Professional Documents
Culture Documents
Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7
Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7
Approve Director of FSUE "RNIIRS" Utverfday LLC NTC Vulkan A.V. Markov 2 0 1 7
com
APPROVE UTVERFDAY
director of FSUE "RNIIRS" CEO
LLC NTC Vulkan
A.V. Markov
» 2017 " » 2017
Sheets 333
AGREED
Head of 474 VP of the Ministry of Defense of the Russian Federation
»2017
2017
CONTENT
1 Test program 3
1.1 Test object............................................................... ...................................................3
1.5 Conditions, modes, procedure, venue, types and stages of testing ..25
1.6 Logistics of testing .......................................................30
1.7 Metrological provision of tests .......................................................... .......31
1.8 Ensuring the protection of state secrets ....................................................... ...31
2
1 Test program
3
VP MO RF in the scope of inspections corresponding to the category of acceptance
tests.
1.3.3 Tests are carried out according to the "Program and methods
preliminary tests ... "(hereinafter - PM), developed by LLC "NTC" Vulkan ",
agreed and approved in accordance with the established procedure in
accordance with GOST RV 15.211-2002.
1.3.4 On the readiness for preliminary tests of LLC
"STC" Vulkan "notifies the Customer with a notification agreed with 474 VP of the Ministry of Defense of the Russian
Federation.
- non-compliance of the prototype SPO "Amezit-V" with the requirements of the statement of work
4
1.3.11 Termination of tests is formalized by an act, which must
be signed by all members of the commission and sent for making an appropriate
decision to the Customer and the executor of the Amezit-V R&D Center.
1.3.12 Before resuming testing, the commission checks
materials reflecting the results of eliminating the reasons for the termination
(interruption) of tests, checking the completeness of the modifications of the
prototype carried out at the proposals of the commission that terminated the tests.
1.3.13 Tests are considered completed if their results
issued by an act confirming the implementation of the test program and
containing an assessment of the test results.
1.3.14 The Commission is allowed to correct, if necessary,
program and test methods.
1.4Scope of testing
1.4.1 The product is subject to tests in the scope specified in Table 1.
Table 1 - Scope of tests
Number Prime
No. Name of tests and item TK, methods chanting
5
Number Prime
No. Name of tests and item TK, methods chanting
6
Number Prime
No. Name of tests and item TK, methods chanting
7
Number Prime
No. Name of tests and item TK, methods chanting
8
Number Prime
No. Name of tests and item TK, methods chanting
9
Number Prime
No. Name of tests and item TK, methods chanting
Examination possibilities
remote use STR PMS
territorially
distributed elements
Methodology
5.12 APK "Amezit" (through 3.2.3.12
No. 39
subsystem PPD) With
demarcation right access
according to the role models
access
6 Examination fulfillment 3.2.4
requirements purpose of STR
control information and
technical objects
telecommunications systems
and life support systems
10
Number Prime
No. Name of tests and item TK, methods chanting
eleven
Number Prime
No. Name of tests and item TK, methods chanting
communication
Methodology
7.8 equipment using technical 3.2.5.8
No. 51
means of monitoring objects
telecommunication systems
7.9 Checking the Mode Definition 3.2.5.9 Methodology
12
Number Prime
No. Name of tests and item TK, methods chanting
telecommunications No. 52
equipment
Examination channel detection
transmission data is critical Methodology
7.10 3.2.5.10
important information No. 53
objects
Examination identifying
Methodology
7.11 information resources 3.2.5.11
No. 54
opposing side
Examination registration V
storage device informational
Methodology
7.12 exchange (in full) of the 3.2.5.12
No. 55
subscriber, given
operator
Examination ensure
programmatic means
Methodology
7.13 primary analysis 3.2.5.13
No. 56
information fulfillment
appointment requirements
Examination conjugation With
channel-forming equipment of Methodology
7.14 3.2.5.14
various backbone data No. 57
transmission networks
Examination fulfillment
requirements destination SPO
relaying data With
8 3.2.6
using
intermediate servers (SW PRD)
13
Number Prime
No. Name of tests and item TK, methods chanting
14
Number Prime
No. Name of tests and item TK, methods chanting
statistical
camouflage data, Methodology
8.14 3.2.6.14
passing through the technical No. 71
means of data relay, under
legal
custom inquiries to
public services
Verifying the Concealment of the
Methodology
8.15 True Destination of a Grouping 3.2.6.15
No. 72
of Virtual Route Points
Fulfillment of the requirements of the open Methodology
8.16 3.2.6.16
source software for data relaying in terms of No. 73
15
Number Prime
No. Name of tests and item TK, methods chanting
interactions technical
Methodology
8.17 means of promoting materials 3.2.6.17
No. 74
and monitoring the Internet,
bypassing the data relay
system
Examination providing
gateway anonymization,
providing mechanisms
Methodology
8.18 conjugation For others 3.2.6.18
No. 75
technical funds APK
"Amesite" (V volume including
geographically remote)
Examination detection And
opposition attempts
launch special Methodology
8.19 3.2.6.19
software ensure V No. 76
virtual And under
environment
control of debuggers
Verification of ensuring control of
the state of the grouping points
virtual routes,
operational identifying
attempts to obtain UA to them,
Methodology
8.20 contingency reboots OS 3.2.6.20
No. 77
hardware ensure And
other facts violations
informational security
(IB) technical funds
relaying
8.21 Examination logging 3.2.6.21 Methodology
16
Number Prime
No. Name of tests and item TK, methods chanting
17
Number Prime
No. Name of tests and item TK, methods chanting
Verification of preparation,
storage and presentation operator
profile virtual
user: personal data,
Methodology
9.10 existing accounts in supported 3.2.7.10
No. 89
services,
action history, personal
dialogues in existing accounts
18
Number Prime
No. Name of tests and item TK, methods chanting
Examination ensure
effect real
Methodology
9.17 user" V process 3.2.7, 3.2.7.17
No. 96
dissemination
information materials
Examination mechanisms
obstacles disclosure Methodology
9.18 3.2.7.18
national and departmental No. 97
affiliation
Checking automated interaction
with open source software Methodology
9.19 3.2.7.19
linguistic support subsystems No. 98
Examination fulfillment
requirements By regime
Methodology
9.20 data processing and rights to 9.3.2, 9.3.3
No. 99
access processed
information
9.21 Checking registration functions 9.17 Methodology
19
Number Prime
No. Name of tests and item TK, methods chanting
20
Number Prime
No. Name of tests and item TK, methods chanting
21
Number Prime
No. Name of tests and item TK, methods chanting
Examination fulfillment
requirements purpose of STR
12 processing of results and their 3.2.10
visualization on an interactive
screen (SPO POR)
Examination demarcations Methodology
12.1 3.2.9.13
access No. 124
Examination display on
electronic area map
closed segment of the POR
subsystem integrated
environment V Methodology
12.2 3.2.10.1
geoinformation system With No. 125
opportunity output
digital form of the object with
graphic and text documents
22
Number Prime
No. Name of tests and item TK, methods chanting
23
Number Prime
No. Name of tests and item TK, methods chanting
Examination inventory
Methodology
12.14 resources And monitoring 9.8, 9.9
No. 137
infrastructure changes
Checking the collection and analysis
of events informational Methodology
12.15 9.10
security, coming from No. 138
controlled subsystems
Examination visualization
received data and
Methodology
12.16 alerts administrator 9.11
No. 139
security about incidents
information security
Examination survivability And
3.4, 3.4.1– Methodology
13 resilience to external
3.4.2 No. 140
influences
Reliability check Methodology
14 3.5
No. 141
Examination ergonomics,
3.6, 3.6.1– Methodology
15 habitability Andtechnical
3.6.2 No. 142
aesthetics
Examination operation,
storage, facilities Methodology
16 3.7, 3.7.1
technical service and No. 143
repair
24
Number Prime
No. Name of tests and item TK, methods chanting
25
Number Prime
No. Name of tests and item TK, methods chanting
1.4.2 The product is considered to have passed the tests according to these paragraphs
TK, if the results of all checks performed in accordance with the above list
are positive.
26
1.4.3 By decision of the commission, additional
tests, the results of which are reflected in the test report. Additional tests
should be carried out on the basis of the requirements of the ToR for the SC
R&D.
1.5 Conditions, modes, procedure, venue, types and stages
tests
1.5.1 The procedure for conducting preliminary tests is determined
this document. Tests are carried out in one stage on the territory of the
Contractor.
1.5.2 Before testing, it is necessary to familiarize yourself with
documents:
-RU.VATS.00176-01 "Special software security
"Amezit-V". Specification";
-RU.VATS.00176-01 91 01 "Special software
"Amezit-V". Instructions for protecting information from unauthorized
access”;
-RU.VATS.00176-01 92 01 "Special software
"Amezit-V". Network Administrator's Guide";
-RU.VATS.00176-01 94 01 "Special software
"Amezit-V". Security Administrator Guide";
-RU.VATS.00176-01 95 01 "Special software
"Amezit-V". Security Administrator Instructions";
-RU.VATS.00176-01 96 01 "Special software
"Amezit-V". Control example (method) of setting up the information security system during the
operation of the product”;
-RU.VATS.00177-01 32 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission
network. System Programmer's Guide";
-RU.VATS.00177-01 34 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission network.
Operator's Manual";
-RU.VATS.00177-01 51 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission network.
Test program and methodology”;
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
27
-RU.VATS.00178-01 32 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. System Programmer's Guide";
-RU.VATS.00178-01 34 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. Operator's Manual";
-RU.VATS.00178-01 51 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data transmission
network. Test program and methodology”;
-RU.VATS.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide".
-RU.VATS.00179-01 32 01 "Special software
subsystems for monitoring the Internet and the media. System
Programmer's Guide";
-RU.VATS.00179-01 34 01 "Special software
subsystems for monitoring the Internet and the media. Operator's Manual";
-RU.VATS.00179-01 51 01 "Special software
subsystems for monitoring the Internet and the media. Test program and
methodology”;
-RU.VATS.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide".
