Dionis (Dionis-DPS)

Main articles:

• Routers (global market)
• Firewall

Dionis DPS is a UTM solution for the Russian IT market. The Dionis DPS acts as a router and firewall, and also has cryptographic information protection (CSI ). This functionality allows you to solve problems of varying degrees of complexity: from providing secure Internet access to employees of the organization to combining many branches of the enterprise into a single secure network with an intrusion detection and prevention system.

Factor-TS application software, combined with the Dionis DPS router, enables the implementation of end-to-end solutions for the entire customer IT infrastructure.

2021

Composition and capabilities of Dionis DPS

As of June 2021, the Dionis DPS includes:

• High-performance router
• Certified Firewall (FSTEC Certificate of Russia IT.ME.A4.PZ)
• IDS/IPS intrusion detection system (FSTEC Certificate of Russia IT.SOV.C4.PZ)
• Cryptosluse for transfer protection data (Certificate of the FSB of Russia KS1, KS3)
• PROXY, DHCP, NTP server, load balancer with QoS support
• Mobile Remote Secure Access Server

Dionis DPS

Dionis DPS protects:

• transmission of data through unprotected public networks;
• automated process control systems;
• video surveillance systems, road safety management systems, smart city systems;
• videoconferencing and telephony;
• corporate network perimeter.

Dionis DPS allows you to organize:

• Geographically distributed secure VPN networks
• Secure Data Center (DPC)
• high-speed and fault-tolerant encryption channel (GOST) up to 10 Gb/s.

The main features of Dionis DPS are:

• A routing speed of up to 100 GB/s on one device allows you to build data centers with a minimum number of border routers.
• Recording all events on the network and alerting the administrator allows you to quickly respond to events on the network.
• Support for dynamic routing protocols (RIP, BGP, OSPF) and multicast routing on lower-end models allows you to build a full-fledged network at no significant cost.
• Software unlimited number of VPN tunnels (up to 4000). Scale your network without buying additional licenses.
• All models support a failover cluster, which makes it possible to organize trouble-free access to the corporate network.
• Supports 1000 Base-T, 1000 Base-SX/LX, 10G Base-SR/LR, G.703 interfaces for network integration with a variety of physical links.
• Two encryption key allocation schemes can be used:
  • symmetrical (Disec tunnels),
  • Asymmetric (IpSec tunnels ).

• Single center for network intrusion detection and prevention analysis and management.

PAK Dionis DPS manufactured by Factor-TS LLC is included in the TORP register

The Ministry of Industry and Trade of the Russian Federation assigned the status of telecommunications equipment of Russian origin (TORP) to the Dionis DPS software and hardware systems on the basis of order No. 1023 of March 26, 2021.

PAK Dionis DPS is a modern UTM solution for the Russian IS market, which has certificates from the FSB of Russia (protection class KS1, KS3) and FSTEK of Russia (IT.ME.A4.PZ, IT.SOV.S4.PZ). The Dionis DPS PAC functions as a router and firewall, and also includes cryptographic information protection (SCSI) and intrusion detection and prevention (POS) tools.

2020: The company "Factor-TS" has re-issued the FSTEC certificate for the firewall "Dionis DPS"

Factor-TS successfully passed certification tests in September 2020 and received the FSTEC of Russia compliance certificate No. 4225 for the firewall and intrusion detection system. The validity of the certificate until February 13, 2025.

PAK "Dionis DPS" meets the requirements of the FSTEC of Russia: for 4 levels of trust, "Requirements for firewalls" (FSTEC of Russia, 2016), "Protection profile of firewalls of types A of the fourth class of protection. IT.ME.V4.PZ "(FSTEC of Russia, 2016)," Requirements for Intrusion Detection Systems "(FSTEC of Russia, 2011)," Protection Profile of Intrusion Detection Systems of the Network Level of the Fourth Protection Class. IT.SOV.U4.PZ "(FSTEC of Russia, 2012). The relevant record is contained in the State Register of Certified Information Protection.

Also, the PAK "Dionis DPS" includes a certified SKZI (class KS1, KS3). The validity of the certificate of the FSB of Russia No. SF124-3623 to 25.01.2022 (will be extended).

