZ UB Dallas Lock (version v1.0.17) and monoblocks HN-X730 and HN-G700. This was announced by "Confidence" on October 3, 2024.
All-in-ones HN-G700 and HN-X730 are 24 "and 27" professional workstations, respectively, included in. register Ministry of Industry and Trade Russia
The Dallas Lock WBS is a trusted loading tool for the base I/O system layer, which is designed to protect information containing information constituting a state secret up to and including "top secret" level and other information with limited access.
It has a certificate of conformity to the FSTEC of Russia No. 4786 dated March 13, 2024.
Compatibility with Rutoken EDS 3.0
The companies "Asset" and "Confidence" conducted tests and confirmed the correctness of the joint operation of tokens and smart cards Rutoken EDS 3.0 (including with a contactless NFC interface) with Dallas Lock information protection systems.
The specialists of the companies "Confidential" and "Active" tested the joint work of tokens and smart cards Rutoken EDS 3.0 for the following Dallas Lock solutions:
- Dallas Lock 8.0 Information Protection System
- Dallas Lock Linux Tamper Protection System
- Information Protection Systems in Dallas Lock Virtual Infrastructures
- Dallas Lock Expansion Board Layer Trusted Boot Tool
- Dallas Lock Unified Control Center
Cryptographic USB currents and smart cards of the Rutoken EDS 3.0 lines provide generation and protected, storage of key information form (electronic signature EP) and can be used as a second factor. authentications USB tokens Rutoken are key media in mass Russian projects based on display technology and public key infrastructure (), PKI which are used for authentications the user.
The use of tokens and smart cards Rutoken EDS 3.0 in MPS Dallas Lock increases the level of protection of user workplaces. This is ensured by a two-factor authentication mechanism.
It is important for us to confirm the correctness of Rutoken devices with the latest versions of Dallas Lock products. Rutoken tokens and smart cards effectively complement partner solutions, increasing the level of security of systems against unauthorized access, said Ksenia Shavrova, Lead Partner and Customer Support Manager, Aktiv Company.
|
2023: Compatibility of Dallas Lock Linux version 3.25.21 with Red OS
The companies RED SOFT and GC "Confidence" continue to work within the framework of a technological partnership and confirm the compatibility of the information protection system of the Dallas Lock Linux NSD version 3.25.21 and the operating system RED OS. Red Soft announced this on July 6, 2023.
NDS NSD Dallas Lock Linux is a certified confidential information invoice type security system designed for autonomous personal computers and computers as part of a local area network running the OS Linux family.
RED OS is a Russian operating system of the Linux family for servers and workstations, providing a universal environment for using application software. The product is certified by the FSTEC of Russia (No. 4060 of 12.01.2019), which confirms its compliance with information security requirements and allows its use in state information systems. RED OS is registered in the Unified Register of Russian Programs.
2022
Dallas Lock 8.0 compatibility with "MyOffice Standartny 2" and " MyOffice Professionalny 2"
On October 3, 2022, MyOffice and Confident confirmed full compatibility of MyOffice products with Dallas Lock 8.0-C, a certified invoice-type system for protecting confidential information and information containing information constituting a state secret up to and including "top secret" level. Read more here.
JaCarta Electronic Key Compatibility
The companies Aladdin R.D.."," a major Russian developer and provider of security solutions, and information security"," Confidant a major Russian developer, certified means of protection information have tested the compatibility and correctness of the electronic keys of the line JaCarta and the Dallas Lock Trusted Download Tool (SDZ) in assembly 348.1. This was announced by Aladdin R.D. on July 19, 2022. The use of hardware tokens will allow you to organize an enhanced two-factor authentication user at Russian facilities where Dallas critical information infrastructure (CII) Lock trusted download hardware is used.
Dallas Lock SDZ is an expansion board level solution designed to protect information containing information constituting a state secret up to and including "top secret" level and other information with limited access. The Dallas Lock SDZ performs its functions (including administering product parameters and viewing the log) before the start of loading the standard operating system. The Dallas Lock SDZ blocks unauthorized boot attempts on an abnormal operating system, and also provides access to information resources if the downloaded operating system is successfully authenticated. Checks the integrity of the hardware and software environment and logs security events.
To start loading the standard OS, the user of the system with SDZ must enter a password. Password-only user authentication is the least secure way to determine the user's authenticity. The use of JaCarta electronic keys from Aladdin R.D. makes it easy to implement enhanced two-factor authentication. A special user ID is stored on a secure USB token chip, while access to it is protected by a PIN code. To log in, just insert the JaCarta key into the free USB connector and enter the code. In this case, the JaCarta key can be used to authenticate the user of one system twice: first, when monitoring access to the loading of a standard OS using SDZ, then - when entering it.
