Joint event of the distribution company OCS and IVK, a Russian developer of application and infrastructure software, software and hardware complexes, and information security tools. Vendor products: • IVK Kolchuga-K – a software and hardware firewall certified by FSTEC; • IVK Crypto – a tool for building cryptographically protected VPNs, certified by the FSB.
Maxim Orlov, Head of Project Development Department at IVK, opened today's event. Today's meeting will include 4 blocks. I will talk about IVK, what we do, and what our competencies are. In the second block, I will present our new partnership program. In the third block, my colleague Igor Korchagin, Head of the Information Security Department, will talk in more detail about our developments in the field of information security.
IVK Group of Companies (Information Implementation Company) is a leading Russian developer of information security tools, infrastructure software products, software and hardware solutions, computer equipment, embedded systems, including those based on domestic operating systems and domestic processors.
IVK has been operating on the Russian market since 1993. As a vendor, it develops a portfolio of certified products and certified solutions based on its own independent set of technologies, targeting government and commercial organizations. IVK has the necessary licenses and certificates, including for work related to the creation of information security tools, and for work related to the use of information constituting state secrets.
The company's production facilities are certified according to GOST 1090-1 and allow the production of up to 300,000 units of computing equipment per year. To achieve a high level of reliability, 100% of the products are subject to quality control.
The IVK group of companies includes directly the "Information Implementation Company", the company "Basalt SPO" - the developer of the "Alt" OS family, based on the Russian independent package repository "Sisyphus" and the production complex "Vega". This is our industrial complex for the production of equipment. It is located in the city of Elektrostal, Moscow region.
The end customers are government agencies, commercial organizations, the armed forces of the Russian Federation, and subjects of critical information infrastructure. JSC IVK is included in the consolidated register of organizations of the military-industrial complex of the Russian Federation.
In the activities of IVK, three major areas can be distinguished. These are the development and production of domestic system software based on solutions from international open source projects and based on its own "Sisyphus" repository. The second area is the development and production of information security tools in the form of software and hardware complexes. And the design, development and production of computer equipment, including those based on domestic processors, computer equipment for general and industrial use, servers, monoblocks, computing modules, laptops. Computing equipment is manufactured at its own modern assembly production facility, equipped with a conveyor line and a thermal chamber for testing.
In the field of software development, the flagship product is the "Alt" family of operating systems. "Alt" OS for servers and workstations, including the secure "Alt 8 SP" OS, which has certificates from the FSTEC of Russia, the FSB of Russia, and the Ministry of Defense. The development was based on the principle of ensuring independence from foreign repositories, OS developers based on the Linux kernel. The "Sisyphus" repository is not a derivative of repositories such as Debian, Red Hat, Suse, etc. This ensures independence from the development vectors of foreign repositories and active support at the repository level for processors of Russian architectures, as well as the possibility of developing and producing a domestic OS in conditions of the risk of sanctions pressure.
In addition to the "Alt" OS, the company has developed other software products. IVK solutions are used as the basis for building a system of confidential electronic document management in the structures of the Ministry of Defense of Russia and also for the system of automatic processing of citizens' appeals. For these purposes, the software products IVK BUREAUCRAT and IVK POSTFACTOR have been developed. All software products developed by IVK are included in the unified register of the Ministry of Communications of Russia.
The second area of the company's activity is the development of information security tools. These are the software and hardware complex firewall "IVK Kolchuga-K" and the software and hardware complex "IVK Crypto".
"IVK Kolchuga-K" is a firewall and communication center for perimeter protection. The first firewall was produced by IVK in 2005. Currently, the fourth generation of firewalls is being produced. It has a certificate from the FSTEC of Russia. The software of the IVK Kolchuga-K firewall is developed on the basis of the domestic Sisyphus repository and is included in the Unified Register of Russian Programs under number 413. IVK firewalls are supplied in the form of software and hardware complexes. The line of firewalls consists of four devices: Kolchuga-K-01, -02, -03 and -04. Three of these devices are produced in the form of single-unit devices for placement in a server rack, Kolchuga K-02 is produced in the Box-PC format. The assembly of the Kolchuga-K software and hardware complex is carried out at the production site of JSC IVK in Elektrostal.
The IVK Crypto software and hardware complex for cryptographic protection is a software and hardware complex for organizing cryptographically protected virtual private networks. It provides automatic encryption/decryption of information that does not contain information constituting state secrets. It is assembled on the basis of the Kolchuga-K firewall on the same hardware platform. The line consists of 5 devices. Four single-unit devices for rack mounting and IVK Crypto X2 P4 is a Box-PC format device, and another Box-PC format device is the administrator's ARMA.
The largest implementation, more than 3000 devices, which covers all regions of the Russian Federation, within the framework of a project to ensure the protection of information transmitted within the framework of a unified information space of courts of general jurisdiction and subsequently justices of the peace and the "Glas of Justice" system.
