Developers: | S-Terra CSP |
Last Release Date: | 2020/04/07 |
Technology: | VPN - Virtual Private Networks, Information Security - Encryption Tools |
Content |
S-Terra Gateway (CSP VPN Gate 100B) is a software and hardware complex for ensuring the network security of a corporate network of any topology, with any number of tunnels.
S-Terra Gateway protects and filters subnet traffic passing through it and protects the traffic of the security gateway itself.
2024: Integration with SKDPU NT Compact
The companies "iT Bastion" and "S-Terra CSP" have created a solution within the framework of a technological partnership to ensure the safe management of remote nodes of the geodistributed business infrastructure. This will allow companies to control remote access not only to remote network segments, but also to dedicated individual nodes with a weak communication channel through an encrypted channel, prevent unauthorized actions by users in them and comply with information security requirements. About this "iT Bastion" reported on February 8, 2024.
The solution is based on the joint work of the RAM-system "SKDPU NT Compact" and VPN-products: the crypto router "S-Terra Gateway" and the compact crypto gateway "S-Terra Unit." Read more here.
2022
Integration with "SCADA NT" system
iT Bastion and S-Terra CSP have entered into a technology partnership agreement to integrate their solutions. The first step of cooperation was the development of a solution for secure controlled remote access to the enterprise infrastructure with control and monitoring of user actions. This was announced by the company "S-Terra CSP" on September 28, 2022. The solution is based on the joint work of S-Terra VPN products (S-Terra Gateway and POS-Terra Client crypto router) and the SCDPU NT Complex from iT Bastion. Read more here.
Compatibility with Sakura complex
S-Terra CSP and IT Expertise have developed a solution for organizing a controlled secure connection of remote users to the corporate network and implementing the concept of network access control (NAC1) (or network access with zero trust ZNTA2). The IT-Expertise company announced this on June 21, 2022. Read more here.
2021: Plans for the release of modifications based on the ATB-Atom platform
S-Terra CSP"" - a developer of certified network security tools - and ATB Electronics"" - Russian a manufacturer of electronic devices - signed an agreement on the first supply of domestic hardware platforms ATB-Atom"," on the basis of which modifications of security gateways with GOST-S-Terra enciphering Gateway will be created. The S-Terra CSP company announced this on March 23, 2021.
The created alliance contributes to import substitution development in the Russian market. information security Certified FSB of Russia VPN S-Terra locks consisting of in Unified Register of Russian Programs for Computers and Databases will receive the Russian server part of ATB-ATOM, work on the inclusion of which in the Unified Register of Russian Electronic Products for Ministry of Industry and Trade Russia March 2021 is already underway. Also launched the process of certification "S-Terra Gateway" on the AP "ATB-ATOM" as v. firewall FSTEC of Russia
We try to provide a choice for our customers by expanding the range of hardware platforms used in the production of C-Terra security gateways. Mikhail Ivanov, CEO of S-Terra CSP, comments on the event. - ATB-ATOM is produced in Russia and will soon enter the register of the Ministry of Industry and Trade. This means that the S-Terra Gateway on the Russian hardware platform will be used more often by KII entities, state and budgetary institutions to protect their information infrastructure. And given the attractive cost of the product, independent of the exchange rate, we can accurately predict sales growth. |
"ATB-ATOM is a single-board computer developed by our company on the basis of the ATOM processor - comments Sergey Dementiev, General Director of ATB Electronics. - We see cooperation with S-Terra CSP as an example of productive cooperation in the Russian market: two developers create a complex product that is in demand and meets the highest customer requirements. We are glad that the prospect of cooperation between developers and manufacturers is becoming a reality in those industries that were previously fully occupied by foreign counterparts. It is on the basis of cooperation and cooperation that we will be able to build a self-sufficient Russian electronics market. |
It is planned that the S-Terra Gateway security gateways on the Russian ATB-ATOM hardware platforms will be available for purchase in the IV quarter of 2021. So far, we are talking about the manufacture of only younger models of the line, "S-Terra Gateway 100." In the future, expanding cooperation to other models is considered.
2020: Announcement of Secure Remote Access Solution
On April 7, 2020, S-Terra CSP announced that it had specifically developed a solution for providing secure remote access using software products: S-Terra Virtual Gateway, S Terra Client, S-Terra KP. In special cases, when installing a software client on a device is impossible, it is recommended to use a hardware and software complex - a miniature user security gateway S-Terra Unit.
When transferring employees to remote work, it is important to provide them with secure access to corporate information resources. This became obvious to everyone who is forced to work from home, observing the recommended self-isolation regime. In a situation where employees turn to company resources from their home computers and laptops, from personal mobile devices, the issues of data security are especially acute.
