Scanner-VS Security Analysis Tool

Scanner-VS (Computer Systems Scanner) is a comprehensive tool for analyzing the security of computer systems, a mobile place for a security administrator, and is also a tool for certification and various inspection checks of automated systems. Certified MPS and Information Security Effectiveness Monitoring Tool.

The scanner-VS is launched from the storage medium, providing an independent trusted environment for the security administrator, and includes a set of testing and monitoring tools.

The scanner-VS is designed to search for network vulnerabilities, study network topology and inventory of network services, local and network password auditing, search for residual information on disk, local analysis and snapshot of system states (hardware and software configuration, history of USB device connections), provides passive and active interception of network traffic, as well as its subsequent analysis (for example, search for open and encrypted passwords).

It also provides operational control (scanning), monitoring and analysis of the system's security against attacks (software and hardware influences), control over compliance with security requirements, as well as network inventory.

2023: Delivery capability as part of the Ampire platform

The companies Prospective monitoring"" (GC InfoTeCS"") and the Group of Companies Echelon"" have reached an agreement on a technological partnership, under which information protection the Echelon line of funds can now be delivered to customers as part of the platform. Ampire InfoTeCS Group of Companies announced this on July 13, 2023. As of July 2023, three Echelon development products are built into the Ampire platform: a centralized information security event management system, KOMRAD Enterprise SIEM a comprehensive security analysis system "Scanner-VS," firewall and an intrusion detection system. " Rubicon More. here

2020: Red OS Compatibility

The companies Echelon"" and RED SOFT"" as part of the partnership conducted testing for the compatibility of their products. The developers confirmed the full and uninterrupted operation of the Scanner-VS comprehensive security analysis system (manufactured by Echelon) at operating system RED OS (manufactured by RED SOFT). This was announced on February 19, 2020 by RedSoft.

Based on the results of the tests, a bilateral certificate was signed.

The Russian operating system RED OS has already established itself as a universal environment for solving a large range of problems in various fields. Thanks to the positive results of cooperation with Echelon, now on the basis of RED OS we can offer the market a technologically independent solution in the field of information security protection, comments Rustamov Rustam, Deputy General Director of RED SOFT

2019: Features of the software complex

Among the features of the software complex for November 2019:

• organization of a dedicated or virtual security administrator workplace (LiveCD/FLASH technology, it is enough to crash a CD or flash drive)
• possibility of use during certification and certification tests
• active identification of network service vulnerabilities
• auditing password information for multiple protocols
• control of memory and traffic (direct search by dictionary and keyword sets by drives)
• audit of inserted USB devices for all time with date information

Specifications

• ensuring the loading of a trusted environment from any computer (using LiveCD/Live-flash technology) with automatic determination of network equipment connected to a local area network
• search for residual information on drives connected to network nodes (various encodings are supported)
• local (on any PC) and password protection network audit
• inventory (fixation) of computer network resources (nodes, ports, services)
• identifying (scanning) vulnerabilities of installed services
• checking the possibility of denial of service attacks and address substitution
• analysis of network traffic (including in switched networks, physically separated)
• auditing password information for multiple protocols

Regulatory requirements

• The mandatory position of the administrator in the NPP is determined by the governing document of the State Technical Commission of Russia for NPP;
• A mandatory element of any informatization object (NP, AWS, LAN, ISDS, BT Object, etc.) are means of monitoring the effectiveness of information protection (means of security analysis, security scanners, means of periodic testing of IPS, means of countering software and hardware impacts, etc.).

Availability of Information Security Certificate

• Certificate of Conformity of the Ministry of Defense of Russia No. 631
• Russian FSTEC Certificate of Conformity No. 2204

2018: Inspection control of the Ministry of Defense of Russia

NPO Echelon In March 2018, the company announced that the Scanner-VS comprehensive security analysis tool had passed inspection control in the certification system, Ministry of Defence Russia as a result of which two certificates were obtained:

• "Scanner-VS": No. 3872 (valid until February 27, 2023).
• "Scanner-VS" with the component "Inspector": No. 3873 (valid until February 27, 2023).

According to NPO Echelon, the received certificates confirm the fulfillment of the requirements of the order of the Ministry of Defense of the Russian Federation, including: guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control of the absence of undeclared capabilities "(State Technical Commission of Russia, 1999) - by the 2nd level of control, as well as in terms of compliance with the real and declared in the documentation product functionality.

2017

Function modules

(Data current as of November 2017)

Network scanner

Designed to check network security by scanning hosts to identify vulnerabilities, including open ports.

The network scanner allows you to determine the type of operating system (OS) of the remote host using TCP/IP stack fingerprints, perform invisible scanning, dynamic calculation of delay time and packet retransmission, parallel scanning, scanning using false hosts, direct RPC scanning, scanning using IP fragmentation, determines inactive hosts using the parallel ping method and the presence of packet filters.

Security scanner

Allows you to search for vulnerabilities in network services offered by operating systems, firewalls, routers and other network components. To search for vulnerabilities, both standard tools for testing and collecting information about the configuration and functioning of the network are used, as well as special tools that emulate the actions of an attacker to penetrate systems connected to the network.

Local Password Audit Tool

It is designed to find and identify passwords containing easily selectable character combinations directly on the workstation. Allows you to select passwords both by brute force and by dictionary enumeration. Both operating systems of the Windows family and various varieties of Linux are supported, including protected ones (MSVS, Linux XP, Astra Linux).