Based on the test results, the companies issued a certificate of compatibility of Dallas Lock SDZ in assembly 348.1 and JaCarta electronic keys of JaCarta PKI models, GOST JaCarta-2, PKI/GOST JaCarta-2, JaCarta SF/GOST. Keys JaCarta PKI, JaCarta-2 GOST, JaCarta-2 PKI/GOST are certified by the FSTEC of Russia and can be used in automated information systems (AIS) up to the 1G security class, state information systems (GIS) up to the 1st security class inclusive and personal data information systems (ISDS) up to the 1st level of personal data security. The JaCarta SF/GOST key is certified for working with information constituting a state secret, with the secrecy stamp up to and including "top secret," and also has a certificate from the FSB of Russia for compliance with KS1 and KS2 protection classes. In all key models, Russian and foreign cryptographic algorithms are supported at the hardware level, and the chips are created on the principle of Secure By Design ("secure design") with built-in protection against all known attacks, hacking and cloning methods.
SDZ Dallas Lock 348.1 is not the first means of protecting information from the company "Confidence," tested for compatibility with JaCarta keys. The possibility of successful joint operation of the devices is also confirmed for the system of protection of information of the invoice type for autonomous and network AWS "Dallas Lock 8.0" editions "K" and "C." "Confidence" is one of the technological partners of "Aladdin R.D." in Russia, the total number of which is approaching 60. The active interaction of Aladdin R.D. with Russian developers ensures the mutual integration of solutions at the level of domestic operating systems, information protection tools and application software, which is especially important for customers who carry out a comprehensive transition to Russian software and hardware as part of import substitution.
Aladdin R.D. has been one of our key technology partners for many years. All Dallas Lock products are tested for compatibility with JaCarta keys. Companies "continued commitment to customer satisfaction allows them to work together to create efficient and reliable information protection systems. noted Sergey Ovchinnikov, Marketing Director of the Information Protection Center of the Confidential Group of Companies.
|
In conditions of instability, when external political and economic factors lead to the rejection of solutions of Western vendors, strengthening the friendship of Russian vendors makes it possible to offer customers an increasing number of domestic solutions of the highest quality. Our long-term cooperation with professionals from Confidence continues to consistently bring its results in the form of joint solutions with the Dallas Lock product line. Customers can be sure that these solutions pass mandatory testing and fully solve the assigned tasks in the field of information security, told Sergey Chelyshev, Head of Integration with Technological Partners of Aladdin R.D.
|
2020
Launch of the LMS module of the information alienation level as part of Dallas Lock 8.0
On June 5, 2020, it became known that the companies "Confidence" and "Asset" developed a joint solution - the SKN module of the level of information alienation as part of the CSR from the Dallas Lock 8.0 NSD.
The Information Exclusion (Transfer) Level SKN module as part of the Dallas Lock 8.0 Information Protection against Unauthorized Access is a joint solution of the Confidential and Active companies, certified by the FSTEC of Russia for compliance with the requirements for the control means of removable machine storage media of the information exclusion (transfer) level - certificate of conformity of the FSTEC of Russia No. 2720.
An integral part of the product is well-established, Rutoken EDS 2.0 Flash designed for strict, and two-factor authentications electronic signature enciphering data on non-extractable keys with the ability to safely store a significant amount of data.
The main advantage of the exclusion level SKN module is the ability to legitimately transfer confidential information to external media. The Dallas Lock 8.0 functionality allows you to work with external USB drives in such a way as to allow information to be transferred only to protected media. This approach makes it almost impossible to leak information through removable drives.
Key features of the solution:
- the module is implemented as part of the full-fledged Dallas Lock 8.0 information protection system with centralized control;
- the user cannot transfer information from a secure drive to a third-party computer without the participation of an information security administrator;
- the solution is suitable for moving information between different security domains (typical for transferring information between branches of the same organization).
According to the State Register of Certified EPIs (published on the FSTEC of Russia website), only Dallas Lock 8.0-K meets the requirements of the FSTEC of Russia for the SCN of the level of alienation (transfer) of information (protection profile IT.SKN.4.PZ). Thus, this is the first and so far the only SCN decision of the level of alienation (transfer) of information in Russia.
The joint solution of the companies "Confidence" and "Asset" is the result of purposeful work to develop certified functionality and expand protection for our customers. We carefully developed, tested and certified a module that is closely integrated into the unified ecosystem of the Dallas Lock 8.0 SMT. Separately, I would like to note that it would be impossible to implement such a certified solution without a reliable manufacturer of hardware identifiers, - noted Yegor Kozhemyaka, Director of the Center for Information Protection of the Group of Companies "Confidential" |
Our companies have been cooperating for many years. At this stage, the partnership has strengthened the creation of a joint product that opens up opportunities for customers to safely work with confidential information. Joint work has shown an excellent professional level of engineers and managers of "Confidence," and product certification is a big and important task, the work on which has further strengthened the ties between our companies. The result is the first product of its kind that meets the requirements of the regulator. First of all, it should interest customers in whose information systems confidential information is processed: state-owned enterprises, authorities, the financial sector, |
Dallas Lock Linux compatibility with Red OS
On April 6, 2020, RED SOFT announced that within the framework of the technological partnership of the company with Confidence, they tested for compatibility of their products. The developers confirmed the correctness of the information protection tool from unauthorized access Dallas Lock Linux (manufactured by "Confidence") on the operating system RED OS (manufactured by RED SOFT). The test results are reflected in a two-sided certificate of compatibility.