The company "Factor-TS," organized in 1992, until recently worked only with state departments, ministries and federal services. Factor-TS enters the commercial market with the updated PAK line "Dionis DPS." We provide highly efficient routers, crypto gateways, firewalls, and client security.

2015

According to information for 2015, Dionis-DPS  is a modern Russian router, certified and FSTEC of Russia, designed to solve the most difficult problems in information networks of any level. Built-in cryptographic information protection allows you to use Dionis-DPS in the networks of various departments to protect personal data and confidential information. 

A wide range, high routing and encryption speeds, combined with powerful functionality, make it possible to use Russian certified Dionis-DPS routers as an alternative to frontier analogues.

Dionysus technology ensures the reliability and performance of data systems protection against unauthorized access. It is a Russian development. Cryptographic information protection tools of Dionysus technology are certified and comply with GOST.

The security server is based on the software and hardware complex (PAC) Dionysus. PAK Dionysus acts as a crypto router VPN, firewall, DNS server, DHCP, e-mail. In addition, depending on the customer's requirements, client program modules are added to PAK Dionysus.

The client of the cryptographic access server DiSec (Disek) connects hosts from an external network to a VPN closed by PAK Dionysus.

Anti-virus protection in PAK Dionysus is implemented using the DiAids (Diades) active virus client, which is located on a Windows anti-virus server ON with Dr. Web or Kaspersky Anti-Virus.

PAK Dionysus software DiSec and encoder use keys with a symmetric distribution system. To create such keys, the Key Generation Center (CBC) is designed.

Remote console DiAdm (Diadm) is designed for remote management of Dionysus nodes. It implements the PAK Dionysus console on workstations running Windows (DiAdmW) or DOS. Connection is possible via IPX, TCP/IP, Modem. There is a free version of DiAdmW software that works only on IPX.

Group Control Center (CGC) is designed for remote control of Dionysus nodes, fundamentally different from DiAdm software. Runs on a PC running Windows. Allows you to centrally manage groups of Dionysus nodes.

2013: Integration with wiSLA

On October 3, 2013, Wellink announced the support of PAK Dionysus for a wiSLA channel quality control system.

ON wiSLA (well integrated) SLA monitors communication channels and IP, VPN collecting performance indicators of services from measuring probes and network equipment. Based on the collected data, the system continuously monitors the quality of services and generates reports. SLA

The advantage of using wiSLA together with PAK Dionysus is a significant reduction in the cost of creating secure corporate data networks with the function of monitoring SLA parameters.

The use of Factor-TS equipment does not require the installation of specialized measuring devices at the points of reading, and customers get the opportunity to control contractual relations with telecom operators along with the function of protecting data networks. The joint solution will improve the quality of video conferencing, telephone services over IP.

2012: PAK Dionysus

Subscriber software

Mail client DiPost (Diplomatic) has the ability to encrypt and EDS letters.

The subscriber station of EDS DiSign (Disain) is designed for EDS and EDS verification of any file. The key generation module (KGM) is designed to create a private key and a request file to the certification center for obtaining a public key certificate.

Subscriber software, independent of PAK Dionysus, is designed to work with any information centers. The SSSI uses a scheme with an asymmetric key distribution. The SSSI requires files: a private key, a public key certificate, a certificate revocation list, a certificate of the certification center, certificates of participating subscribers. Any certification centers operating according to GOST algorithms can be used.

Security Server Dionysus

"The server of safety DioNIS Security Server" - the hardware and software system (HSS) intended for work in TCP/IP networks. PAK Dionysus has interfaces with public switched telephone network (PSTN) channels and with obsolete X.25 and IPX networks. PAK Dionysus functions as the following devices:

• A multifunctional IP router that supports different types of interfaces, IP datagram priority
• a terminal server providing access of a plurality of PSTN subscribers to TCP/IP network resources;
• firewall, including IP filters, NAT/PAT handler, VPN facilities, security violation registration system;
• An IP stream encoder that allows you to close the exchange between VPN networks
• full-fledged DNS, DHCP, e-mail server (SMTP, POP3, IMAP4, LDAP);
• initial web server (HTML only), FTP, databases.