Using the C-Terra solution, you can be sure that all regulatory requirements for data transmission protection have been met and security will be ensured. The C-Terra product line has traffic protection tools for both computers and laptops running OS Windows and, Linux as well as mobile devices with any operating system, even Android the iOS most modern version. We tested this solution first-hand, transferring our employees to "remote," - noted Arkady Pyslaru, commercial director of S-Terra CSP |
The S-Terra solution can be used both in small networks, up to 10 remote workplaces, and in large-scale networks, with thousands of employees working remotely. In the central office, in a virtual machine created in the hypervisor, a C-Terra Virtual Gateway is installed, which aggregates client connections on itself, as well as a centralized control system C Terra KP. Distributions C-Terra Client (for all current versions of Windows OS), or C Terra Client A (for Astra Linux SE OS), or C-Terra Unit (for any OS) are installed on remote user workstations. Software clients can use any suitable connection option (Ethernet, Wi-Fi, 4G modem). S-Terra Unit supports both wired and wireless (WiFi, 3G/4G) communication channels.
2019
Compatibility C-Terra Gateway version 4.2 with USB tokens and JaCarta smart cards
On December 24, 2019, Aladdin R.D. announced that it had signed certificates with S-Terra CSP for the compatibility of its products.
The documents confirm the correct operation of JaCarta electronic keys with software complexes "S-Terra ESR ST Gateway. Version 4.2, "" S-Terra Client ST. Version 4.2, "" S-Terra Client-M. Version 4.1, "" S-Terra KP. Version 4.2 "and" C-Terra Gateway. Version 4.2. "
In particular, with the products "C-Terra Gateway ESR ST. Version 4.2, "" S-Terra Client ST. Version 4.2, "" S-Terra KP. Version 4.2 "and" C-Terra Gateway. Version 4.2 "can USB be used -tockens smart cards and JaCarta PKI, JaCarta PKI/GOST and JaCarta-2 PKI/GOST. Testing was performed using ON "JaCarta Single Client" version 2.12 or higher for "C-Terra Client ST. Version 4.2 "and" S-Terra KP. Version 4.2 "and IDProtect Client software version 6.37 or higher - for" C-Terra Gateway. Version 4.2 "and" S-Terra ESR ST Gateway. Version 4.2. "
From PC "S-Terra Client-M. Version 4.1 "JaCarta PKI and JaCarta PKI/GOST electronic keys were tested in the microSD form factor.
TrueConf Server Compatibility
On March 29, 2019, the company TrueConf announced that it S-Terra CSP had jointly conducted joint tests with "," upon completion of which the system video conferencings TrueConf was certified to work with VPN S-Terra Gateway products and. S-Terra Client More. here
Testing as part of the system for quantum protection of data transmission to the VOLS of Rostelecom
On January 29, 2019, Rostelecom announced that it had successfully conducted the second stage of testing domestic equipment and solutions for organizing quantum protection of data transmission on an existing fiber-optic communication line (FOCL). The test participants were the Russian Quantum Center (RCC), QRate and S-Terra CSP. Read more here.
2018
Obtaining an FSTEC certificate
On August 22, 2018, S-Terra CSP announced that it had received the FSTEC certificate for S-Terra Gateway version 4.2.
The certificate certifies that "C-Terra Gateway Software Package. Version 4.2 "is a firewall of type" B "of the fourth protection class, complies with the requirements of the documents" Requirements for firewalls "(FSTEKRossia, 2016)," Protection profile of firewalls of type B of the fourth protection class. IT.ME.B4.PZ "(FSTEC of Russia, 2016) when following the operating instructions given in the logbook RLKYe.00017-01 30 01.
Testing as part of the system of quantum and cryptographic protection of information on a high-speed communication line
In May 2018, a representative of S-Terra CSP told CNews that Russia for the first time successfully tested a quantum and cryptographic information protection system on a high-speed communication line suitable for use in large data centers. The tests were carried out by specialists from the crypto equipment manufacturer S-Terra CSP and the Russian Quantum Center commissioned by Gazprombank. Read more here.
2017
Received FP FSB to crypto router
On December 13, 2017, S-Terra announced that it had received a positive opinion from the FSB on the compliance of PAC S-Terra VPN Version 4.2 on the ESR platform with the CIPF requirements.
According to the conclusion of December 4, 2017, the "S-Terra VPN Version 4.2 Software and Hardware Complex on the ESR Platform" meets the requirements for cryptographic protection of information that does not contain information constituting a state secret in class KS2.
S-Terra Gateway - StoneGate Replacement
On May 10, 2017, S-Terra CSP announced the completion of testing CIPF S-Terra Gateway on StoneGate hardware platforms.
Companies running StoneGate security gateways have faced the termination of certificates on them. If this happens, customers do not need to buy equipment - working StoneGate gateways can be upgraded by installing the C-Terra Gateway software product on the current hardware platform.
The user of the equipment will be able to legitimately use the C-Terra cryptographic information protection means (CIPF) on this equipment and undergo training for certification of an automated system (AS) requiring CIPF class KS1 or KS2 in regulatory organizations.