Testing for compatibility of Russian software products is an important step not only towards the implementation of the import substitution policy in the field of software, but also towards ensuring information security. RED SOFTWARE and Confidence have worked together in this matter, and are ready to offer the market a comprehensive import-independent solution to ensure security at critical infrastructure facilities, comments Rustamov Rustam, Deputy General Director of RED SOFT
|
In the context of the transition to import-substituting technologies, the demand for domestic solutions increases: it is necessary to transition both existing and newly created information systems to domestic OSs, as well as ensure the security of information. In cooperation with RED SOFTWARE, we create conditions for meeting this demand. In addition to increasing certified functionality, one of the most important areas of development of NSD NSD Dallas Lock Linux is to ensure compatibility with domestic operating systems. This work will continue, commented Yegor Kozhemyaka, Director of the Center for Information Protection of the Confidential Group of Companies
|
2019
JaCarta Key Compatibility
On September 26, 2019, Aladdin R.D. announced that, together with Confidence, it had successfully tested the compatibility and correctness of the electronic keys of the JaCarta line and the invoice-type information protection system for the autonomous and network workstations Dallas Lock 8.0 of the K and C editions, including the NSD, SKN, ME and SOV security modules. Read more here.
Software composition control, Active Directory account management in Dallas Lock 8.0-K
On July 2, 2019, Confidence announced the updated capabilities of the DALLAS LOCK 8.0-K certified assembly.
According to the company, software composition control, improved privileged user management, Active Directory account management, sandbox and other Dallas Lock 8.0-K certified build capabilities.
The Dallas Lock 8.0 information protection system of edition "K" and the environment included in it for the safe execution of applications - "sandbox" - have successfully passed the certification test procedure of the FSTEC of Russia.
The main changes in the certified Dallas Lock 8.0.565.2 assembly affected the following subsystems:
- monitoring of software composition;
- centralized management;
- firewall;
- intrusion detection and prevention.
The information protection system now includes a server component - the Dallas Lock Configuration Server, which implements:
- control over the change in the composition of software (software) on users' computers and control over the integrity of software files installed on computers and servers in the local area network;
- centralized collection of information on the state of the software environment, formation and approval of software passports.
Software passports are certified information and record the reference state of the software environment.
The role model of the Dallas Lock Security Server accounts has been significantly improved. The updated version of the product has the ability to fully administer at the level of a group of security domain workstations. The rights of privileged users (information security administrators) within the Dallas Lock security domain are distributed both by functionality and by group (s). For example, one information security administrator manages removable accounting drives, and the other is responsible for firewall protection in a number of other departments. Each information security administrator uses its own Dallas Lock Security Server console.
The certified version of Dallas Lock 8.0 provides tight integration for Active Directory (AD) user and group management. The information security administrator now manages domain accounts and AD groups directly through the Dallas Lock Security Server console. Accounts created using the standard Windows Server snap-in may not receive real privileges in AD if necessary.
It is also possible to include domain controllers OS Windows in the Dallas Lock Security Domain. This allows you to collect logs from domain controllers protected by SMT, track attempts, NSD set security policies in a unified way with other protected stations.
Improvements also affected the Firewall (ME) module. In particular:
- there is a possibility of "batch" control of ME rules, which allows you to create various patterns from ME rules and switch between them;
- analysis of the protected environment and automatic activation of stricter ME rules in the absence of PERSONAL COMPUTER antivirus updates on the protected environment or in case of violation of integrity control;
- Added information about the possibility of updating signatures and the "blacklist" of IP addresses
- the training mode in terms of creating rules is optimized.
The Confidential Information Protection Center announced the release of the Safe Environment (Sandbox) in July 2018. As of July 2019, Dallas Lock 8.0-K contains an already certified module for secure application execution.
Sandbox is part of the Dallas Lock 8.0 SOV and is an emulator of the software environment, which allows:
- Start and run the software in an isolated, secure environment without changing the OS environment.
- check the Software for dangerous actions in order to determine the degree of trust in such Software;
- generate a report on software activities.
In addition, the sandbox is necessary to implement the requirements established by the Federal Law of 26.07.2017 No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation."
The secure environment does not require separate licensing and is delivered in conjunction with the Dallas Lock 8.0 RMS module. If the customer already has this module and valid technical support, the use of the Secure Environment will be available immediately after the MPS update.
The revamped certified build of our flagship Dallas Lock 8.0-K product has acquired many really useful features. The changes affected almost all subsystems. told Yegor Kozhemyaka, director of the Center for Research and Development of the Confidential Group of Companies |
2018: Creating a "Safe Environment"
On July 27, 2018, Confidence announced the development of a sandbox for the Dallas Lock 8.0 SMT.
In the world of information security, the sandbox is an environment for secure application execution. Any potentially dangerous, "flammable" software can be placed in a software sandbox and safely monitor its actions, as well as run any software and test it in an isolated, secure environment. At the same time, the resources of the operating system will be safe, explained in the company "Confidential."