Password Network Audit Tool

Designed for remote search and identification of passwords containing easily selectable character combinations.

System Auditor

Designed to scan the workstation to determine the parameters of installed operating systems, system, communication and peripheral devices, including USB devices. A unique feature of the system auditor is the audit of inserted USB devices for the entire time with information about the date and time of each connection. Information about USB connections is provided in the form of a table with detailed data on the detected USB devices (manufacturer, brand, name, properties and other parameters, including the date and time of each connection).

Network analyzer

It is intended for use by the network administrator in checking and detailed analysis of the correctness of the network software configuration. Allows passive and active interception of network traffic in switched networks using techniques such as ARP-spoofing. Analyzes intercepted information, decodes passwords for popular protocols, for example HTTP, HTTPS (certificate substitution), POP3, SMTP, OSCAR (ICQ), FTP.

Disk Search Tool

It is designed to search for information on keywords on data carriers (hard drives, floppy disks, optical disks). The main purpose is to test the MPS for the operation of the guaranteed information cleaning system.

Scanner-VS Inspector passed inspection control at FSTEC

On October 31, 2017, NPO Echelon announced the conduct of inspection control in the certification system of the FSTEC of Russia.

Inspector Test (2017)

A certified software package including the Scanner-VS security testing system and the Inspector comprehensive inspection tool passed inspection control in the Russian FSTEC certification system.

As part of the inspection control, the functionality of the Inspector's comprehensive inspection facility was expanded.

There is support for software for finding license keys. The user has the opportunity to compare target reports using the added change control functionality, and thanks to the advanced functions of the system auditor, you can now find out the following information:

• about the processor;
• about disk devices;
• about network adapters.

Now the Inspector tool allows you to determine the dates of the first and last USB connection and the fact of connecting phones and other equipment through USB connectors.

Inspection control in the Russian FSTEC certification system

In the summer of 2017, the tool for solving a wide range of tasks for testing and analyzing the security of information systems, as well as monitoring the effectiveness of information protection tools "Scanner-VS" passed inspection control in the certification system of the FSTEC of Russia.

As part of the next product update, Scanner-VS has a single web interface for conducting a comprehensive security analysis. Now all security testing tasks are grouped by key phases of a typical project:

• search for targets: identification of nodes and network services;
• vulnerability scanning: identification of vulnerabilities in network services;
• exploitation: matching passwords and finding suitable exploits.

The results of all security testing tasks performed under the project are stored in the database, which allows you to form a single report on comprehensive security analysis.

"Scanner-VS" has a certificate of the FSTEC of Russia No. 2204, a certificate of the Ministry of Defense of Russia No. 3666, is included in the unified register of Russian programs for electronic computers and databases (register of Russian software).

"Scanner-VS" passed the inspection control of the FSTEC of Russia

Introduced "Scanner-VS Inspector"

On January 30, 2017, NPO Echelon presented the Scanner-VS Inspector software package, which includes the Scanner-VS security testing system and the Inspector comprehensive inspection tool.

The "Scanner-VS Inspector" complex allows you to perform:

• generation of access delimitation system model;
• control of access authority to information resources;
• Search and ensure that information on disks is destroyed
• fixation and monitoring of the software system state;
• test the security of information resources (including vulnerability scanning).

View "Scanner-VS Inspector," (2017)

Scanner-VS Inspector is intended for licensees (and license applicants) of the FSTEC of Russia and the Ministry of Defense of Russia involved in information protection, including certification bodies, testing laboratories, developers of information protection tools and others.

The functionality corresponds to the list of FSTEC of Russia (List of instrumentation and testing equipment, security controls required to perform work and provide services established by the Regulation on Licensing of Activities for Technical Protection of Confidential Information, approved by Decree of the Government of the Russian Federation of February 3, 2012 No. 79. Among the features of the "Scanner-VS Inspector" is a convenient graphical interface and integrability.

Functionality:

• automated process of checking individual requirements of regulatory documents: "Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection (State Technical Commission of Russia, 1998), Order of the FSTEC of Russia No. 17, Order of the FSTEC of Russia dated February 18, 2013 No. 21, Order of the FSTEC of Russia No. 31, etc.;
• the ability to collect detailed information about the automated (information) system (license numbers for some types of software, identifiers of connected external media, etc.);
• operation in the "portable" application mode - launch directly from the media;
• a simple step-by-step wizard for testing;
• possibility to form a project within the framework of inspections and generate a unified report on their results.

The complex is certified by the FSTEC of Russia for compliance with the requirements of the guiding document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared capabilities "(State Technical Commission of Russia, 1999) - according to level 4 of control and technical specifications NPESh.00606-01 TS. Also, the complex has a certificate of the Ministry of Defense of Russia for compliance with the requirements of the order of the Ministry of Defense of the Russian Federation and can be used to control the security of systems in which information constituting a state secret is processed to the level of "top secret" inclusive.

Renewal of the certificate of the FSTEC of Russia for the "Scanner-VS"

At the beginning of 2017, NPO Echelon announced the extension of the validity of the certificate of the FSTEC of Russia No. 2204 for the Scanner-VS security analysis complex until November 13, 2019. The certificate of the FSTEC of Russia confirms that the Scanner-VS complex meets the requirements of the guiding document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared capabilities "(State Technical Commission of Russia, 1999) - according to level 4 of control and technical specifications NPESh.00606-01 TS.