And the third area of the company's activity is the production of computer equipment. IVK's computer equipment for general and industrial use, servers, personal computers, monoblocks, laptops.
The equipment is designed for operation, including in harsh conditions, including dust, moisture, high and low temperatures, vibration and shock. The company's production activities are based on domestic technological achievements. In particular, all elements of the mechanical part of the structures and, to a large extent, electronic and software components are based on the company's own developments.
The Information Implementation Company has launched its own partnership program, which defines a new procedure for IVK's interaction with partners in promoting IVK's software and hardware complexes. In this case, we are talking about the supply of information security tools, the Kolchuga-K firewall software and hardware complex, and the IVK Crypto software and hardware complex.
Within the framework of the IVK partnership program, different types of partnership are provided depending on the competencies. Partners are assigned different statuses: distributor – a legal entity that has the competencies to supply the vendor's products and distributes its products through its partner network; authorized partner – a legal entity that does not have direct contracts with the vendor, but has the opportunity to work with the vendor through the distributor under the terms of this partnership program. Authorized partners include the statuses of dealer and technology partner. There is also another status, which is a strategic partner. These are legal entities whose turnover with IVK exceeds 50 million rubles and who have experience in integrating into the end customer's infrastructure, including in complex solutions, and providing technical support services.
Strategic partners purchase products directly from the vendor, authorized partners, dealers and technology partners work through the distributor under the terms of the partnership program. Shipment of IVK products is allowed only to partners who have joined the partnership program. The partner status is determined by the vendor in accordance with the requirements shown on the slide. The partnership program with applications is provided upon request by e-mail or through the distributor. Joining the IVK partnership program is carried out by signing the partner's consent to participate in the partnership program.
The main difference between a partner with the status of a dealer and a partner with the status of a technology partner is the presence of a technical specialist certified by the vendor. This also allows the technology partner to provide technical support together with the vendor.
IVK has developed and provides training for partners to deepen their knowledge of the company's products. Upon completion of the training, certificates are issued from the vendor and from the training center. Two courses have been developed: a course on administering the Kolchuga-K firewall, with a duration of 3 days, and a course on administering the IVK Crypto software and hardware complex, with a duration of 5 days. The authorized training center is St. Petersburg Polytechnic University named after Peter the Great. Training takes place in our office in the training class at the address: Moscow, Butyrskaya str., 75. It is possible to take the course both in person and remotely.
A company that joins the partnership program gains access to all the necessary information about the program and IVK products, technical and marketing support from the vendor, as well as the opportunity to train and certify its specialists. Technology and strategic partners also receive a dedicated personal manager and technical support.
The size of the partner discount depends on the partner's status, the technology partner has a larger discount than the dealer, and on the volume of sales of the vendor's products. I would also like to draw your attention once again to the fact that the technology partner has the opportunity to provide joint technical support with the vendor. Joint technical support is provided within the framework of extended and premium technical support. And discounts on technical support certificates are higher in the case of joint technical support. The partnership program also specifies procedures for protecting the transaction and more detailed mechanisms for interaction with the end customer, distributor, vendor and partner.
Then the floor was taken by Igor Korchagin, Head of the Information Security Department of IVK.
He focused in more detail on the issues of specific technical solutions of our products related to network protection. This is the IVK Kolchuga-K firewall software and hardware complex. He said that in some moments I will repeat myself on the composition of our solutions, but with a deeper immersion in the technical specifics.
How we came to our solution. Our company in the field of software development in the IT market has been around for more than 20 years. How we came to the task of developing our own firewalls. When we started researching the market of existing solutions more than 15 years ago, we understood how existing firewalls are formed, including foreign ones. Communication equipment is mainly the use of various OPENSOURCE, i.e. proprietary development that functions on unit-like operating systems such as Linux, FreeBSD and others. After studying this market, we came to a conclusion about how we can start this work.
And we realized that at the heart lies a huge amount of OPENSOURCE and OPENSOURCE repositories. We realized that no one solves this problem by working directly with OPENSOURCE, everyone is guided by some distribution that is supported by the largest open communities. The slide shows Linux-like repositories, the vendor, planning its development, chooses some repository, and further development of its software hardware complex and software solution is carried out taking into account this repository. At the same time, working with OPENSOURCE directly is impossible due to the huge number of dependencies. There is a scheme, we choose the basis of the repository with which we work, consisting of OPENSOURCE, and formulate our solution. And this approach is used by most developers of IT equipment and storage facilities. After studying this market, we realized that there are many options, but they are all foreign. And we tried to orient ourselves, is there anyone in our market who represents these ideas, while being a resident of the Russian Federation and has sufficient competence? Then we met a company that had its own domestic repository. It was called "Sisyphus", and it was completely equivalent in terms of principles and approaches that are supported by foreign repositories, but at the same time it is accompanied exclusively by our specialists, domestic developers, who are also active participants in the international community. Their contribution at the level of OPENSOURCE repositories, and also falls into foreign repositories. The slide shows the composition and volume of data packages of these repositories for a huge number of architectures. At that time, 16 years ago, the issue of architectures was not as relevant as it is now.
