Transfer of PD to the external environment. Intrusion detection tool and FSTEC impossibility

A

ash_kgd2013-04-11 10:57:59

Information Security

ash_kgd, 2013-04-11 10:57:59

Good day!

If there is an automated transmission of information containing PD, it is necessary to use encryption tools (complexes) certified by the Federal Security Service of Russia. The guidance documents of the FSTEC of Russia on the protection of personal data require an intrusion detection system in ISPDs that have connections to external networks.
The VipNet Custom software package and the VipNet Coordinator HW HW have certificates of compliance from the Federal Security Service of Russia. Representatives of the manufacturer assure that the presence of a certificate of the FSB of Russia for compliance with the requirements for devices such as firewalls indicates that this tool (complex) also has a built-in intrusion detection module. Joint installation of VipNet Client and FSTEC of Russia certified information security system SSEP HIPS is not possible, because will lead to conflicts.
Is it sufficient to meet the requirements of the governing documents for ISPD when there is a connection to external networks and automated transmission of information containing PD is necessary in order to ensure firewalling and intrusion detection using only the VipNet software and hardware complex?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

I

Ilya Sevostyanov, 2013-04-11
@RUVATA

It all depends on the category of PD that you process and transmit.
For example, if you have the 1st (biometric data), then you are required to use a number of security tools certified by the FSTEC:
1) Antivirus
2) Firewall
3) IPS from NSD (Information protection tool from unauthorized access to data)
For example, in our case, Kaspersky was certified as an Antivirus but did not pass certification as a firewall (beginning of 2012, I don’t know how it is now), as a result, the set turned out like this:
1) Antivirus - KAV 6.0 for WorkStations / Windows Server
2) Firewall - SSEP (Security Studio Endpoint Protection from " Security Code") a rare guano craft based on Outpost
3) IPS from NSD - Secret Net from the same "Security Code", but already more confident than the previous product, although also not without flaws

I

Ilya Sevostyanov, 2013-04-11
@RUVATA

Specifically, the
Достаточно ли для выполнения требований руководящих документов к ИСПДн, когда имеется подключение к внешним сетям и необходима автоматизированная передача сведений, содержащих ПДн, в целях обеспечения межсетевого экранирования и обнаружения вторжений применения только программно-аппаратного комплекса VipNet?
answer to your question is if VipNet is certified as a firewall, and not just as an intrusion protection tool.
I can't check fstec.ru/_doc/reestr_sszi/_reestr_sszi.xls (the list used to be here, but now Not Found there)

L

Loreweil, 2013-04-12
@Loreweil

Firstly, ViPNet Client and SSEP work together very well. They set, drove, checked, there were no conflicts.
Secondly, the requirements of the FSTEC for the protection of ISPDs will soon change with the release of the 21st order (now being coordinated by the Ministry of Justice), there is supposed to be a departure from mandatory requirements and a greater linkage of SZPDs to the Threat Model. I advise you to wait for the release of this order, he should appear just about now and already build his defense in accordance with it.

P

Pavel, 2014-08-15
@VoRez

If by "smoothness of change" you mean plausible changes in the number of users, that is, so that there are no jumps from 500 to 900 people per second, then try this option:
1. Take a random number from 500 to 1500.
2. If necessary, update the counter, take more one random number in a plausible range of changes in the number of users (for example, from 10 to 20) and add / subtract from the previous number.
3. Save the resulting number and use it instead of item 1