IVK Kolchuga

Main article: Firewall

Kolchuga ICS - firewall, communication center, perimeter protection against external information attacks and organization of internal resources of the NPP.

2023: Enhanced intrusion detection and prevention functionality

An updated release of the ICS KOLCHUGA-K firewall manufactured by JSC "ICS" was released with expanded functionality for detecting and preventing intrusions (IDS/IPS) in local computer networks of organizations; primarily in networks connected to external data networks. This was announced by IVK on December 19, 2023.

In connection with the changes, the current certificate of the FSTEC of Russia No. 4357 has been updated. The document includes information about the compliance of the firmware complex with the requirements for intrusion detection systems of the network level 4 protection class. Using KOLCHUGA-K IVC, customers will be able to create secure information systems, including at CII facilities, that meet the current requirements of the legislation of the Russian Federation in the field of information protection.

According to experts, the number of cyberdiversions in Russia in 2023 increased by one and a half times, and the methods and techniques of attacks are being improved. The goals are mainly critical infrastructure enterprises, the public sector or the defense industry, - said Grigory Sizonenko, General Director of IVK JSC. - Therefore, we are constantly increasing and improving the functionality of our products so that they fully meet the needs of customers. First of all, the owners of the critical information infrastructure. "IVK KOLCHUGA-K" is a time-tested software and hardware complex that is used at KII facilities in various industries. This release of the product will increase their protection.

The obtained certificate of the FSTEC of Russia confirms that the software and hardware complex "IVK KOLCHUGA-K" fully complies with the requirements of the current regulatory legal acts of the Russian Federation, and can also be used to implement protection measures to detect (prevent) intrusions in personal data information systems, state information systems, in automated process control systems and at critical information infrastructure facilities.

To use the existing capabilities of ME "KOLCHUGA-K IVC" on already purchased LKNV.466217.002 products, it is necessary to install the PAC software update published on the official website of IVC JSC and purchase an additional license for the right to use the corresponding functionality.

2021

Integration with MaxPatrol SIEM

Positive Technologies and Information Implementation Company on October 5, 2021 announced the completion of the integration of the MaxPatrol SIEM incident detection system with a firewall for protecting limited access data "Kolchuga-K IVC." Product sharing will enhance the ability to detect unwanted inbound traffic on local networks and prevent unauthorized access to information.

Combining the capabilities of the two products will allow companies to better control the security of business-critical information systems, respond quickly to emerging information security threats, prevent attacks aimed at stealing sensitive data, and investigate incidents.

Cyber attacks on public authorities are becoming more frequent and sophisticated. So, according to our study, in the first quarter of 2021, the largest share of attacks (12%) was aimed at government agencies. Moreover, since 2017, they have consistently topped the rating of the most frequently attacked organizations, - said Anton Alexandrov, head of the service and technological partnership development department at Positive Technologies. - The joint solution of Positive Technologies and IVC is primarily relevant for owners of critical information infrastructure, in particular for government agencies, as well as enterprises of the fuel and energy and industrial complex.

As a result of integration into MaxPatrol SIEM, they will be transmitted data from another source - the domestic firewall "Kolchuga-K IVC," and in the future they will be supplemented with information from other connected systems: logs, OS security tools (for example, web traffic,), mails intrusion detection and prevention systems, blocking and DoS blocking systems anti-virus , protective equipment, prevention systems, data breaches proxies servers with control, etc. content

Every year, the frequency and intensity of cyber attacks on the digital infrastructure of the public and commercial sectors are increasing, "said Grigory Sizonenko, CEO of IVK. - Therefore, my colleagues from Positive Technologies and I are constantly developing our products to provide customers with tools for reliable protection against unwanted traffic and unauthorized access. These solutions are now integrated into a single software suite, a key element of the IT infrastructure security platform. If earlier users of our firewall could detect traces of intruders by logs, now a comprehensive solution makes it possible not only to immediately detect and repel an attack, but also to take preventive measures for the future.

Both products are included in the unified register of Russian software, and the correctness of their joint work was checked by Positive Technologies specialists during the tests.

Obtaining the KolaChuga-K IVC line of the Russian FSTEC certificate

On March 4, 2021, it became known that the line of firewalls of the fourth generation KOLCHUGA-K IVC - the development of IVC - received a certificate from the FSTEC of Russia. The software and hardware complex of KOLCHUGA-K information-computing system is designed to protect limited access information. When designing the fourth generation ME ICS KOLCHUGA-K, the developers paid special attention to the development of its user interface and functionality. In particular, the functions of filtering traffic of the application layer for ensuring availability and managing service priorities have been optimized, the interface has become intuitive and ergonomic. The use of KOLCHUGA-K ICS will allow organizations to monitor and filter information flows in accordance with the specified corporate rules.