The secure environment will be part of the Dallas Lock 8.0 IPS and will be part of the Dallas Lock Intrusion Detection and Prevention System (IPS) module. The sandbox is based on partial virtualization technologies that allow you to virtualize the file system and the Windows system registry.
Using the Dallas Lock sandbox, you can:
- check the operation of the software without making changes to the OS;
- obtain a report on the potential danger of software;
- Protect user data from unwanted software.
"Sandbox" is necessary to implement the requirements established by the Federal Law of 26.07.2017 No. 187- FZ On the Security of the Critical Information Infrastructure of the Russian Federation"." In accordance with the approved FSTEC Russia requirements for ensuring the security of significant objects of the critical information infrastructure of the Russian Federation, it is recommended to use an emulator of the operating environment software ("sandbox").
As the developer noted, the use of the "Safe Environment" Dallas Lock is relevant for owners of critical information infrastructures: information systems, information and telecommunication networks, automated control systems for subjects of critical information infrastructures. "Sandbox" is useful for almost any organization. For example, if an object enters an organization's computer via a network or through a removable drive that can harm the entire information system, then its launch inside the sandbox can be considered relatively safe.
According to the information provided by the company "Confidence," the "Safe Environment" will become part of the Dallas Lock 8.0 module and will be delivered together with this product. You do not need to purchase a separate license - if the customer already has the Dallas Lock 8.0 CMF module of editions "K" or "C" and valid technical support, then the functionality of the "Safe Environment" will appear when updating the information protection system. If you have a Dallas Lock 8.0 in your infrastructure without an intrusion detection and prevention system module, you can also purchase it separately.
As of July 2018, a beta version of the product is available for partners and end users of the Information Protection Center of the Confident Group of Companies. The official release as part of the certified version of SMT Dallas Lock 8.0 is scheduled for release in the fall of 2018.
2017
MaxPatrol SIEM Compatibility
Positive Technologies and Confidential announced on August 17 that the results of the tests confirmed the correctness of the joint operation of the system for detecting information security incidents in real time MaxPatrol SIEM with the Dallas Lock 8.0 IPS editions "K" and "C" (including protective modules of NSD, ESD, ME, SOV).
Now users have the opportunity to implement using MaxPatrol SIEM the centralized collection and correlation of information security events generated by the Dallas Lock 8.0 MPS and other security tools installed in the organization. You can read more about this here.
Comrad 2.0 compatibility
On August 3, the development companies Confidant"" NPO Echelon and announced the signing of a compatibility certificate confirming the correctness of the joint operation of the Dallas Lock 8.0 SMT editions "K" and "C" with the event management system information security Comrade 2.0. Support of MPS Dallas Lock 8.0 as an event source - SIEM the Komrad system will allow to organize proper event control in, INFORMATION SECURITY GIS PD systems and. APCS You can read more about the event. here
Inspection control of FSTEC
On April 17, 2017, Confidential announced the completion of the inspection procedure by the FSTEC of Russia in relation to the Dallas Lock trusted download tool with a M.2 connector and VMFS support.
Now the Dallas Lock trusted download tool is available for purchase in three versions: with support for PCI Express, Mini PCI Express and M.2 The[1].
According to Confident, the Dallas Lock SDZ in the M.2 version has a size of 22mm x 30mm, which allows you to provide trusted loading of modern laptops and all-in-ones.
All three Dallas Lock SDZ options now support the VMFS file system for storing VMware virtual machine images. Dallas Lock can be used as part of ESXi hypervisors protection solutions. The operation of Dallas Lock SDZ is supported on any OS using the FAT12, FAT16, FAT32, NTFS, Ext2, Ext3, Ext4, VMFS file systems.
SDZ Dallas Lock is certified by the FSTEC of Russia for compliance with the requirements for SDZ in Class 2 of protection in accordance with the IT.SDZ.PR2.PZ protection profile and Level 2 of control over the absence of NVS. Certificate No. 3666 of 25.11.2016 (valid until 25.11.2019).
As part of the planned update of the Dallas Lock SDZ, a certified centralized management mechanism is expected to be implemented.
Dallas Lock Native Signature Database
The Identity Information Protection Center announced in April the creation of its own signature database for the Dallas Lock intrusion detection and prevention system. The source of signatures is the security threat data bank of the FSTEC of Russia, as well as other open sources of information that the developer considers most relevant in terms of responding to the emergence of new vulnerabilities and code that exploits these vulnerabilities to carry out attacks on computing systems.
Subscription to the Dallas Lock Intrusion Detection and Prevention (IDS) signature database in 2017 is provided free of charge as part of existing technical support. Data Base is regularly replenished - on a monthly basis, Confident specialists check the stand and add the most relevant signatures to it.
SOV Dallas Lock
Dallas Lock is a certified module in the Dallas Lock 8.0 IPS, a hybrid system for detecting and preventing intrusions at the node level in a software version. The solution is certified FSTEC Russia according to Class 4 of EPS protection according to the IT.SOV.U4.PZ protection profile.
