LLC "RusBITech-Astra" presented the distribution kit Astra Linux Special Edition 1.7, which is a special assembly that provides protection of confidential information and state secrets to the level of "special importance". The distribution is based on the Debian GNU/Linux package base. The user environment is based on the proprietary Fly desktop (interactive demo) with components using the Qt library.
The distribution kit is distributed under a license agreement, which imposes a number of restrictions on users, in particular, commercial use without a license agreement, decompilation and disassembly of the product are prohibited. The original algorithms and source codes, implemented specifically for Astra Linux, are classified as commercial secrets. The user is given the opportunity to play only one copy of the product on one computer or virtual machine, and is also given the right to make only one backup copy of the media with the product. Ready assemblies are not yet publicly provided, but the publication of the assembly for developers is expected.
The release has successfully passed a set of tests in the FSTEC of Russia information security certification system for the first, highest, level of trust, i.Π΅. can be used to process information constituting a state secret of "special importance". The certificate also confirms the correctness of using the virtualization tools and DBMS built into the distribution kit in secure systems.
Major changes:
- The package database has been updated to Debian 10. Currently, the distribution kit offers the Linux 5.4 kernel, but they promise to switch to the 5.10 release by the end of the year.
- Instead of several editions that differ in the level of protection, a single unified distribution kit is proposed that provides three modes of operation:
- Basic - without additional protection, similar in functionality to the Astra Linux Common Edition. The mode is suitable for protecting information in state information systems of the 3rd security class, personal data information systems of the 3rd-4th security level and significant objects of critical information infrastructure.
- Enhanced - designed to process and protect restricted information that is not a state secret, including in state information systems, information systems of personal data and significant objects of critical information infrastructure of any class (level) of security (category of significance).
- Maximum - provides protection for information containing state secrets of any degree of secrecy.
- The independent operation of such information protection mechanisms as a closed software environment (only a pre-verified set of executable files is allowed to execute), mandatory integrity control, mandatory access control, and guaranteed cleaning of deleted data.
- The capabilities of mandatory integrity control have been expanded to protect system and user files from unauthorized changes. The ability to create large isolated integrity levels for additional isolation of containers has been implemented, tools have been added for filtering network packets by classification labels, and mandatory access control for all versions of the SMB protocol has been provided in the Samba file server.
- Updated versions of distribution components, including FreeIPA 4.8.5, Samba 4.12.5, LibreOffice 7.1, PostgreSQL 11.10 and Zabbix 5.0.4.
- Implemented support for container virtualization.
- The user environment has new color schemes. The login theme, the design of the taskbar icons and the Start menu have been modernized. The Astra Fact font, similar to the Verdana font, is proposed.
Source: opennet.ru