-RU.VATS.00180-01 32 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. System Programmer's Guide";
-RU.VATS.00180-01 34 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. Operator's Manual";
-RU.VATS.00180-01 51 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. Test program and methodology”;
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 32 01 "Special software
subsystems of primary information analysis. System Programmer's Guide";
28
-RU.VATS.00181-01 34 01 "Special software
subsystems of primary information analysis. Operator's Manual";
-RU.VATS.00181-01 51 01 "Special software
subsystems of primary information analysis. Test program and
methodology”;
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 32 01 "Special software
data relay subsystems using intermediate servers. System Programmer's
Guide";
-RU.VATS.00182-01 34 01 "Special software
data relay subsystems using intermediate servers. Operator's Manual";
29
-RU.BATC.00184-01 51 01 "Special software
subsystems for testing telecommunication equipment. Test program and
methodology”;
-RU.BATC.00184-01 92 01 "Special software
subsystems for testing telecommunication equipment. User guide".
thirty
- carrying out the test in accordance with the chosen method
tests;
- completion of tests with recording the results in the Protocols
preliminary tests.
1.5.5 Tests are carried out under normal climatic conditions:
- temperature (20 ± 5) ºC;
- relative humidity - (60 ± 15) % at atmospheric pressure
(84 - 107) kPa (630 - 800) mmHg Art.
1.6 Logistics of testing
1.6.1 For testing, the Customer provides hardware and
software from the hardware-software complex (HSC) "Amezit".
1.6.2 The procedure for setting up the SSW included in the SSW "Amezit-V"
given in the following documents:
-RU.VATS.00176-01 91 01 "Special software
"Amezit-V". Instructions for protecting information from unauthorized
access”;
-RU.VATS.00176-01 92 01 "Special software
"Amezit-V". Network Administrator's Guide";
-RU.VATS.00176-01 94 01 "Special software
"Amezit-V". Security Administrator Guide";
-RU.VATS.00176-01 95 01 "Special software
"Amezit-V". Security Administrator Instructions";
-RU.VATS.00176-01 96 01 "Special software
"Amezit-V". Control example (method) of setting up the information security system during the
operation of the product”;
-RU.VATS.00177-01 32 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission
network. System Programmer's Guide";
-RU.VATS.00178-01 32 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. System Programmer's Guide";
-RU.VATS.00179-01 32 01 "Special software
subsystems for monitoring the Internet and the media. System
Programmer's Guide";
31
-RU.VATS.00180-01 32 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. System Programmer's Guide";
-RU.VATS.00181-01 32 01 "Special software
subsystems of primary information analysis. System Programmer's Guide";
32
specified in the act. If the results of the tests do not require adjustment of the design
documentation and refinement of the prototype, the decision on the act is not drawn up,
which should be reflected in the act, in this case, the act is approved by the General
Director of STC Vulkan LLC.
1.9.4 The preliminary test certificate is issued in two
copies with mailing to LLC STC Vulkan and FSUE RNIIRS.
33
Annex A
Test Methods
A.1 Method #1
A.1.1 This method is used to check the documentation of open source software
"Amezit-V" for compliance with the requirements of paragraphs 5.1.1–5.1.4, 9.5, 13.2.5–13.2.6,
13.3, 13.5.1–13.5.8, 13.6.1, 13.11–13.13, 13.17–13.19 of the ToR for MF ROC "Amezit-V". A.1.2
During the audit, the sufficiency and completeness of the documentation of the
Amezit-V software is assessed.
A.1.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
34
- the submitted documentation of SPO "Amezit-V" corresponds to
content and design requirements of GOST RV 15.110-2003, GOST RV
15.203-2001, GOST RV 2.902-2005, GOST RV 15.211-2002, GOST RV series
20.39.301-98–20.39.305-98, GOST RV 20.57.304-98, OTT 7.1.203-90, GOST
2.601-2006 and ESPD;
- developed and agreed with the lead contractor the following
documents on the protection of information from unauthorized access:
35
A.2 Method #2
A.2.1 In this technique, the composition of the SPO "Amezit-
B" for compliance with the requirements of clauses 3.1, 5.4.2.2, 5.4.2.3, 9.14 of the TOR for the Amezit-V R&D
center.
A.2.2 During the check, the completeness of the Amezit-V software is assessed.
A.2.3 Verification is performed by comparing the actual composition
a set of components of the SPO "Amezit-V" with the document
RU.VATS.00176-01 "Special software" Amezit-V ". Specification".
A.2.4 SPO "Amezit-V" is considered to have passed the tests according to clause A.2.3
of the test program and methodology and fulfill clauses 3.1, 5.4.2.2, 9.14 of the TOR for the
R&D MF, if:
- composition of software packages, operational and
program documentation on the nomenclature corresponds to the
document RU.VATS.00176-01 “Special software “Amezit-V”. Specification";
36
A.3.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.1 of the TOR for the MF
A.3.3.3 Start the traffic generator (HSC SCAT) to ensure stable traffic
(the file testdata15m 15 Mb in size is transmitted) passing through the test
bench. The procedure for launching and configuring the traffic generator
(APK SCAT) is given in the document RU.VATS.00177-01 32 01 “Special
software for the subsystem for forming an autonomous segment of the
data transmission network. System Programmer's Guide.
37
formation of an autonomous segment of the data transmission network.
System Programmer's Guide.
A.3.4 SPO PAS is considered to have passed the tests according to clauses
A.3.3.1-A.3.3.5 of the test program and methodology and fulfill clauses 3.2.1,
3.2.1.1 on the R&D MF, if the test bench provides traffic retransmission
(number of bytes received at the input port is equal to the number of bytes of
traffic transmitted to the output port of the D-link DGS-1100-24 router (15 Mb))
for all options for connecting the traffic generator using the listed types of
wired communication lines: Ethernet, GPON, DOCSIS , ADSL (DSLAM).
38
A.4.3.3 Launch the traffic generator (APK SCAT) for
ensuring stable traffic (the testdata25M file of 25 Mb in size is transferred). The
procedure for launching and configuring the traffic generator (APK SCAT) is
given in the document RU.VATS.00177-01 32 01 “Special software for the
subsystem for forming an autonomous segment of the data transmission
network. System Programmer's Guide.
A.4.3.4 Start the management software for the D-link DGS-1100-24
router from the operator's workstation (log in to the management console).
Instructions for working with the router are given in the document
RU.VATS.00177-01 32 01 “Special software for the subsystem for forming an
autonomous data network segment. System Programmer's Guide.
A.4.3.5 View D-link DGS-1100-24 router statistics. Make sure that the
number of bytes received on port 3 of the router is equal to the number of
bytes of traffic transmitted through the output port 22 of the Dlink
DGS-1100-24 router (25 Mb).
A.4.3.6 Simulate traffic from the side of a mobile device by launching a
virtual base station simulator (a 35 Mb testdata35M file is transmitted). The
base station simulator must be connected to port 4 of the D-link
DGS-1100-24 router. Instructions for connecting the VBS simulator and
creating traffic are given in the documents RU.VATS.00177-01 32 01 “Special
software for the subsystem for forming an autonomous segment of the
data transmission network. System programmer's guide” and
RU.VATS.00177-01 32 06 “Special software for the subsystem for forming an
autonomous segment of the data transmission network. Base station
management software. System Programmer's Guide.
A.4.3.8 View D-link DGS-1100-24 router statistics. Make sure that the
number of bytes received on port 4 of the router is equal to the number of
bytes of traffic transmitted through the output port 22 of the Dlink
DGS-1100-24 router (35 Mb).
39
A.4.4 SPO PAS is considered to have passed the tests according to clause A.4.3.1-
A.4.3.8 of the test program and methodology and performing paragraphs 3.2.1, 3.2.1.2 on
the R&D MF, if:
-the test bench provides traffic relaying from
using different types of wireless communication lines: GSM, GPRS, LTE,
CDMA, Wi-Fi, WiMAX (input traffic volume for each connection option is
equal to 25 Mb output traffic volume);
- test bench provides traffic relay from the side
virtual base station simulator (the volume of input traffic is equal to the volume of
output traffic of 35 Mb).
A.5 Method #5
A.5.1 In this technique, the SPO PAS is checked for
compliance with the requirements of clauses 3.2.1, 3.2.1.3 of the TOR for the Amezit-V R&D center.
A.5.2 In accordance with the requirements of clauses 3.2.1, 3.2.1.3 of the
ToR for the Amezit-V R&D SC, the SPO PAS must ensure the management of
third-party telecommunications equipment at the distribution level and core
level without authorization and with physical access to it for the following
equipment models :
- Huawei S5XXX series;
- Juniper MX40, MX80, MX10, MX104 series;
- Cisco 2000, 2500, 3000, 680x0-Based 4000, 7000 series;
- Extreme Networks Summit x430, x440, x450, x460 series;
D-Link DGS-3627, DGS-3620-28, DES-3200-10, DES-3200-24 series.
-
A.5.3 In order to check the SPO PAS for compliance with the
requirements, it is necessary to perform the actions described below.
40
repeatedly press shift+6+3 until you get a message in the console: Factory Default
Enable.................................. ...............
A.5.3.4 After the D-link DGS-1100-24 boots up, run the reset config
command and save the settings with the save command.
A.5.3.5 After rebooting the router, connect to the D-link DGS-1100-24
router from the operator's AWS (run the Terminal utility). Make sure you are
logging into the router's command line ">". Perform the installation of a
new password "12345".
A.5.3.6 On the PAS operator's workstation, configure the access acquisition
software (according to the factory settings) for the D-link DGS-1100-24 model.
A.5.3.7 To check the software method for gaining access to the
equipment on the PAS operator workstation, run the access gaining
software, specifying the IP address 10.10.10.113 of the D-link DGS-1100-24
router as a parameter. The procedure for gaining access is given in the
document RU.VATS.00177-01 92 02 “Special software for the subsystem for
forming an autonomous segment of the data transmission network. Access
Software. User guide".
A.5.3.8 View the results of the access software. Make sure that entries
containing password information have been generated to access the
management console of the D-link DGS-1100-24 router, the password is
found - "12345". The procedure for viewing the results is given in the
document RU.VATS.00177-01 92 02 “Special software for the subsystem for
forming an autonomous segment of the data transmission network. Access
Software. User guide".