A key feature of the Dallas Lock CPS is the close integration of signature and heuristic analysis of network traffic with analysis of operating system (OS) logs. You can create custom signatures. As part of the Dallas Lock SA update, it is also possible to update the alarm settings levels of various detectors, if the user did not independently edit the settings and signatures.
2016
Dallas Lock Trusted Download Tool Passed Certification Tests
In November, Confidence announced that the Dallas Lock Trusted Download Tool (SDZ) had passed certification tests. Certificate of FSTEC of Russia No. 3666 dated November 25, 2016 certifies that the Dallas Lock SDZ of the expansion board level meets the requirements for the FSTEC of Russia for class 2 protection in accordance with the IT.SDZ.PR2.PZ protection profile.
The certificate also confirms the compliance of the Dallas Lock 2 SDZ with the level of NDV absence control, since the specified protection profile includes the requirements for monitoring the absence of NDV as stated in the Guidance Document of the FSTEC (State Technical Commission) of Russia "Protection against unauthorized access to information. Part 1. Information security software: Classification by the level of control over the absence of undeclared capabilities, "1999.
Means of trusted loading (SDZ) - a protective measure to ensure trusted loading of computer equipment. According to Order of the FSTEC of Russia No. 17, in state information systems of classes 1 and 2, this measure is basic. According to the Order of the FSTEC of Russia No. 21, in personal data information systems, if it is necessary to ensure 2 and higher levels of personal data security (PD), this measure is basic.
Dallas Lock SDZ can be used to protect information in automated systems (NP) up to 1B security class inclusive, in GIS of up to 1 security class inclusive, to ensure 1 level of FP security inclusive, in APCS up to 1 security class inclusive.
SDZ Dallas Lock is an expansion board level solution designed to protect information containing information constituting a state secret to the level of "top secret" inclusive, as well as to protect confidential information, including those contained in state information systems and personal data information systems.
Dallas Lock SDZ blocks unauthorized boot attempts of an abnormal operating system (OS), and also provides access to information resources if the downloaded OS is successfully authenticated. Checks the integrity of the hardware and software environment and logs security events.
SDZ Dallas Lock is designed for use on personal computers, laptops, all-in-ones and servers of Intel x86-32, x86-64 architecture. The solution provides full support for the UEFI (Unified Extensible Firmware Interface) interface, which replaces the BIOS. This allows you to perform a trusted loading of the standard OS on modern equipment. Support for the most common file systems has been implemented, including FAT12, FAT16, FAT32, NTFS, Ext2, Ext3, Ext4. Thus, the operation of the Dallas Lock SDZ does not depend on the standard OS used.
The Dallas Lock SDZ product is implemented with support for slots: PCI Express, Mini PCI Express and M.2. The hardware and software with the M.2 connector will be available for purchase after the inspection procedure.
In accordance with the requirements of the FSTEC of Russia on the isolation of SDZ, the resources of the loaded standard OS are not used during the administration of SDZ Dallas Lock. All necessary information is stored in non-volatile memory of SDZ board. The solution supports a wide range of hardware identifiers.
Universal License for Dallas Lock 8.0-K or Dallas Lock Linux
In September 2016, Confidence issued a universal license to use Dallas Lock 8.0-K or Dallas Lock Linux at the user's discretion. An additional option in the company's licensing policy is aimed at supporting organizations that plan to switch to Linux operating systems and is designed to optimize their costs.
According to the Decree of the Government of the Russian Federation of November 16, 2015 No. 1236 "On the establishment of a ban on the admission of software originating from foreign countries"... a ban on the purchase of foreign software for state and municipal needs is established. Later, by order of the Government of the Russian Federation of July 26, 2016 No. 1588-r, a plan was approved for the transition in 2016-2018 of federal executive bodies and state extra-budgetary funds to the use of domestic office software included in the Unified Register of Russian Programs for Electronic Computers and Databases. The transition will lead to a change in the IT infrastructures of state and local governments and will affect, among other things, operating systems and solutions in the field of information security.
by purchasing a universal license, at its discretion, it can use either the Dallas Lock 8.0-K IPS (for Windows) or the Dallas Lock Linux IPS. This will allow customers to continue to legally use SMT when changing the operating system on any of the protected computers. In the case of a regular license, when changing the OS, it is necessary to re-equip workplaces with information protection systems that support work on another OS, which is associated with additional costs. Thus, a universal license provides risk reduction and savings, the company emphasized.
Dallas Lock 8.0 SMT Tested for SafeNet eToken Electronic Key Compatibility
Tessis and Confident conducted test tests, as a result of which the SafeNet eToken electronic keys with the Dallas Lock 8.0 MPS were confirmed to work correctly.
In particular, the certificate confirms the compatibility of the Dallas Lock 8.0 information protection system of the "K" and "C" editions (including the NSD, SKN, ME, CPS security modules) with the SafeNet eToken electronic keys of the 5100, 5105, 5110, 5200, 5205 models, as well as the SafeNet eToken 4100 smart card.