Then everyone considered exclusively the x-86 architecture. But, having laid the approach of the domestic repository at the base then, we got a flexible opportunity to switch to other hardware architectures. And thus the Kolchuga-K firewall was born. The slide shows the history of his life. Its first certified version was released in 2005 on the 2.4 Linux platform. 2 products were released according to the RD requirements for firewalls. In 2011, we released the second generation of the product. It was already the fifth platform from Linux at its base. In 2016, the third generation was released on the 7th platform. Starting with the third generation, we had the IVK CRYPTO encryption tool, which is built into our software and hardware complex. There was certification according to the KS3 class. And since 2019, these products have been together. And in 2020, the fourth generation was released, which is the basis for both our firewall software and hardware complex and our information security software and hardware complex. They are certified according to the fourth class. We abandoned certification for state secrets at that time due to some commercial reasons.
And began to develop the fourth generation line. Four versions of the software and hardware complex have been released on the basis of this fourth generation. What are the basic functional capabilities? These are management functions that involve both management through the interface and through the console.
Two roles of administrator and auditor are built in, there are various notification mechanisms for selected categories of security events, group management by lists of IT addresses, various mechanisms for communication management functions, network bridges, static and dynamic routing. Since our firewall is a filtering of network traffic at all levels of the IC model, including deep packet analysis, working with mandates and labels, the forwarding mode is used, there are built-in proxy functions for htp and ftp and various mechanisms for stability and reliability, multivan support, the ability to reset the device to factory settings and, one of the most popular at the moment for large enterprises – this is the possibility, including integration with various ICM.
The slide shows an example of the firewall management interface. We are always ready to provide remote access so that you can test, see the capabilities, and experiment with how to work with it yourself.
A few words about the line of products of the IVK Crypto encryption tool. This product is built on the basis of the fourth generation of the IVK Kolchuga firewall. The IVK Crypto encryption tool is a composite product, at the heart of which you get the Kolchuga firewall itself, as well as additional functionality in the form of cryptographic protection functions. This software and hardware complex is called IVK Crypto, it also has an FSB certificate, and is included in the Register of domestic software. It is produced in several versions. Here are presented crypto gateways in various hardware platforms, control centers and software clients.
Basic functional capabilities – these are encryption tasks in accordance with domestic GOSTs, various functions of centralized management and monitoring, as well as management through a console interface, the ability to create an unlimited number of managed nodes of virtual networks, event logging. All centrally generated configurations are sent directly to the end devices automatically through the corresponding message brokers, which ensures guaranteed configuration behavior even if the device was unavailable and then turned on, it will receive this configuration.
This version can have 4 roles. This is a key task, a management function, this device can also act as a crypto network server or a crypto network client. The role is determined by the configuration that is formed by the administrator of the configuration management center.
The next block is a crypto gateway. This is version 2. It can act as both a crypto network server and a crypto network client. At the same time, regardless of the mode in which it will be operated. Both in the crypto gateway mode and in the crypto switch mode. I would like to clarify the peculiarity of its role-based construction. The complex itself assumes the possibility of any configuration of complex subordinate networks, determined directly by the administrator. And this thing is not regulated by the licensing policy. By purchasing a gateway of the corresponding version, the administrator can configure, for example, the following network through the control center. When we have N number of crypto gateways, where one crypto gateway acts as a client of the server, for example, number 1, and the other acts simultaneously as a client and server 1 and server 2. For example, we have two branch facilities that are territorially separated by a building. We build one network between them, where we combine them with each other. And there is a central office. Both of these gateways are clients of this central office.
Now on home
Герой России Гарнаев: никто из профессионалов о возобновлении производства на КАЗ всерьёз не говорит
Система отслеживает спутники на высотах до 50 000 км и ведёт за ними наблюдение
The armored vehicle is equipped with a KamAZ-740.35-400 diesel engine with a power of 400 hp.
Constant improvements in avionics, weapons and tactical capabilities will make the aircraft a flexible response to future challenges
The exterior of the KamAZ-54901 features fairings on the cab and chassis for fuel economy
Fighters are in demand both domestically and abroad
Tyazhpromexport and Venezuela Agree on Plant Revival
The company not only completed the state order, but also quickly mastered the production of AK-12K for special forces
Experts have developed a photogrammetric complex with a resolution of less than 1 cm