A.5.3.9 On the AWS operator's workstation, perform one-by-one configuration
of the access acquisition software (according to the factory settings) for the following
equipment models:
- Huawei S5XXX series;
- Juniper MX40, MX80, MX10, MX104 series;
- Cisco 2000, 2500, 3000, 680x0-Based 4000, 7000 series;
- Extreme Networks Summit x430, x440, x450, x460 series;
-D-Link DGS-3627, DGS-3620-28, DES-3200-10, DES-3200-24 series.
A.5.3.10 On the PAS operator's workstation, start sequentially
launching the software for obtaining access for the listed equipment
models. Instructions for launching and setting up are given in the document
RU.VATS.00177-01 92 02 “Special software for the subsystem for forming an
autonomous data network segment. Access Software. User guide".
41
A.5.4 SPO PAS is considered to have passed the tests according to clause A.5.3.1-
A.5.3.10 of the test programs and methods and performing paragraphs 3.2.1,
3.2.1.3 on the R&D MF, if the user, having completed the physical connection
procedure via the RS-232 interface, was able to set a new password on the
device, as well as using the access acquisition software was able to obtain
password information (password "12345") that provides access to the network
device management software at 10.10.10.113 (D-link DGS-1100-24 router).
A.6.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.4 of the ToR
for the Amezit-V R&D center, the SPO PAS must ensure the collection, registration and
display of the following information:
A.6.2.1 With regard to the operation of controlled equipment that has
the ability to collect and provide its diagnostic information:
- state (working / not working);
- OS version;
event log entries;
-
- equipment load indicators.
N o t e . Hereinafter, controlled equipment refers to the hardware of
the PAS subsystem and telecommunications equipment of third parties
connected to the Amezit HSC (when gaining access to it).
42
A.6.3.2 Log in to the PAS management software interface by going to
section for viewing the parameters of controlled equipment. Instructions for
viewing the parameters of the controlled equipment are given in the
document RU.VATS.00177-01 92 05 “Special software for the subsystem for
forming an autonomous segment of the data transmission network.
Diagnostic and control software. User guide".
A.6.3.3 View server settings ServWin1.
A.6.3.4 SPO PAS is considered to have passed the tests according to clause A.6.3.1-
A.6.3.3 of the test programs and methods and performing paragraphs 3.2.1, 3.2.1.4 on
the R&D MF, if the user in the interface of the diagnostics and control software in the
section for viewing the parameters of the monitored equipment observes diagnostic
information about the operation of the equipment:
- state (Activated);
- OS version (Windows 10);
- load on the subsystem in the form of a graphCPU Load, Traffic on Eth1;
- the event log (Auth, Syslog, Messages, Application, Security,
System). A.6.3.5 Start the browser from the PAS operator workstation
and log in to the operator interface of the network traffic monitoring
software by going to the section for viewing connection statistics.
Instructions for working with software for monitoring network traffic are
given in documents RU.VATS.00177-01 92 07 “Special software for the
subsystem for forming an autonomous segment of a data transmission
network. Network traffic monitoring software. User guide"
A.6.3.6 View the connection log.
A.6.4 SPO PAS is considered to have passed the tests according to clause A.6.3.5-
A.6.3.6 of the test programs and methods and performing clauses 3.2.1, 3.2.1.4
on the R&D MF, if the user in the interface of the traffic monitoring software in
the connection statistics viewing section can see the connection log entries:
- date and time the connection was started, of the form:05/11/2018 14:31;
- date and time when the connection ended, of the form:05/11/2018 14:41;
- view client information:31.132.105.110: 21;
- view server information:87.242.79.110: 1358;
- protocol code or port number forTCP/UDP, type: FTP:
- the size of the transferred data, of the form:10084.
A.6.4.1 Start the browser from the PAS operator's workstation and enter the
operator interface of the network traffic monitoring software by going to the
route information viewing section. Instructions for working with the software
43
monitoring of network traffic is given in the documents RU.VATS.00177-01
92 07 “Special software for the subsystem for forming an autonomous
segment of the data transmission network. Network traffic monitoring
software. User guide".
A.6.4.2 From the PAS operator's workstation, launch the browser,
enter the D-link DGS-1100-24 router management software and view
information about routes on the router. Make sure that diagnostic
information is collected for the monitored equipment on the routes of
passing traffic and the routing information is displayed in the form of
routing tables. The procedure for viewing statistics is given in the document
RU.VATS.00177-01 34 07 “Special software for the subsystem for forming an
autonomous data network segment. Network traffic monitoring software.
User guide".
A.6.5 SPO PAS is considered to have passed the tests according to clauses
A.6.4.1-A.6.4.2 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.4 on
the R&D MF, if the user in the interface of the diagnostics and control software in the
section viewing the parameters of the controlled equipment observes the contents of
the routing table, of the form:
Destination Gateway Genmask Flags Metric Ref Use face
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.1 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
44
traffic is given in the document RU.VATS.00177-01 32 01 “Special software
for the subsystem for forming an autonomous segment of the data
transmission network. System Programmer's Guide.
А.7.3.3 Log in to the management console of the D-link DGS-1100-24
router from the PAS operator workstation. Instructions for working with the
D-link DGS-1100-24 router are given in the document RU.VATS.00177-01 32
01 “Special software for the subsystem for forming an autonomous data
network segment. System Programmer's Guide.
A.7.3.5 View D-link DGS-1100-24 router statistics. Make sure that the
traffic is being transmitted to the technical means of the primary
information analysis (server "SCAT for retrieval and analysis of traffic"), the
amount of traffic passing through port 19 is 25 Mb, the traffic speed is 100
Mbps.
A.7.4 SPO PAS is considered to have passed the tests according to clauses
A.7.3.1-A.7.3.5 of the test program and methodology and fulfill clauses 3.2.1,
3.2.1.5 on the R&D MF, if routing and traffic transmission are provided (number of
byte of the transferred file is equal to the number of bytes of traffic received by
the PPA equipment (25 MB)) at a speed of 100 Mbps.
A.8 Method No. 8
A.8.1 In this technique, the SPO PAS is checked for
compliance with the requirements of paragraphs 3.2.1, 3.2.1.6 of the TOR for the Amezit-V R&D center.
45
using the DHCP protocol. The procedure for viewing the parameters of the
AWS network connection is given in the document RU.VATS.00177-01 32 01
“Special software for the subsystem for forming an autonomous segment of
the data transmission network. System Programmer's Guide.
A.8.4 SPO PAS is considered to have passed the tests according to clauses
A.8.3.1-A.8.3.3 of the test program and methodology and fulfill clauses 3.2.1, 3.2.1.6
on the R&D center, if, when the AWS of the PAS operator is included in the
autonomous segment, automatic IP address setting:
C:\Users>ipconfig /all
IP protocol setting for Windows Ethernet
adapter Ethernet:
Connection DNS suffix . . . . . : domainpc.ru
Description. . . . . . . . . . . . . : Intel(R) Ethernet Connection I219-V Physical address. . . . . . . . . :
40-8D-5C-C9-41-17
DHCP enabled. . . . . . . . . . . : Yes Auto tuning is
enabled. . . . . . : Yes
IPv4 address. . . . . . . . . . . . : 10.0.6.146(Main) Subnet mask . . . . . . . . . . :
255.255.255.0
Stratum: 4 (secondary link - synchronized with (S)NTP) Peer Poll Interval: 15 (32768s)
46
document RU.VATS.00177-01 32 01 “Special software for the subsystem for
forming an autonomous segment of the data transmission network. System
Programmer's Guide.
A.8.6 SPO PAS is considered to have passed the tests according to clause A.8.5.1
of the program and test methodology and fulfill clauses 3.2.1, 3.2.1.6 on the R&D
center if, when the operator's workstation is turned on, automatic translation of
domain names of resources into IP addresses is performed using the DNS protocol:
C:\Users>nslookup mail.ru
dc03.domenpc.ru
Address: 10.0.0.20
47
A.9.3.4 Start traffic generation.
A.9.3.5 From the PAS operator's workstation, log in to the management console
router D-link DGS-1100-24. Instructions By work With
router are given in the document RU.VATS.00177-01 32 01 “Special software
for the subsystem for forming an autonomous data network segment.
System Programmer's Guide.
A.9.4 SPO PAS is considered to have passed the tests according to clauses
A.9.3.1-A.9.3.8 of the test program and methodology and fulfill clauses 3.2.1,
3.2.1.7 on the R&D MF, if traffic prioritization control is provided: for the http
protocol, the speed changed from 50 Mbps to 80 Mbps, and for the ftp protocol,
the speed changed from 50 Mbps to 20 Mbps.
A.10 Practice No. 10
A.10.1 In this methodology, the SPO PAS is checked for compliance with the
requirements of paragraphs 3.2.1, 3.2.1.8 of the TOR for the Amezit-V R&D SC.
A.10.2 In accordance with the requirements of clauses 3.2.1, 3.2.1.8 of the
ToR for the Amezit-V R&D SC, the SPO PAS should provide load balancing with
dynamic resource allocation.
A.10.3 In order to check the PAS SSS for compliance with the
requirements, it is necessary to perform the actions described below.
48
are given in the document RU.VATS.00177-01 32 01 “Special software for the
subsystem for forming an autonomous segment of the data transmission
network. System Programmer's Guide.
A.10.3.3 Set up the connection of the test bench to the Internet, in
which the test bench is connected to the Internet using two communication
channels.
A.10.3.4 Launch the traffic generator (HSC SCAT), which provides
stable traffic to resources located on the Internet. The procedure for
launching and configuring the traffic generator is given in the document
RU.VATS.00177-01 32 01 “Special software for the subsystem for forming an
autonomous data network segment. System Programmer's Guide.
49
network links changed from 50 Mbps for the first network link (port 2) and
50 Mbps for the second network link (port 3) to 100 Mbps for the first
network link (port 2) and 0 Mbps for the second network channel (port 3)
(automatic redirection of all traffic to a working communication channel).
50
A.11.3.7 Reselect the server ServWin1 and give the command to show
the list of available control scripts.
A.11.3.8 View control scripts. Make sure that the list of available
management scripts contains the IP address change script that was created
in the previous step.