Confidence specialists regularly test the compatibility of Dallas Lock solutions with products from other manufacturers. The list of mutually compatible solutions is constantly updated, which simplifies the work of Dallas Lock users.
In general, the Dallas Lock product line produced by the Information Protection Center of the Confident Group of Companies is a certified software and hardware solutions for Windows and Linux platforms, which are designed to protect against unauthorized access, firewall, intrusion detection and prevention, trusted loading, protection of virtualized infrastructures.
Dallas Lock 8.0 is compatible with Aladdin R.D.
On August 1, 2016, Aladdin RD and Confident announced the completion of compatibility tests for their products.
The certificate of mutual compatibility confirms the correctness of the information protection Dallas Lock 8.0 system of editions "K" and "C" (including security modules of NSD, VMS, ME, CPS) with - USB tockens and smart cards, eToken GOST smart cards, - eToken PRO (Java) USB tockens () eToken NG-Flash and (Java Java eToken NG-OTP). The correctness of the above models on the most common versions of operating systems of the family Microsoft Windows with and above SafeNet Authentication Client 10.0.43 and the Unified Client JaCarta 2.9.0.1531 and above has been confirmed.
USB JaCarta USB MSI Dallas Lock 8.0 editions "K" and "C" (including protective modules of NSD, SKN, ME, СОВ) are also compatible with -tockens and smart cards PKI, JaCarta PKI/BIO, JaCarta GOST, JaCarta PKI/GOST, as well as -tockens JaJflash, Carta/CartaJa The correctness of the above models on the most common versions of operating systems of the family Microsoft Windows with the Unified Client JaCarta 2.9.0.1531 and higher has been confirmed.
MPS Dallas Lock 8.0-K certified by FSTEC Russia for compliance with level 4 of NDV absence control, 5 class of protection against NSD, 3 class of protection ME, 4 class of protection SCS and has a certificate of conformity FSTEC of Russia No. 2720 of 25.09.2012, which is valid until 25.09.2018. The Dallas Lock SMT 8.0-S certified by the FSTEC of Russia for compliance with level 2 of control over the absence of NDV and class 3 of protection against NSD and has a certificate of compliance with the FSTEC of Russia No. 2945 of 16.08.2013, which is valid until 16.08.2019. Certification is carried out for compliance with the new requirements of the FSTEC of Russia for ESD (class 2), requirements for ME (class 2) and SOV (class 4).
Dallas Lock Linux is compatible with Aladdin RD products.
In the spring of 2016, it was announced that the Dallas Lock Linux system with eToken electronic keys was correct.
Certificates of mutual compatibility confirm the correct operation of the Dallas Lock Linux Information Protection System (IPS NSD) (a software complex of information protection tools in Linux operating systems) with USB tokens eToken PRO (Java).
NDS NSD Dallas Lock Linux is a system for protecting information from unauthorized access of the invoice type, designed to protect confidential information, including those contained in state information systems, personal data information systems, automated systems up to and including class 1G, automated production and process control systems up to and including class 1.
NDS Dallas Lock Linux can be installed on personal computers, laptop computers (laptops), servers and hardware with support for virtual environments. Supports the following Linux operating systems: Debian 7.8 (systemd), CentOS 7.0, Red Hat Enterprise Linux Server 7.0, Fedora 20, OpenSUSE 12.3. When used in conjunction with the Dallas Lock 8.0 product designed to protect Windows platforms, it is possible to build a comprehensive information protection system in a heterogeneous environment.
A distinctive feature of the product is its service-oriented architecture, which will allow you to use the NSD NSD Dallas Lock Linux to protect complex distributed systems, taking into account the increased requirements for scalability and manageability.
The product is in the process of certification (decision FSTEC Russia No. 4792 of 19.03.2015), the planned deadline of which is the 2nd quarter of 2016.
The eToken PRO (Java) electronic key is a personal means of authentication and secure storage of user data that hardware supports work with digital certificates and electronic signature.
Linux CCID Driver and SafeNet Aithentication Client 9.0 for Linux are required to correctly operate eToken PRO (Java) USB tokens with NDS NSD Dallas Lock Linux.
NDS NSD Dallas Lock 8.0-K confirmed compliance with the requirements of FSTEC of Russia
NDS NSD Dallas Lock 8.0-K passed certification tests at the FSTEC of Russia in early 2016, confirming the compliance of the new functionality with the requirements of the regulator.
The composition of the Dallas Lock 8.0-K has also been replenished with the Firewall module (ME) and a software solution - a means of monitoring removable machine storage media (SKN).
The Dallas Lock Firewall is a separately licensed NDS NDS Dallas Lock 8.0-K module that performs network traffic monitoring and filtering functions. Supports working with basic network protocols, allows you to set restrictions on the operation of service, application protocols, network interfaces, ports, distribute access levels among users, computers and user groups.
The firewall passed certification tests in class 3 of ME security, level 4 of EOP control. The module is integrated with the NSD NSD Dallas Lock 8.0-K, which allows for centralized deployment and configuration of the NSD and ME functionality from a single common interface.