The owners of the critical information infrastructure are primarily interested in the use of KOLCHUGA-K ICS, who in a short time need to transfer their IT resources to a well-protected technological independent platform. Experts in the field of information security note that cyber attacks on government bodies, enterprises of the fuel and energy and industrial complex, banks, the defense sector, healthcare and transport organizations are becoming more and more frequent and sophisticated. Therefore, we continue to develop the Russian firewall - a software and hardware complex for protecting local networks from unwanted traffic and unauthorized access. It serves as one of the main elements of the security platform of any IT infrastructure, regardless of its scale and complexity. The development of all generations of KOLCHUGA-K ME is carried out on the basis of the domestic independent repository of free Sizif software, which is developing in Russian jurisdiction. noted Grigory Sizonenko, CEO of IVK Group of Companies

As explained, the certificate of conformity No. 4357 dated 29.12.2020 of the FSTEC of Russia certifies that the KOLCHUGA-K firewall developed and manufactured by IVK JSC complies with the documents "Information Security Requirements Establishing Levels of Trust in Information Security Tools and Information Technology Security Tools" (FSTEC of Russia, 2018) - in 4 levels of trust, "Requirements for firewalls (FSTEC of Russia, 2016) and the "Protection Profile of Type A Firewalls of the Fourth Class of IT.ME.A4.P3 Protection" (FSTEC of Russia, 2016). Certification tests in accordance with the new requirements of the FSTEC of Russia were carried out by the Sinclit testing laboratory. NTC Phobos-NT carried out work to assess the compliance of the processes for developing safe software implemented in the IVC with the requirements of GOST R 56939-2016 Information Protection. Development of secure software. General requirements "with the preparation of recommendations for their improvement.

ME ICS CHAINCHUG-K can be used:

• in personal data information systems (ISDS) up to and including level 1 of security;
• in state information systems (GIS) up to 1 security class inclusive;
• in class II public information systems;
• ensuring the security of significant objects of critical information infrastructure (CII) up to the 1st category inclusive.

The KOLCHUGA-K ICV firewall is supplied in four configuration options:

• ME ICS Kolchuga-K K01 - a complex for protection against network threats with ensuring the proper availability of services in networks of large enterprises and data centers;

• Kolchuga-K K02 ME is a compact solution in the Box-PC form factor for protecting information in small enterprise networks or in a branch network;
• Kolchuga-K K03 ICS ME is a solution for protecting information in small enterprise networks or in a branch network. Comes in a 1U form factor for server rack mounting;
• Kolchuga-K K04 ME is a balanced solution for providing protection against network threats in networks of medium-sized enterprises or branch networks.

The key features of the updated list of functional capabilities of the KOLCHUGA-K ME are:

• Automatic generation of filtering rules
• automatic generation of channel width control rules;
• Build a high availability cluster (hot standby)
• support for netflow - a network protocol for accounting for network traffic, which is the actual standard;
• expansion of filtering rules configuration capabilities (filtering at the application level, filtering by geography, filtering based on deep analysis of the contents of the packet data area);
• Securing ports through port knocking technology
• Detect stealth scanning TCP and UDP port operations
• link aggregation;
• Ability to configure filtering rules for IP address groups
• a graphical web interface for managing features and monitoring firewall performance.

The operator receives notifications about information security events, which allows you to quickly respond to incidents.

Embedded software Unified Register of Russian Programs for Electronic Computers and Databases (registration number 413) is included in the KOLCHUGA-K IEC ME.

2012

According to information as of May 2012, the most important element of the platform is IVK Kolchuga, a software package for safely connecting a territorial unit of an organization to the Internet. This system includes a powerful firewall and a set of services to protect the perimeter of an organization and create its secure communication center.

"IVK Kolchuga" is built on the basis of Linux OS and various free software. At the same time, the configurators created by IVK allow you to quickly and accurately configure this most complex system for persons who practically do not even have minimal qualifications in the field of system administration. Currently, several modifications of this product are being produced, including a variant using certified cryptography tools. The IVK company produces hardware and software complexes "IVK Kolchuga" of different performance and for different network environments.