A.11.3.9 Select the script for changing the IP address and give a command to
execute it.
A.11.3.10 Wait for the message that the script has been executed. А.11.3.11 Log in
to the management console of the server ServWin1 from the AWS of the PAS
operator.
A.11.3.12 Start the command line of the ServWin1 server, execute the ipconfig
command to view the network settings. Make sure that the management script was
successfully executed (IP address changed to 10.10.10.23).
A.11.4 SPO PAS is considered to have passed the tests according to clauses
A.11.3.1-A.11.3.12 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.9
on the R&D MF, if:
- in a single graphical interface, the user sees a list
controlled devices:
- server ServWin1;
- server ServDeb1;
- Operator workstation;
- D-link DGS-1100-24.
- in a single graphical interface, the user sees a list
scripts available for the selected network device (for example, for the
ServWin1 server):
- show OS version;
- show Application log;
- show Security log;
- show System log;
- change IP address.
51
A.12.3 In order to check the SSS PAS for compliance with the
requirements, it is necessary to perform the actions described below.
52
stand, the network IP address was translated (the sender's IP address
changed to 192.168.1.1 in outgoing packets).
A.12.4 SPO PAS is considered to have passed the tests according to clauses
A.12.3.1-A.12.3.8 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.10 on the R&D MF, if network address translation is provided: sender
network address 10.10 .10.12 was changed to 192.168.1.1 when the packet passed
through the D-link DGS-1100-24 router.
A.13 Practice No. 13
A.13.1 In this methodology, the SPO PAS is checked for compliance with the
requirements of paragraphs 3.2.1, 3.2.1.11 of the TOR for the Amezit-V R&D SC.
A.13.2 In accordance with the requirements of paragraphs 3.2.1,
3.2.1.11 of the ToR for the Amezit-V R&D SC, the SPO PAS should provide the
possibility of centralized control and monitoring of controlled equipment
resistant to unauthorized access using a single graphical interface that has
the ability to:
- viewing and editing the list of controlled equipment
(device, set of controlled parameters);
- definition of controlled parameters, input for controlled
parameters ranges of standard values;
- displaying the current parameters of the equipment in real time (with
set refresh rate);
- definition of events that require notification of the operator;
- remote firmware update;
- view diagnostic information.
N o t e . The monitored parameters can be any of the standard
parameters for controlled telecommunications equipment at the core level
and distribution level.
A.13.3 In order to check the SPO PAS for compliance with the
requirements, it is necessary to perform the actions described below.
53
Diagnostic and control software. System programmer's guide” and
RU.VATS.00177-01 92 05 “Special software for the subsystem for forming an
autonomous segment of the data transmission network. Diagnostic and
control software. User guide".
A.13.4 SPO PAS is considered to have passed the tests according to clauses
A.13.3.1-A.13.3.7 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.11 on the R&D MF, if:
- a server appeared in the list of controlled hostsservwin1;
- a graph appeared in the list of graphs of controlled parametersCPU
Load for server ServWin1;
-in the list of scripts forD-link DGS-1100-24 the script "Update
firmware version".
A.14 Practice No. 14
A.14.1 In this methodology, the SPO PAS is checked for compliance with the
requirements of paragraphs 3.2.1, 3.2.1.12 of the TOR for the Amezit-V R&D SC.
A.14.2 In accordance with the requirements of paragraphs 3.2.1, 3.2.1.12 of the
TOR for the MF R&D "Amezit-V" SPO PAS should provide interfacing with the channel-
forming equipment of various backbone data transmission networks.
54
A.14.3 In order to check the SPO PAS for compliance with the
requirements, it is necessary to perform the actions described below.
55
- at the distribution level (between access level switches and
distribution level): not less than 1 Gbit/s when the condition of "normal"
traffic is met, not less than 600 Mbit/s otherwise;
- at the access level (between the user and the level switch
access): for wired communication networks - at least 100 Mbps, for wireless
networks - at least 80 Kbps.
N o t e . Hereinafter, “normal” traffic is understood as traffic in which
the share of short packets (up to 64 bytes long) does not exceed 20%.
A.15.3 In order to check the SPO PAS for compliance with the
requirements, it is necessary to perform the actions described below.
A.15.3.5 View traffic statistics incoming to the SSS PAS. Make sure that
the data transfer rate supported by the SSW at the core level (between the
switches of the distribution level and the core level) meets the requirements
of paragraph 3.2.5.13 of the TOR (for the 10GBASE-LR physical interface) (if
the condition of "normal" traffic is met (the share of short packets ( up to 64
bytes) does not exceed 20%).
56
statistics is given in the document RU.VATS.00177-01 34 07 “Special software
for the subsystem for forming an autonomous segment of the data
transmission network. Network traffic monitoring software. User guide".
A.15.4 The SSS PAS is considered to have passed the tests in accordance
with clauses A.15.3.1-A.15.3.5 of the test program and procedure and fulfills
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the SSS PAS ensures the fulfillment of the
requirements for the assignment in terms of transmission rate data when the
condition of "normal" traffic is met (the share of short packets (up to 64 bytes
long) does not exceed 20%), supported by open source software at the core level
(between the switches of the distribution level and the core level): the data
transfer rate must be at least 10 Gbps (for a 10GBASE-LR physical interface) (when
the condition of “normal” traffic is met (the share of short packets (up to 64 bytes
long) does not exceed 20%).
A.15.4.1 Enter the traffic generator configuration interface, set the
parameters for generating traffic at a rate of 6 Gbps (the proportion of short
packets (up to 64 bytes long) exceeds 20%).
A.15.4.2 View traffic statistics incoming to the SSS PAS. Make sure that
the data transfer rate supported by the OS at the core level (between the
switches of the distribution level and the core level) meets the requirements
of paragraph 3.2.5.13 of the TOR (for the 10GBASE-LR physical interface) for
traffic that does not satisfy the “normality” condition.
A.15.5 The SSS PAS is considered to have passed the tests according to
clauses A.15.4.1-A.15.4.2 of the test program and procedure and fulfill clauses
3.2.1, 3.2.1.13 on the MF R&D, if the SSS PAS ensures the fulfillment of the
requirements for the assignment in terms of transmission rate data supported by
open source software at the distribution level (between the access level and
distribution level switches, if the traffic “normality” condition is not met (the share
of short packets (up to 64 bytes long) exceeds 20%), the data transfer rate should
be at least 6 Gbps.
A.15.5.1 Log in to the traffic generator configuration interface, set the
parameters for generating traffic at a rate of 1 Gbit/s (for physical interfaces
1000DFSE-T, 1000BASE-SX).
A.15.5.2 View the statistics of the traffic entering the PAS traffic
analysis SSW. Make sure that the data transfer rate supported by the SS at
the distribution level (between the switches of the access level and the
distribution level) meets the requirements of clause 3.2.5.13
57
The TOR for 1000DFSE-T or 1000BASE-SX physical interfaces must be at least
1 Gbps.
A.15.5.3 Log in to the traffic generator configuration interface, set the
parameters for generating traffic that does not meet the “normal” condition
at a rate of 600 Mbps (for physical interfaces 1000DFSE-T, 1000BASE-SX).
A.15.6 The PAS SSW is considered to have passed the tests in accordance
with clauses A.15.5.1-A.15.5.3 of the test program and procedure and fulfills
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the PAS SSW ensures the fulfillment of the
assignment requirements for the transfer rate data supported by open source
software at the distribution level (between the switches of the access level and the
distribution level, if the condition of “normal” traffic is not met (the share of short
packets up to 64 bytes in length exceeds 20%), the data transfer rate is at least 600
Mbps.
A.15.6.1 Log in to the traffic generator configuration interface, set the
traffic generation parameters at a rate of 100 Mbps for the 100BASE-FX
physical interface.
A.15.6.2 View traffic statistics incoming to the PAS SS. Make sure that
the data transfer rate supported by the SSW at the access level (between the
user and the access level switch) for wired communication networks
complies with the requirements of clause 3.2.5.13 of the TOR (for a
100BASE-FX physical interface).
A.15.7 The PAS SSW is considered to have passed the tests in accordance
with clauses A.15.6.1-A.15.6.2 of the test program and procedure and fulfills
clauses 3.2.1, 3.2.1.13 on the R&D MF, if the PAS SSW ensures the fulfillment of
the assignment requirements for the transfer rate data when the condition of
“normal” traffic is met (the share of short packets (up to 64 bytes long) does not
exceed 20%), at the access level the data transfer rate is at least 100 Mbps.
58
destinations for data transfer rates of wireless networks of at least 80 Kbps.
59
A.16.3.1 Assemble the test stand in accordance with the diagram in
Figure 3.
A.16.3.2 From the PAS operator's workstation, attempt to log in on behalf of
the administrator to the D-link DGS-1100-24 router.
A.16.3.3 SPO PAS is considered to have passed the tests according to
clauses A.16.3.1-A.16.3.2 of the test program and procedure and fulfill clauses
3.2.1, 3.2.1.14 on the R&D MF, if the user can see messages about the input
event type:
14:59:46 Warning 15:00:15 ServWin1 perfect
login
A.16.3.4 On the ServWin1 server, log in to the management console as
the "Administrator" user and create the User10 account.
A.16.3.5 SPO PAS is considered to have passed the tests according to clause
A.16.3.4 of the test program and procedure and fulfill clauses 3.2.1, 3.2.1.14 on the
R&D center if the user can see a message about creating accounts of the form:
A.16.3.6 From the operator's workstation, enter the SPO PAS and for the server
ServWin1 set the default working time from 16-00 to 23-00.
A.16.3.7 From the PAS operator's workstation, attempt to log in to the ServWin1
server under administrator rights at abnormal times (14-59).
A.16.3.8 SPO PAS is considered to have passed the tests in accordance with
clauses A.16.3.6-A.16.3.7 of the test program and procedure and fulfill clauses 3.2.1,
3.2.1.14 on the R&D MF, if the user can see a message about a login attempt during
non-routine times:
60
3.2.1.14 on the ROC MF, if the user can see a message about an attempt to log in
from an abnormal network node:
A.16.3.14 Enter the D-link DGS-1100-24 management software from the FAS operator
workstation (enter the management console) and change the configuration: disable port 14.
