Magpro's Ideco

Since October, 2011 the possibility of use of the Ideco servers of Magpro GOST-VPN based on the certified CIPF of Magpro Kriptopaket became available to all users of the Internet gateway Ideco ICS to creation of secure channels of communication between branches of corporate network.

This product conforms to requirements of GOST 28147-89, GOST P 34.10 2001, GOST Z 34.10-94 and requirements of FSB of Russia to class KC1 CIPF. It can be used for the cryptographic information protection which is not containing data, being the state secret.

The solution functions at the level of the separate hardware-software device "Magpro GOST-VPN's Ideco" executed based on a CIPF of Magpro Kriptopaket which works running the Debian operating system. The Magpro GOST-VPN's Ideco setup is performed entirely via the web interface of the Internet gateway Ideco ICS.

The CIPF of Magpro Kriptopaket was not built in Ideco ICS.

The hardware and software system Ideco of Magpro GOST-VPN designates a set from two and more hardware-software devices which can be administered via the interface of the Internet gateway Ideco ICS.

Advantages of Ideco of Magpro:

• Convenient web-based graphical user interface of management.
• Simplicity of deployment - the solution is started in the automatic mode and configured in 10-15 minutes.
• VPN connection is absolutely transparent for users. If the user from one local network is connected to computers from another, then his connection is automatically routed through a secure channel and is absolutely transparent for it.
• Single purchase without additional costs in future periods.
• Use of the certified Gostovsky algorithms.
• The number of users of the VPN channel is limited only to the number of the licenses Ideco ICS.

Are included in the delivery:

• the hardware complexes "Ideco of CryptoCom" (by quantity purchased, at least 2);
• USB drives with the software of "Magpro GOST-VPN's Ideco" (by quantity purchased, at least 2);
• 2 forms: on "Magpro OpenVPN-GOST" and on a CIPF of Magpro Kriptopaket.

The control interface of the cryptogateways Ideco of Magpro GOST-VPN is available only to users of the version of Ideco ICS 4.3

Scenarios of application

Need of application of the certified means of cryptographic protection arises in the following cases:

• personal data protection in the organization;
• data protection of confidential character, the subject protection according to the legislation of the Russian Federation - for example if it is about a trade or professional secrecy, the information about the insured persons, etc.;
• data protection in executive authorities of the Russian Federation;
• data protection in the commercial organizations at accomplishment of purchase orders of goods by them or rendering services within the state activity;
• data protection which owner are the state bodies or the organizations executing state orders.

Stages of implementation Ideco Magpro

At the first stage of implementation the Ideco server of Magpro is directly connected by a cable to the selected network interface of the Internet gateway Ideco ICS. At the same time at the Ideco server there has to be a separate network interface card.

At head office Ideco of Magpro the server, and in child divisions — as GOST-VPN client is configured as GOST-VPN. Between the Ideco servers of Magpro the VPN tunnel on which the traffic ciphered using Gostovsky algorithms is transferred is established.

If the employee of one office needs to be connected to the computer which is in other office, this connection automatically is protected.

GOST-VPN the Ideco server of Magpro is also Certificate authority, it releases and performs support of digital certificates. Within accomplishment of basic cryptographic transactions they are open information and along with requests for certificates can be transferred by any unprotected method. Cryptographic keys are a classified information, access to which is closed.

The certificate authority issues the certificate, signs it and further supports him for all lifetime. In case of need the withdrawal of certificates also performs Magpro Ideco server.

On the basis of a request for the certificate in certificate authority the certificate of the client is generated. After it is loaded on GOST-VPN client, VPN connection is established automatically.