In turn, the Dallas Lock removable media monitor is a software solution as part of the Dallas Lock 8.0-K NDS NDS, which provides control over the use of removable media. It is part of the NSD IPS, it is not separately licensed, noted in "Confidence." The ESD passed certification tests for Class 4 of ESD protection, Level 4 of EOP control.
SKN is a protective measure that is basic in accordance with the order of the FSTEC of Russia No. 17 in state information systems of classes 1 and 2. To perform this action, you must use certified controls for removable computer storage media.
The results of certification tests also showed the correctness of the joint operation of the NSD NSD Dallas Lock 8.0-K with Windows 10. The new functionality is confirmed by the re-issued certificate of FSTEC of Russia No. 2720 dated 25.09.2012 (valid until 25.09.2018).
2015
Dallas Lock and SearchInform Information Security Kontur Compatibility
Confidence, a Russian integrator of engineering systems and information protection tools, and SearchInform, a Russian developer of information security tools, completed compatibility testing of Dallas Lock 8.0 editions "K" and "C" and "Information Security Kontur SearchInform 4.0" in the spring of 2015. Compatibility is validated for all SearchInform EndpointSniffer platform modules, SearchInform DataCenter Index Management Center, and SearchInform Client.
According to SearchInform research, more than 90% of Russian companies practice delineation of access rights to confidential data. However, it is extremely difficult to implement such a system and monitor compliance with the established rules without specialized solutions. The Dallas Lock program allows you to effectively solve these problems.
The joint use of Dallas Lock and the "Information Security Kontur" allows you to fully ensure the safety of confidential enterprise data.
The Dallas Lock product allows you to protect information from unauthorized access on mobile and stationary computers and servers, distinguish access rights by various methods, audit user actions and monitor the integrity of the file system and firmware environment. Like SearchInform solutions, Dallas Lock is capable of running any Windows operating system.
The information security Kontur SearchInform 4.0 is certified FSTEC Russia for compliance with the requirements to the level of control of the absence of NVA according to the 4th level of control (RD Protection against NSD to information, part 1) and technical specifications 64457145.00001-01 90 01.
The SearchInform 4.0 information security Kontur can be used to create automated systems up to and including 1G security class and to protect information in personal data information systems up to and including class 1.
Updates to NSD NSD Dallas Lock 8.0 edition "K" are available
The updated version is supplemented with new modules - "Firewall," or ME, (license is purchased separately) and "License Server" (module is purchased separately), as well as "Removable Media Monitor," or SKN. Certification tests of changes in Dallas Lock 8.0-K functionality, as well as LMS and ME functionality for compliance with the regulator requirements are being completed.
According to the developers, the "Firewall" for Dallas Lock 8.0-K is a module for monitoring and filtering network traffic. Supports working with basic network protocols, allows you to set restrictions on the operation of service, application protocols, network interfaces, ports, distribute access levels among users, computers and user groups. "Firewall" undergoes certification tests according to class 3 of ME security, level 4 of EOP control.
The "firewall" of the "Confident" company is fully integrated with the NDS NSD Dallas Lock 8.0-K, including the possibility of centralized control of firewall settings from a single control center - the Dallas Lock 8.0-K security server.
In turn, the "Removable Media Monitor" for Dallas Lock 8.0-K is a software solution that controls the use of removable media and the disposal (transfer) of information. Passes certification tests according to Class 4 of ESD protection, Level 4 of EOP control.
Finally, the Dallas Lock 8 "License Server" is a software solution for centralized license management. As an additional tool for centralized information security management, the License Server allows: to reduce the cost of implementing, administering and upgrading Dallas Lock in distributed infrastructures, to purchase and update licenses for Dallas Lock security servers and terminal connections; and optimize comprehensive information security by creating replicable security domains and working with terminal server farms.
This module is recommended for use in a virtualized infrastructure, when building fault-tolerant terminal systems and security clusters, as well as when it is necessary to flexibly redistribute the total quota of Dallas Lock client licenses between Dallas Lock security servers, Confident noted.
In addition to the new modules and functionality of the SKN, the following new capabilities of the NDS NSD Dallas Lock 8.0-K and the "Security Server" are undergoing certification tests within the framework of the IC: joint work of the "Security Server" with the "License Server"; Centralized management of firewalls and SKNs Creating fault-tolerant security domains (replication of Dallas Lock security servers) Integration with SIEM systems Support for HID-Proximity cards for hardware authentication Automatic notification of updates Windows 10 support.
2014: Compatibility with Aladdin R.D.
On June 16, 2014, Aladdin RD and Confident announced the completion of compatibility tests for their products.