61
14:59:46 Warning 15:00:15 ServWin1 Software failure
A.16.3.21 Log in to the ServWin1 server from the AWP operator's workstation and
run the burnn.exe program (high load is simulated).
A.16.3.22 SPO PAS is considered to have passed the tests in accordance
with clause A.16.3.21 of the test program and procedure and fulfill clauses
3.2.1, 3.2.1.14 on the R&D MF, if the user can see a message about high
processor load:
14:59:46 Warning 15:00:15 ServWin1 CPULoad is too
high
A.16.3.23 Simulate network traffic growth on D-link DGS-1100-24 ports.
62
14:59:46 Warning 15:00:15 D-link DGS-1100-
24 Response time is too high on D-link DGS-1100-24 29s No
A.17 Practice No. 17
A.17.1 This method is used to check the SSS of the PKS for compliance with the
requirements of paragraphs 3.2.2, 3.2.2.1 of the TOR for the Amezit-V R&D SC.
A.17.2 In accordance with the requirements of paragraphs 3.2.2, 3.2.2.1 of the TOR for
the MF R&D "Amezit-V" SSS PKS should provide analysis of connections of an autonomous
segment of the data transmission network and collection of information at speeds up to 6
Gbps.
Note: Analysis and collection of information should be performed at the
application layer of the OS1 model.
А.17.3 To check the SSW of the PMS for compliance
requirements, follow the steps below.
A.17.3.1 Assemble the test bench in accordance with the diagram (see
Figure 4).
А.17.3.2 Connect the traffic generator (APK SKAT) to the test stand. The
procedure for connecting a traffic generator (APK SCAT) and setting up a
test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
A.17.3.3 Start the traffic generator, which provides stable traffic under
the application layer protocol of the OSI model at a speed of 6 Gbps, passing
through the SDN network traffic monitoring software (the mail010 file is
transmitted in the traffic). The procedure for launching and configuring the
traffic generator is given in the document RU.BATC.00178-01 34 01 “Special
software for the message control subsystem of an autonomous data
transmission network segment. Operator's Manual".
A.17.3.4 Log in to the operator interface of the SDN network traffic
monitoring software, go to the section for viewing connection statistics.
Description of the interface of the SDN network traffic monitoring software is
presented in the document RU.BATC.00178-01 34 01 “Special software for the
message control subsystem of an autonomous segment of the data transmission
network. Operator's Manual".
A.17.3.5 Log in to the SDN management console. Operating
instructions are given in document RU.BATC.00178-01 32-01 “Special
63
software for the message control subsystem of an autonomous segment of
the data transmission network. System Programmer's Guide.
A.17.3.6 View traffic statistics passing through the SDN. Make sure that
the connections of the data network segment are analyzed and information
about them is collected. The procedure for viewing statistics is given in
RU.BATC.00178-01 32 01 “Special software for the subsystem for monitoring
messages of an autonomous segment of a data transmission network. System
Programmer's Guide.
A.17.4 SPO PKS is considered to have passed the tests according to clauses
A.17.3.1-A.17.3.6 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.1 of
the TOR for the R&D MF, if:
- information is collected at speeds up to6 Gbps;
- analysis of the collected information is carried out (disassembly of protocols and
saving transmitted messages) (the file mail010 appeared in the output
directory).
A.18 Practice No. 18
A.18.1 This method is used to check the SSS of the PKS for compliance with the
requirements of clauses 3.2.2, 3.2.2.2 of the TOR for the Amezit-V R&D SC.
A.18.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.2 of the
ToR for the Amezit-V R&D SC, the PKS SSW must provide for the organization of
intermediate control nodes in order to analyze connections and identify
information when using IPSEC-type protocols.
A.18.3 In order to check the SSW of the PMS for compliance with the
requirements, it is necessary to perform the actions described below.
A.18.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.18.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting a traffic generator (APK SCAT) and setting up
a test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
64
A.18.3.4 Configure the SDN network traffic monitoring software to
extract and save password and address information (extraction is
performed by performing a MITM attack). The procedure for setting up the
SDN network traffic monitoring software is presented in the document
RU.BATC.00178-01 32 01 “Special software for the message control
subsystem of an autonomous segment of the data transmission network.
System Programmer's Guide.
A.18.3.5 Launch the traffic generator (HSC SCAT) that provides stable
traffic (traffic simulates an input to a resource with password and address
information: “user100” and “password100”) using the IPSEC protocol,
passing through the SDN network traffic monitoring software. Instructions
for working with the traffic generator are presented in the document
RU.BATC.00178-01 34 01 “Special software for the message control
subsystem of an autonomous data transmission network segment.
Operator's Manual".
A.18.3.6 Log in to the network traffic monitoring software running on
the intermediate host and navigate to the directory containing the extracted
address and password information. Instructions for working with network
traffic monitoring software are presented in the document
RU.BATC.00178-01 34 01 “Special software for the message control
subsystem of an autonomous segment of a data transmission network.
Operator's Manual".
A.18.3.7 View files containing password and address information.
Make sure that traffic is routed through the intermediate control node,
which provides access to information transmitted using protocols such as
IPSEC.
A.18.4 SSS PKS is considered to have passed the tests according to clauses
A.18.3.1-A.18.3.7 of the test program and methodology and fulfill clauses 3.2.2,
3.2.2.2 of the TOR for the R&D MF, if the operator, by organizing an intermediate
control unit (server SDN traffic storage) extracts password and address
information: "user100" and "password100".
A.19 Practice No. 19
A.19.1 This method is used to check the SSS of the PKS for compliance with the
requirements of clauses 3.2.2, 3.2.2.3 of the TOR for the Amezit-V R&D SC.
A.19.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.3 of the
ToR for the Amezit-V R&D MF, the PKS SSW should provide automatic
recognition and selection of files.
65
Notes:
1. List of file types to be recognized and selected:
HTML, GIF, JPEG, PNG, PDF, AVI, MPEG, DOC (DOCX), XLS (XLSX), PPT (PPTX),
PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3, WAV, BMP, CDR, RTF , CSV, MPP, PST,
XHTML, MHT, SXW, SXC, SXI, SXD, SXM, ODS, ODP, ODG, ODF, MDF, DBF, DB,
MYD, DBQUERY, VSD
2. List of protocols to be recognized and analyzed: FTP,
HTTP, POP/POP3, IMAP, SMTP, TELNET.
3. Measures must be taken to prevent
use of cryptographically protected versions of the specified protocols.
4. When processing mail messages, it must be extracted and
the following information is registered:
- date and time of transmission of the mail message;
- mail sender;
- list of recipients of the mail message;
- list of recipients of a copy of the mail message;
- the content of the mail message.
A.19.3 In order to check the SSW of the PMS for compliance with the
requirements, it is necessary to perform the actions described below.
A.19.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.19.3.2 Connect the traffic generator (HSC SCAT) to the test bench.
The procedure for connecting a traffic generator (APK SCAT) and setting up
a test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
66
autonomous segment of the data network. System Programmer's Guide.
A.19.3.5 Run a traffic generator that provides file transfer (list of file
types to be recognized and selected: HTML, GIF, JPEG, PNG, PDF, AVI, MPEG,
DOC (DOCX), XLS (XLSX), PPT (PPTX) ), PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3,
WAV, BMP, CDR, RTF, CSV, MPP, PST, XHTML, MHT, SXW, SXC, SXI, SXD, SXM,
ODS, ODP, ODG, ODF, MDF, DBF, DB, MYD, DBQUERY, VSD, by using the
protocols: FTP, HTTP, POP/POP3, IMAP, SMTP, TELNET Instructions for
working with the traffic generator are presented in the document
RU.BATC.00178-01 32 01 "Special software for the message control
subsystem of an autonomous segment of the data transmission network.
System programmer's guide".
67
A.19.3.10 Run a traffic generator that simulates mail traffic (file
mail010). Instructions for working with the traffic generator are presented
in the document RU.BATC.00178-01 32 01 “Special software for the message
control subsystem of an autonomous segment of a data transmission
network. System Programmer's Guide.
68
A.20 Practice No. 20
A.20.1 This method is used to check the SSS of the PKS for compliance with the
requirements of paragraphs 3.2.2, 3.2.2.4 of the TOR for the Amezit-V R&D SC.
A.20.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.4 of
the ToR for the Amezit-V R&D SC, the PKS SSW must ensure the prevention
of the use of user anonymization technologies, including:
- blocking network connections to anonymizing services on
based on URL filtering;
- blocking network connections to proxy servers based on
network address filtering;
- blockingnetwork connections to host IP addresses,
associated with Tor and I2P anonymization networks, identified based on
network address filtering;
- blocking connections on transport ports associated with
common HTTP proxy servers;
- blocking access toVPN services by lists of IP addresses/URLs;
- blocking connections on transport ports associated with
VPN services;
- blocking of widely advertised (basic) resources, with
which are distributing tools for organizing anonymous sessions (such as the
Tor Browser).
N o t e . The head contractor should form the initial filtering lists and
develop software tools to keep them up to date.
A.20.3.1 Assemble the test bench in accordance with the diagram (see
Figure 4).
A.20.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting a traffic generator (APK SCAT) and setting up
a test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
69
interface of the SDN network traffic monitoring software, as well as the
steps for setting it up, are given in the documents: RU.BATC.00178-01 32 01
“Special software for the message control subsystem of an autonomous
segment of the data transmission network. System programmer's manual”,
RU.BATC.00178-01 34 01 “Special software for message control subsystem
of autonomous segment of data transmission network. Operator's Manual".
70
autonomous segment of the data network. System Programmer's Guide.
A.20.3.9 View the log of the traffic generator. Make sure that all
attempts to organize connections using anonymization protocols have been
unsuccessful.
A.20.4 SSS SSS is considered to have passed the tests according to clauses
A.20.3.1-A.20.3.9 of the test program and methodology and fulfill clauses 3.2.2, 3.2.2.4
of the TOR on the R&D MF, if the SDN network traffic monitoring software performs
automatic blocking connections:
- to the proxy server (in this case, the blocked resources are specified in the form
list of IP addresses);
- to resourcewww.torproject.org (with blocked resources listed in
as a list of URLs);
- to transport ports2775, 32142 (at the same time, transport numbers
ports are listed).