The upgraded gateways retain the level of encryption performance on GOST cryptographic algorithms provided by devices with StoneGate software.
Recommended PC models C-Terra Gateway for replacing StoneGate security gateways:
Replaceable model | PC for installation |
---|---|
Stonegate FW-315 | S-Terra Gateway 1000 |
Stonegate FW-1050e | S-Terra Gateway 1000 |
Stonegate FW-1200e | S-Terra Gateway 3000 Low End |
Stonegate FW-3200 | S-Terra Gateway 3000 Standard |
The use of CIPF S-Terra Gateway on the specified Stonegate platforms was confirmed by tests in the laboratory of S-Terra CSP.
The company announced the possibility to provide a technical conclusion with the "Requirements for the operating conditions of the S-Terra VPN PAC" at the request of the customer when supplying the S-Terra Gateway PC for installation on the StoneGate hardware platform.
2016
Integration with HP ArcSight
On December 13, 2016, S-Terra CSP announced the completion of integration of the C-Terra Gateway with the HP ArcSight SIEM solution. DialogueNauka took part in the project.
Before the release of the C-Terra 4.2 product version, DialogNauka has updated its dedicated FlexConnector, which helps to store details of events from the C-Terra security gateway to ArcSight. The message processing procedure is optimized, it became possible to interpret the data by the reporting subsystem. Test tests of the joint functioning of HP ArcSight and C-Terra Gateway confirmed the correctness and stability of interaction, the press service of the companies said.
The compatibility of these two products is important for many users. It is especially convenient that the HP ArcSight solution can be used for geographically distributed information systems, where C-Terra equipment is most often used. We have already been through the integration procedure in the previous version of the C-Terra security gateway, and, thanks to the ongoing cooperation of our companies, we can now use HP ArcSight to interact with both the current version of C Terra 4.1 and the upcoming version 4.2. |
Today, many customers are already using HP ArcSight solutions to manage information security incidents. Our new connector will allow the HP ArcSight security event monitoring and correlation system to receive and process information from the latest C-Terra gateway, which will generally improve the efficiency of incident detection and response. |
Functionality. Performance. Compatibility
(Data current as of February 2016)
C-Terra Gateway Functionality 4.1
- Encryption and integrity control of transmitted traffic - using IPsec ESP and/or IPsec AH protocols (RFC2401-2412), using Russian and foreign cryptographic algorithms. In this case, traffic is tunneled
- Device Authentication - IKE (RFC2401-2412)
- Integrated firewall that performs stateful traffic filtering
- Combined ESP_GOST-4M-IMIT conversion is used in accordance with the document "Technical specification for the use of GOST 28147-89 when encrypting attachments in the IPSEC ESP protocol"
- Building secure networks of any complexity
- Full support for PKI infrastructure
- Compatibility with products of Russian and foreign manufacturers
- Extensive administrator options: set flexible security policies, define different sets of rules for handling open and encrypted traffic, including the implementation of the split tunneling script
- Support for various topologies, including point-to-point, star, hierarchical tree, partial and fully connected topology
- The ability to build several layers of protection, allocate zones with different levels of trust, organize re-encrypting and inspection of traffic in the center
- The ability to use a scenario based on a technology similar to DMVPN
Integration into existing infrastructure
Compatibility with all necessary protocols for integration into modern network infrastructure, including:
- RADIUS protocol
- issuing IKECFG addresses for C-Terra Client
- clustering devices using VRRP
- RIP and OSPF dynamic routing (including for the RRI load balancing scenario)
- VLAN, LACP
- GRE (including for provider reservation)
- working through NAT (NAT Traversal)
- Syslog event logging
- SNMP monitoring
Reliability and performance
- Ability to equip redundant power supplies and RAID-integrated hard drives
- Support for fault tolerance scenarios with redundant security gateways, network interfaces, and provider links
- Support for saving protected tunnels when the new.png security policy is reset
- Record performance
- Can be used to protect traffic requiring packet delays and losses, such as IP telephony and VKS
- QoS support
Management
- C-Terra CP Centralized Control System - centrally remote
- Cisco Security Manager (CSM) GUI, part of Cisco Security Management Suite - centrally remotely
- SSH using a CLI that uses a subset of Cisco commands IOS locally or remotely
- web-based management interface - remotely
Compatibility
- Tokens manufactured by Aladdin: eToken PRO32k, eToken PRO64k, eToken NG-FLASH, eToken PRO (Java)
- Tokens manufactured by Aktiv: Rutoken S, Rutoken EDS
- MultiSoft tokens: MS_KEY K
- For the implementation of IPsec/IKE protocols and their extensions - with Cisco IOS v.12.4 and v.15.x.x
- All S-Terra CSP products regardless of version
- NME-RVPN module in MSM version, UCS-EN120SRU module in MSM-950 version