Certificates of mutual compatibility confirm the correctness of the information protection system from unauthorized access Dallas Lock 8.0 editions "K" and "C" (a software package of information protection tools in the Windows OS family) with products of the company "Aladdin R.D.":
- smart cards and USB tokens JaCarta PKI, JaCarta GOST, JaCarta PKI/GOST, JaCarta PKI/Flash and JaCarta PKI/GOST/Flash, included in the new product line for strict authentication, electronic signature and secure storage of keys, JaCarta digital certificates;
- smart cards and USB tokens eToken GOST, eToken PRO (Java), eToken NG-FLASH (Java) and eToken NG-OTP (Java);
- A single comprehensive authentication management platform with enhanced integration with web services and cloud infrastructures, SafeNet Authentication Manager (SAM) version 8.0 SP3
- software eToken Network Logon, designed to radically solve the problem of "weak" passwords when working on computers under control. Microsoft Windows
2013: Dallas Lock 8.0-C
The Confidence Group of Companies announced in August 2013 the start of sales of a new version of the Dallas Lock 8.0-C information protection system (Dallas Lock product line) for the development of the Confidence Group of Companies information protection center.
The software has successfully passed certification tests, as a result of which it received a certificate of conformity of the Federal Service for Technical and Export Control of the Russian Federation (FSTEKRossia) No. 2945 of 16.08.2013.
According to the developers, the SSD from the Dallas Lock 8.0-C NSD is generally an extension of the previous version of the 8.0-K and has a higher level of compliance certificate. The main task of the IPS from the Dallas Lock version of the 8.0-C is to ensure compliance with the requirements of the legislation of the Russian Federation to protect limited access information to the level of "top secret." The use of Dallas Lock 8.0-C is possible on stationary, portable and mobile computers operating both autonomously and as part of the LAN.
Among the key features of SMT from NSD Dallas Lock 8.0-C: support for modern 32- and 64-bit OS, including Windows 8 ; Windows Server 2012 Protect mobile computers (laptops and tablets) absence of mandatory hardware; Support for an extended hardware ID list setting security parameters using its own mechanisms independent of. OS
The solution is compatible with other technologies and products to protect information (antivirus, firewall, VPN, crypto providers, IDS/IPS) and application software, as well as the available total cost of ownership - from initial acquisition to implementation and maintenance. At the same time, Dallas Lock 8.0-C offers a simplified way to implement, update versions and manage a tiered security system in distributed information networks (an AD-independent mechanism).
The obtained certificate of compliance with the requirements for the 3rd class of security for SVT against NSD and the 2nd level of control over the absence of NVA allows you to use the NPS from the Dallas Lock 8.0-S NSD to protect: confidential information and state secrets in the NP up to and including the 1B security class; in state IS of the 1st class of security; to ensure the 1st level of personal data security.
The IPS from the Dallas Lock NSD 8.0-K certified by the FSTEC of Russia for compliance with the requirements to the NSD protection indicators to the information on the 5th security class (SVT RD Protection from NSD) and the requirements to the level of control of the absence of NVS according to the 4th control level (RD Protection from NSD to information, part 1) (certificate of conformity No. 2720 dated 25.09.2012).
MPS from the Dallas Lock 8.0-K NSD can be used to create secure automated systems up to and including 1G security class, to ensure level 1 security of personal data and in state information systems of class 1 security class.
The IPS from the Dallas Lock NSD 8.0-S certified by the FSTEC of Russia for compliance with the requirements to the NSD protection indicators to the information on the 3rd class of protection (RD SVT Protection from NSD) and the requirements to the level of control of the absence of NVS according to the 2nd level of control (RD Protection from NSD to information, part 1) (certificate of conformity No. 2945 dated 16.08.2013).
MPS from the Dallas Lock 8.0-C NSD can be used to create secure automated systems up to and including 1B security class, to ensure level 1 security of personal data and in state information systems of class 1 security class.
2012: Dallas Lock 8.0-K
The Information Protection Center of the company "Confidence" announced in the fall of 2012 that the Dallas Lock 8.0-K information protection system from unauthorized access, which received the certificate of conformity of the FSTEC of Russia No. 2720 of 25.09.2012, went on sale.
As noted, the Dallas Lock 8.0-K system, which has replenished the Dallas Lock product line, is designed to protect confidential information from unauthorized access on stationary and portable computers (autonomous and as part of LAN) through local, network and terminal inputs.
Among the main features of the Dallas Lock version of the 8.0-K: support for modern operating systems, including 64-bit; Independence from the hardware platform completely redesigned, innovative interface; compatibility with other information protection technologies and products (antiviruses, firewalls, VPNs, crypto providers, IDS/IPS) and application software; possibility of hardware identification from clients at terminal inputs; Rapid implementation and efficient management of tiered security for distributed information network configurations, regardless of AD a wide range of additional functionality (in addition to the basic requirements of the RD); Optimal total cost of ownership - from initial acquisition to implementation to maintenance.
Like the entire line, the Dallas Lock 8.0-K version has passed the mandatory certification procedure at the Federal Certification Body - the Federal Service for Technical and Export Control of the Russian Federation (FSTEC of Russia). Certification according to the 5th class of security for SVT against NSD and the 4th level of control over the absence of PVA allows you to use the system when creating automated systems up to and including the 1G security class and for protecting information in personal data information systems (ISDS) up to and including class 1.