A.21 Practice No. 21
A.21.1 This method is used to check the SSS of the PKS for compliance with the
requirements of paragraphs 3.2.2, 3.2.2.5 of the TOR for the Amezit-V R&D SC.
A.21.2 In accordance with the requirements of paragraphs 3.2.2,
3.2.2.5 of the TOR for the SC R&D "Amezit-V", the SSS SSS should block and
redirect client requests (HTTP/HTTPS) to legitimate GIS OP resources
(mirrors).
Notes:
1. Blocked resources are specified as a list of URLs (containing
hostname or IP).
2. For each of the blocked resources must be implemented
the ability to specify the IP address of the web server to which the incoming request
should be redirected.
3. The possibility of organizing several
mirrors (with different content) on the same IP.
A.21.3 To check the STRs of the PMS for compliance
requirements, follow the steps below.
A.21.3.1 Assemble the test bench in accordance with the diagram (see.
Figure 4).
A.21.3.2 Before starting the check, prepare duplicate sites of one
legitimate resource news000.ru (at least two different copies: news100.ru and
news200.ru). The preparation of a duplicate site is given in the documents:
71
RU.BATC.00178-01 32 01 “Special software for the message control
subsystem of the autonomous segment of the data transmission network.
System programmer's manual”, RU.BATC.00178-01 34 01 “Special software
for message control subsystem of autonomous segment of data
transmission network. Operator's Manual".
A.21.3.3 Log in to the operator interface of the SDN network traffic
monitoring software by going to the section for configuring IP addresses -
“twins” of the resources of the global public information system (GIS OP).
Description of the software interface for monitoring SDN network traffic is
given in the document RU.BATC.00178-01 34 01 01 “Special software for the
message control subsystem of an autonomous segment of the data
transmission network. Operator's Manual". Set up redirect rules from
news000.ru to news100.ru.
A.21.3.4 In the operator interface of the SDN network traffic monitoring
software, specify a list of IP addresses or host names that define the list of
resources, requests to which (via HTTP\HTTPS protocols) should be redirected.
Specify the IP address of the first duplicate site as a "double" resource.
Description of the SDN network traffic monitoring software interface is given in
the document RU.BATC.00178-01 34 01 “Special software for the message
control subsystem of the autonomous segment of the data transmission
network. Operator's Manual".
A.21.3.5 Connect the operator's workstation to the segment's network.
Description of the connection is given in the document RU.BATC.00178-01 32 01
“Special software for the message control subsystem of the autonomous segment
of the data transmission network. System Programmer's Guide.
A.21.3.6 On the operator's workstation, view the web page of a
legitimate resource. Make sure that the request was redirected to the first
duplicate site.
A.21.3.7 Log in to the operator interface of the SDN network traffic
monitoring software by going to the section for configuring IP addresses –
“twins” of resources. Set up the switching of a legitimate resource to the
second duplicate site. Description of the software interface for monitoring
SDN network traffic is given in the document RU.BATC.00178-01 34 01 01
“Special software for the message control subsystem of an autonomous
segment of the data transmission network. User guide".
A.21.3.8 On the operator's workstation, view the web page of a
legitimate resource. Make sure that the request was redirected to the
second duplicate site.
72
A.21.4 SPO PKS is considered to have passed the tests in accordance with clauses
A.21.3.1-A.21.3.8 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.5 of the
TOR for the R&D MF, if:
- redirection of client requests to legitimate
GIS EP resources (from the site news000.ru to the site news100.ru);
-the interface has the ability to configure a list of legitimate
GIS resources of the OP (news000.ru), the request to which should be
redirected to a duplicate site, while the PCS network traffic monitoring
software provides the ability to store several duplicate sites of a legitimate
resource (news100.ru, news200.ru).
A.22 Practice No. 22
A.22.1 This method is used to check the SSS of the PKS for compliance with the
requirements of paragraphs 3.2.2, 3.2.2.6 of the TOR for the Amezit-V R&D SC.
A.22.2 In accordance with the requirements of paragraphs 3.2.2, 3.2.2.6 of the
TOR for the MF R&D "Amezit-V", the SSS of the PKS should provide the ability to select
a given subscriber by setting the operator of a set of switching and address
characteristics, including IP addresses, IP masks, MAC addresses, addresses of
application layer protocols.
A.22.3 In order to check the SSW of the PMS for compliance with the
requirements, it is necessary to perform the actions described below.
A.22.3.1 Assemble the test bench in accordance with the diagram (see.
Figure 4).
A.22.3.2 Log in to the operator interface of the monitoring software
SDN network traffic, go to the section for entering the rules for selecting
subscriber information exchange materials. Description of the SDN network traffic
monitoring software interface is given in the document RU.BATC.00178-01 34 01
“Special software for the message control subsystem of the autonomous segment
of the data transmission network. Operator's Manual".
A.22.3.3 View the data entry form on the operator interface. Make sure
that the operator has the ability to select a subscriber by setting a set of
switching and address characteristics, including IP addresses (10.10.10.15),
IP masks (255.255.255.0), application layer protocols (ftp).
A.22.4 SSS PKS is considered to have passed the tests in accordance with clauses
A.22.3.1-A.22.3.3 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.6 of the
TOR on the MF R&D, if the operator in the interface has the opportunity to choose
73
subscriber by specifying a set of switching address features, including IP
address (10.10.10.15), IP mask (255.255.255.0), protocol (ftp).
A.23 Practice No. 23
A.23.1 This method is used to check the SSS of the PKS for compliance with the
requirements of clauses 3.2.2, 3.2.2.7 of the TOR for the Amezit-V R&D SC.
A.23.2 In accordance with the requirements of paragraphs 3.2.2, 3.2.2.7 of
the ToR for the MF R&D "Amezit-V", the SSS of the PKS should ensure the
formation, display and export of lists of sender subscribers and recipient
subscribers with topological links between them.
Note:
1. When forming the list, it should be possible to
setting the time period for which data will be selected for building a link
table, as well as the ability to set the maximum depth of calculated links.
A.23.3 In order to check the SSW of the PMS for compliance with the
requirements, it is necessary to perform the actions described below.
A.23.3.1 Assemble the test bench in accordance with the diagram (see.
Figure 4).
A.23.3.2 Log in to the network monitoring software interface
SDN traffic, go to the section for generating and displaying lists of sender
subscribers and recipient subscribers with topological links between them.
Description of the SDN network traffic monitoring software interface is
given in the document RU.BATC.00178-01 34 01 “Special software for the
message control subsystem of the autonomous segment of the data
transmission network. Operator's Manual".
A.23.3.3 View the data entry form in the SDN operator interface. Make
sure that the operator has the ability to set the time period for selecting
data on which to build a table of topological relationships.
A.23.3.4 View the data entry form in the SDN operator interface. Make
sure the operator is able to set the value
74
depth of links, which is used to build a table of topological links.
75
initiator of the contact), switching-address signs of contactors and the volume of
transmitted information of the subscriber, specified by the operator.
Note:
1. Network activity statistics should contain information:
- date and time of connection start;
- date and time when the connection ended;
- customer information (IP, port, domain name (if any);
- server information (IP, port, domain name (if any);
- protocol code according toRFC1700 or port number for
TCP/UDP;
- traffic volume.
2. The possibility of filtering, sorting and
export of network statistics.
A.24.3 To check the SSW of the PMS for compliance
requirements, follow the steps below.
A.24.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.24.3.2 Log in to the interface of the SDN network traffic monitoring
software, go to the network activity display section. Description of the SDN
network traffic monitoring software interface is given in the document
RU.BATC.00178-01 34 01 “Special software for the message control subsystem
of the autonomous segment of the data transmission network. Operator's
Manual".
A.24.3.3 Run the command to generate a report on network statistics and,
by viewing the report, make sure that the registration of summary data on the
time of contacts (indicating the initiator of the contact), switching and address
characteristics of contactors and the volume of transmitted information of the
subscriber is being performed. The description of the command to generate a
report on network statistics is given in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of an autonomous segment
of a data transmission network. User guide".
A.24.3.4 View the generated report. Make sure that the network
activity statistics contain information about the connection start date and
time, connection end date and time, client information (IP, port), server
information (IP, port), protocol code in accordance with RFC1700, or port
number for TCP/UDP, traffic volume. Description of report generation is
given in document RU.BATC.00178-01 92
76
01 “Special software for the message control subsystem of an autonomous
segment of the data transmission network. User guide".
A.24.3.5 Filter, sort and export the generated report. The description
of the filtering, sorting and export of the generated report is given in the
document RU.BATC.00178-01 92 01 “Special software for the message
control subsystem of the autonomous segment of the data transmission
network. User guide".
A.24.3.6 View the generated report. Make sure that the commands are
used to filter, sort the report and export the report to a file. Description of
the report generation is given in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of the autonomous
segment of the data transmission network. User guide".
A.24.4 SPO PKS is considered to have passed the tests according to clauses
A.24.3.1-A.24.3.6 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.8 of
the TOR for the R&D MF, if:
- contact time is logged in the user interface
(14:56:10), switching-address signs of contactors (10.10.10.15 and 192.168.1.10)
and volumes of transmitted information of the subscriber (105300 bytes);
- the user interface has the ability to filter, sort
and export of the generated report;
- the user interface has the ability to view statistics
network connections, which contains information about the connection start
time (14:56:10), connection end time (15:06:02), client (10.10.10.15:21),
server information (192.168.1.10), code protocol (ftp) traffic volume (105300
bytes).
A.25 Practice No. 25
A.25.1 This method is used to check the SSS of the PKS for compliance with the
requirements of paragraphs 3.2.2, 3.2.2.9 of the TOR for the Amezit-V R&D SC.
A.25.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.9 of the
TOR for the MF R&D "Amezit-V", the PKS SSS must ensure registration in the
information exchange drive (in full) for the subscriber specified by the
operator.
A.25.3 To check the SPO PKS for compliance
requirements, follow the steps below.
77
A.25.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.25.3.2 Connect the traffic generator (HSC SKAT) to the test bench.