The hardware platform is IBM-compatible computers with Intel processors, made in the industrial version. The software is a stand-alone operating environment built on the principles of a state machine, it does not have security-sensitive components such as a multi-task operating system, a privileged user and the like. The possibility of implementing viruses is excluded. The startup environment is DOS or Linux. Some specifications are listed below.

Interfaces

• IPL (up to 8 ethernet TCP/IP 1000 MB/s);
• SIO (up to 34 asynchronous RS232 115 KB/s);
• X25 (up to 4 synchronous X.25 256 KB/s);
• SYN (up to 8 synchronous V.24/V.35 1.5 Mb/s);
• LAN (up to 4 ethernet IPX 100 Mb/s).

Opportunities

• Routing to any interface type.
• Encapsulation of IP in X.25.
• Access control for PAK Dionysus subscribers, as scheduled.
• Monitor file integrity when the system starts.
• Maximum 4000 subscribers.
• Unlimited number of TCP sessions through the router.

Subsystems

Interhost (MX). Specifies how the mail server works. In addition to supporting the standard SMTP protocol, it has special inter-host directions that ensure reliable delivery of correspondence with the capabilities: delivery, the use of backup communication channels (for example, PSTN). Inter-host directions do not require access to the DNS server. There are mail filters, SMTP filters with black and white lists, address substitution protection.

File-Server (PS). Specifies how the file server works. You can organize an FTP server. You can organize a Web server. Allows subscribers to manage files and directories on both local and network drives. Supports file transaction mode, which allows you to generate a request (transfer a file) and receive a response (get a file) in one communication session.

Databases (DB). Specifies how the full-text database server works. You can organize a directory database with LDAP access. You can access the database through the Web. E-mail subscriptions are available. Synchronization between databases is supported. The internal Gateway (VN), the configuration of the VN allows the use of Dionysus PAC as a gateway between networks with different protocol types (X.25, SIO, LAN, TCP).

Expansions

Authentication. Allows authentication of users by password or with cryptographic protection according to GOST 28147-89 (one-way/two-way). Password matching protection. Archiving. Allows you to archive files and mail passing through PAK Dionysus. Monitoring. Allows recording of all information flow during subscriber operation, including control symbols, files. Antivirus. Lets you scan email and files for viruses and spam.

TCP/IP Configuration

Up to 256 simultaneous TCP connections to PAC Dionysus. SMTP server/client. Supports mail server operation using SMTP. Web Server. Supports HTTP access. DNS server/client. DHCP server. NAT/PAT handler. Allows you to translate IP addresses, TCP ports. Conceals the internal structure of the LAN. Allows you to use a single address to access the Internet.

HTTP-Proxy. Allows you to register requests for Internet resources. IP filters. Screen out unwanted IP datagrams based on the IP addresses of the sender, receiver, TCP port numbers, TCP flags. Extended filtering with analysis of explicitly indicated discharges and offsets is possible. Scheduled filtering rules are available.

Record violations of protection

Static tunnels. Encapsulation of tunneled IP datagrams into transport IP datagrams (protocol type 4) with encryption as per GOST 28147-89. Supports compression of tunneled IP datagrams. Dynamic tunnels. Allows you to organize VPN access for mobile subscribers running on Windows. Meet IPSEC specifications, use the ISAKMP protocol to establish a connection, followed by tunneling.

Allows access by protocol

Telnet to the system in packet and terminal mode; Telnet, POP3, SMTP, and IMAP4 to email LDAP to the directory base; SNTP, synchronize time; SNMP, get configuration; DCP, administer remotely.

PAK Dionysus, depending on the tasks performed, can be equipped with various additional equipment, for example, means of protection against NSD (Accord, Sable), means of hardware encryption (Krypton). The cryptographic protection component of Dionysus technology is certified and has certificates from the State Technical Commission, the FSB. It can be used to protect both confidential information and information constituting state secrets (joint development of NII Energia and NPP Factor-TS).