The procedure for connecting a traffic generator (APK SCAT) and setting up
a test bench is given in the document RU.BATC.00178-01 32 01 “Special
software for the message control subsystem of an autonomous segment of
a data transmission network. System Programmer's Guide.
78
control of messages of an autonomous segment of the data transmission network.
User guide".
A.25.4 SPO PKS is considered to have passed the tests according to paragraphs
A.25.3.1-A.25.3.9 of the test program and procedure and fulfill paragraphs 3.2.2, 3.2.2.9 of the
TOR for the R&D MF, if:
- pickup rules are configured in the user interface
traffic to the specified subscriber (IP address 10.10.10.15 and FTP protocol);
- during the subscriber's work session, pickup and storage was performed
information exchange of the subscriber (a file with saved traffic file2036_pcap
appeared).
A.26 Practice No. 26
A.26.1 This method is used to check the SSS of the PKS for compliance with the
requirements of clauses 3.2.2, 3.2.2.10 of the TOR for the Amezit-V R&D SC.
A.26.2 In accordance with the requirements of clauses 3.2.2, 3.2.2.10 of the ToR for
the Amezit-V R&D SC, the PKS SSS should provide visualization of traffic and analysis of
the connections of the participants in the connections to the required level (building
communication graphs by MAC addresses, IP addresses , e-mail addresses (if there are
statistics of mail connections)).
Notes:
1. When building graphs for traffic visualization, there should be
the ability to set a time period for selecting data on which to build a graph.
79
6. It should be possible to export received
graph images.
7. When constructing a subscriber connection graph, it should be provided
the ability to asynchronously obtain a domain name by IP address (if
available).
А.26.3 To check the SSW of the PMS for compliance
requirements, follow the steps below.
A.26.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.26.3.2 Log in to the interface of the SDN network traffic monitoring
software, go to the section for building a communication graph by MAC
addresses. The description of the section interface is given in the document
RU.BATC.00178-01 34 01 “Special software for the message control subsystem of
the autonomous segment of the data transmission network. Operator's Manual".
A.26.3.3 Set the time period for selecting the data for which the graph should be
built in the interface of the section for building the communication graph by MAC
addresses.
A.26.3.4 Execute a command to build a communication graph by MAC
addresses. View the generated report. Make sure that links are visualized by
MAC addresses as a graph, in which nodes are shown as MAC addresses
(address in the form e0:db:55:d5:a9:0c), and links are built based on
connection statistics.
A.26.3.5 In the operator interface, go to the section for constructing a communication
graph by MAC addresses.
A.26.3.6 Execute the command to build a subscriber connection graph
by IP addresses (1.100.158.180). View the generated report. Verify that you
are visualizing links by IP addresses as a graph in which nodes are shown as
IP addresses (1.100.158.180 and 1.10.30.90) and links are built based on
connection statistics. Verify that selecting the IP address 1.100.158.180
shows the domain name: uhtainkebbv.com.
A.26.3.7 In the operator interface, go to the section for constructing a connection
graph by e-mail addresses.
A.26.3.8 Run a command to build a connection graph by email
addresses. View the generated report. Make sure that links are visualized by
e-mail addresses in the form of a graph, in which nodes are shown as e-mail
addresses, and links are built based on mail connection statistics from the
fields: mail message sender,
80
Translated from Russian to English - www.onlinedoctranslator.com
mail message recipient list, mail copy recipient list (btvjtqnb.edu and
uhtainkebbv.com).
A.26.4 SSS PKS is considered to have passed the tests according to clauses
A.26.3.1-A.26.3.8 of the test program and procedure and fulfill clauses 3.2.2,
3.2.2.10 of the TOR on the R&D MF, if the user interface has the ability to:
- set the time period for selecting the data on which to
build a graph;
- perform visualization of links by MAC addresses (address in the form
e0:db:55:d5:a9:0c) as a graph showing nodes as MAC addresses;
- visualize the connectionsIP addresses in the form of a graph in which
nodes are shown as IP addresses (1.100.158.180 and 1.10.30.90);
- visualize the connectionse-mail addresses in the form of a graph, in
in which nodes are shown as e-mail addresses (btvjtqnb.edu and uhtainkebbv.com);
- export graph images to filespng;
- getting a domain nameIP address (if available)
(1.100.158.180 - uhtainkebbv.com).
81
A.27.3 In order to check the SSW of the SMS for compliance with the
requirements, it is necessary to perform the actions described below.
A.27.3.1 Assemble the test bench according to the diagram (see Figure
4).
A.27.3.2 Log in to the operator interface of the key information search
software of the SDN processing node No. 1. Set the source directory, the location
for saving the processing results and the parameters of the processing task. The
description of the interface of the SDN key information search software is given in
the document RU.BATC.00178-01 34 01 “Special software for the message control
subsystem of an autonomous segment of the data transmission network.
Operator's Manual".
A.27.3.3 Place in the source directory of the SDN key information
search software of processing node No. 1 (built on the basis of FPGA) a set
of test data (testdatafpga) representing a set of files (DOC, DOCX, XLS, XLSX,
PPT, PPTX, PDF, ZIP, RAR), each of which is closed using DES, TripleDES, AES
128, AES 256 algorithms, md5, sha-1 hash functions. Wait until the search
for key information is completed. Instructions for configuring the source
directories and operation parameters of the open source software for
searching for key information are given in the document RU.BATC.00178-01
32 01 “Special software for the message control subsystem of an
autonomous segment of a data transmission network. System
Programmer's Guide.
A.27.3.4 View the records of the processing logs of the key information
search software of the SCS of processing node No. 1. Make sure that for the
files included in the test data array testdatafpga, key information was found
(file fpga001 (DOC, DOCX, XLS, XLSX, PPT formats , PPTX, PDF, ZIP, RAR)). The
search for key information is described in the document RU.BATC.00178-01
92 01 “Special software for the message control subsystem of an
autonomous data transmission network segment. User guide".
A.27.3.5 Log in to the operator interface of the key information search software
of the SDN processing node No. 2, set the source directory, the location for saving the
processing results and the parameters of the processing task.
A.27.3.6 Place in the source directory of the SCS key information
search software of processing node No. 2 (built on the basis of GPU) a set of
test data (testdatagpu) representing a set of files (DOC, DOCX, XLS, XLSX,
PPT, PPTX, PDF, ZIP, RAR), each of which
82
closed using DES, TripleDES, AES 128, AES 256 algorithms, md5, sha-1 hash
functions. Wait until the search for key information is completed. The search
for key information is described in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of an autonomous
data transmission network segment. User guide".
A.27.3.7 Review the records of the processing logs of the SSS for the
search for key information of the SDN of the processing node No. 2; make sure
that for the files included in the test data array testdatagpu, key information
was found (file gpu001 (DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, ZIP, RAR
formats)). Viewing records of processing logs of SSS for searching for key
information of the SDN is described in the document RU.BATC.00178-01 92 01
“Special software for the message control subsystem of an autonomous
segment of a data transmission network. User guide".
A.27.4 SPO PKS is considered to have passed the tests according to clauses
A.27.3.1-A.27.3.7 of the test program and procedure and fulfill clauses 3.2.2, 3.2.2.11
of the TOR for the R&D MF, if:
- implementation of distributed computing is provided;
- user with the help of open source software for searching for key information of the PCS
processing node No. 1 (built on the basis of FPGA) and the SSC key
information search software of the processing node no. XLSX, PPT, PPTX,
PDF, ZIP, RAR) and gpu001 (DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, ZIP, RAR
formats).
- Facebook;
- My world@mail.ru;
- Classmates;
- livejournal;
83
- Twitter;
- Google+;
- YouTube;
- Diary.ru;
- Liveinternet.ru;
- blog spot;
- Tumblr
- Renren Network;
- Web pages of the Internet and mass media.
A.28.2.1 Collection of information from the social network VKontakte should
include the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
84
- texts of comments (if technically possible) of posts;
- the number of comments;
- date of publication of posts;
- media (photo, video, audio attached to the post, if available
technical capability).
A.28.2.3 Collection of information from the social network Moi Mir@mail.ru
should include the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
85
- media (photo, video, audio attached to the post, if available
technical capability).
A.28.2.5 Collection of information from the social network LiveJournal should
include the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
86
The collection of information from the Google+ social network should include
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
87
- texts of reposts (if technically possible) of posts;
- Post repost URLs;
- the number of reposts;
- texts of comments (if technically possible) of posts;
- the number of comments;
- date of publication of posts;
- media (photo, video, audio attached to the post, if available
technical capability).
A.28.2.9 Collection of information from the social network Liveinternet.ru
should include the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
88
- the number of comments;
- date of publication of posts;
- media (photo, video, audio attached to the post, if available
technical capability).
A.28.2.11 Collection of information from the social network Tumblr shall include
the following data:
- post titles;
- post texts;
- Post URLs
- names of post authors;
- URL of the profile of the authors of the posts;
89
A.28.2.13 The collection of information from the Internet and the media should include
the following data:
- article titles;
- texts of articles;
- article URLs;
- geographic data (if technically possible)
articles;
- IP address (if technically possible) of the articles;
- the name of the authors (if technically possible) of the articles;
- URL of the profile of the authors of the articles;
90
A.28.3.4 At the top of the page, click on the search bar. The filter panel
will open.
A.28.3.5 On the filter panel, in the "Source" field, select the source of the
publication "vk.com".
A.28.3.6 On the filter panel, in the "Country" field, select the country of
publications "Russia" as the region of publication.
A.28.3.7 Close the filter panel by clicking on the "Close" button.
Displays publications from the social network VKontakte in Russia.
A.28.4 SPO PMS is considered to have passed the tests according to clauses
A.28.3.1-A.28.3.7 of the test program and methodology and fulfill clauses 3.2.3, 3.2.3.1
of the TOR on the Amezit-V R&D SC if:
- publications are displayed in the list of publications;
- next to each publication in the "Locations" field, only
selected region "Russia";
- next to each publication in the "Source" field, only
selected source "vk.com" (VKontakte);
- information about each publication contains the data specified in
clause 3.2.3.1 of the TOR for the MF R&D "Amezit-V" for the selected source of
publications.
A.29 Practice No. 29
A.29.1 This method is used to check the SPO PMS for compliance with the
requirements of clauses 3.2.3, 3.2.3.2 of the TOR for the Amezit-V R&D SC.
A.29.2 In accordance with the requirements of clauses 3.2.3, 3.2.3.2 of the ToR
for the Amezit-V R&D MF, the IMS SSS should ensure the identification of the source
of information.
A.29.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.29.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). In the list of
A.29.3.2 publications, click on the "Distribution Graph" icon
publications". A page will open that shows the distribution graph of
publications.
A.29.3.3 On the graph of distribution of publications, click on the leftmost
vertex of the graph. The page with the graph and data of the publication, which is
the primary source, will open.
91
A.29.4 SPO PMS is considered to have passed the tests in accordance with clauses
A.29.3.1-A.29.3.3 of the test program and procedure and fulfill clauses 3.2.3, 3.2.3.2 of the
TOR for the R&D MF, if:
- the distribution graph of publications was displayed with a time scale and
the extreme left vertex is the primary source of publications;
- when clicking on the leftmost vertex of the graph, which is
source, a page opens containing the following information about the
publication: author, text, date of publication, link to the source on the Internet.
A.30 Practice No. 30
A.30.1 In this methodology, the SPO of the IMS is checked for compliance with the
requirements of paragraphs 3.2.3, 3.2.3.3 of the TOR for the Amezit-V R&D SC.
A.30.2 In accordance with the requirements of paragraphs 3.2.3, 3.2.3.3 of the ToR
for the Amezit-V R&D SC, the ICP SSS should provide an analysis of the information
dissemination with the presentation of the results in a graphical form (in the form of a
distribution graph).
A.30.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.30.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). In the list of
A.30.3.2 publications, click on the "Distribution Graph" icon
publications". A window will open showing the distribution graph of
publications. The description of the SPO PMS interface is given in the
document RU.VATS.00179-01 92 01 “Special software for the Internet and
media monitoring subsystem. User guide".
A.30.4 The SPO PMS is considered to have passed the tests according to clauses
A.30.3.1-A.30.3.2 of the test program and procedure and fulfill clauses 3.2.3, 3.2.3.3 of the
TOR for the R&D MF, if:
- the distribution graph of publications was displayed;
- The vertices of the graph are arranged in chronological order in
according to the time scale, starting from the leftmost vertex of the vertex - the
primary source of information.
92
A.31.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.31.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). SPO ICP is
A.31.4 considered to have passed the tests according to clause A.31.3.1
programs and test methods and fulfilling clauses 3.2.3, 3.2.3.4 of the TOR for the
MF R&D, if:
- an emotional icon was displayed next to each publication,
for which the tonality of the text was assessed;
- hovering the mouse pointer over the emotion icon
a number was displayed indicating the tone of the publication in the range from -1 to
1;
- the emotional coloring icon is color-coded in
depending on the tonality value - from red (-1) to green (1). Neutral
coloration (0) is indicated in black.
A.32 Practice No. 32
A.32.1 This method is used to check the SPO PMS for compliance with the
requirements of clauses 3.2.3, 3.2.3.5 of the TOR for the Amezit-V R&D SC.
A.32.2 In accordance with the requirements of paragraphs 3.2.3, 3.2.3.5
of the TOR for the SC R&D "Amezit-V", the SPO PMS should ensure continuous
targeted search and selection of heterogeneous information in digital sources
of open access for a given thematic focus with the implementation of
geographical identification, its joint complex analysis on a geospatial basis.
A.32.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.32.3.1 Repeat points A.28.3.1 to A.28.3.7 (Method No. 28). Click the
A.32.3.2 menu icon at the top right of the page. Select "Themes"
A.32.3.3 from the drop-down menu. Will open
a page with a list of topics on which information is collected.
A.32.3.4 Click the Add button to create a new topic. The theme creation
window will open.
A.32.3.5 In the window that opens, enter:
- in the field "Name" - the name of the topic;
-in the "Keywords" field - a list of words or phrases, according to
which searches for publications;
93
- in the "Excluded words" field - a list of words or phrases, according to
which publications are excluded from the collection.
A.32.3.6Click on the "Save" button.
A.32.3.7Click on the icon at the top left of the page to
go to the start page. The start page will open, containing a list of topics
being monitored.
A.32.3.8 In the list of monitored topics, click on the created topic of
publications. A list of all collected publications on this topic will open.
94
A.33.2 In accordance with the requirements of paragraphs 3.2.3, 3.2.3.6
of the ToR for the SC R&D "Amezit-V", the SPO PMS should provide visualization
of the generalized results of thematic selection of information from open
digital sources on a digital interactive model of the globe (GIS) with the
possibility of detailing materials of interest and their selection.
A.33.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
95
- title of the article;
- the author of the article;
- article text;
- link to the source of the material;
- date of publication of the article;
A.34.4 The PMS SPO is considered to have passed the tests according to
clauses A.34.3.1-A.34.3.5 of the test program and procedure and fulfill clauses
3.2.3, 3.2.3.7 of the TOR for the R&D MF, if no errors occurred during the template
editing.
A.35 Practice No. 35
A.35.1 This method is used to check the SPO PMS for compliance with the
requirements of paragraphs 3.2.3, 3.2.3.8 of the TOR for the Amezit-V R&D SC.
A.35.2 In accordance with the requirements of clauses 3.2.3, 3.2.3.8 of the
ToR for the Amezit-V R&D SC, the IMS SSS should ensure the search, identification
based on key features and presentation of new information resources for analysis
to the operator to determine the need to collect information.
96
A.35.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.35.3.8 At the new source in the Active column, click the radio button
to include it in the collection procedure.
A.35.3.9 Perform the procedure for setting up templates for this
source according to the document RU.VATS.00179-01 34 01 “Special
software for the Internet and media monitoring subsystem. Operator's
Manual".
A.35.3.10 In the address bar, enter the address of the application server
and press the "Enter" key. The address of the application server is specified
after installing and configuring the SPO PMS in accordance with the document
RU.VATS.00179-01 32 01 “Special software for the Internet and media
monitoring subsystem. System Programmer's Guide. The login page will open.
97
software for the Internet and mass media monitoring subsystem.
Operator's Manual".
A.35.3.12 On the filter panel, in the Source field, select a new
publication source.
A.35.3.13 Close the filter panel by clicking on the "Close" button. Posts
from the new source will be displayed.
N o t e . New publications will appear in the next collection cycle, it is
necessary to wait from 5 to 30 minutes to receive publications.
A.35.1 SPO PMS is considered to have passed the tests according to clause A.35.3.1-
A.35.3.13 of the test program and methodology and fulfilling clauses 3.2.3, 3.2.3.8 of
the TOR for MF R&D, if:
- there were no errors during the procedure for setting search parameters;
- a new data source has appeared in the list of sources;
- the Active column of the new source is missing a flag;
- publications from a new source appeared in the list of publications.
- event report;
- person report.
A.36.2.1.1 The publication report shall include the following data:
98
- names of persons mentioned in publications;
- the number of mentions of persons by topic;
- the number of mentions of persons in each source;
- titles of publications;
- texts of publications;
- publication dates;
- sources of publications;
- authors of publications;
tone of the publication;
-
- geographical location of publications.
A.36.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the steps described below.
99
A.37 Practice No. 37
A.37.1 This method is used to check the SPO PMS for compliance with the
requirements of clauses 3.2.3, 3.2.3.10 of the TOR for the Amezit-V R&D SC.
A.37.2 In accordance with the requirements of clauses 3.2.3, 3.2.3.10 of the ToR for
the Amezit-V R&D center, the actions of the ICP SSS should not be defined as elements of
the infrastructure of state bodies.
A.37.3 In order to check the ICP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
100
A.38.4 SPO ICP is considered to have passed the tests according to clauses
A.38.3.1-A.38.3.4 of the test program and methodology and fulfill clauses 3.2.3,
3.2.3.11 of the TOR on the R&D MF, if the texts of articles from the Twitter social
network were displayed in Russian.
101
operator2, password: password, role: collection operator) according to the
document RU.VATS.00179-01 32 01 “Special software for the Internet and
media monitoring subsystem. System Programmer's Guide.
A.39.3.3 At the top of the page, click on the menu icon. A.39.3.4 In the
menu, select the “Exit” item. The login page will open.
A.39.3.12 At the top of the page, click on the menu icon. A.39.3.13 In
the menu, select the “Exit” item. The login page will open.
102
in the "Keywords" field - a list of words or phrases, according to
-
which searches for publications;
- in the "Excluding words" field - a list of words or phrases, according to
which publications are excluded from the collection.
A.39.3.19 Click on the "Save" button.
A.39.3.20 At the top of the page, click on the icon to go to the start
page. The start page with the topics being tracked will open.
A.39.3.21 At the top of the page, click on the menu icon. A.39.3.22 In
the menu, select the “Exit” item. The login page will open.
A.39.3.27 In the address bar, enter the address of the server containing
the settings of the collector, located on the information collection server, and
press the "Enter" key. The address of the server containing the collector
settings is specified after installing and configuring the SPO PMS in accordance
with the document RU.VATS.00179-01 32 01 “Special software for the Internet
and media monitoring subsystem. System Programmer's Guide.
A.39.3.28 On the authorization page, enter authentication data (login:
operator3, password: password) and click on the "Login" button. A page with a
list of sources will open.
A.39.3.29 At the top of the page, click on the menu icon. A.39.3.30 In
the menu, select the “Exit” item. The login page will open.
103
A.39.3.34 On the authorization page, enter authentication data (login:
operator1, password: password) and click on the “Login” button. Access will be
denied.
A.39.4 SPO PMS is considered to have passed the tests in accordance with clauses
A.39.3.1-A.39.3.34 of the test program and procedure and fulfill clauses 3.2.3, 3.2.3.12 of
the TOR for the R&D MF, if:
list of monitored topics for the useroperator1 is different
-
from the list of monitored topics for user operator2;
- operatoroperator3 does not have access to the tracking interface
topics;
- operator1 and operator2 do not have access to configurators;
- administratoradmin sees the monitored topics operator1 and opera-
tor2;
- administratoradmin has access to collector settings. A.40
Practice No. 40
A.40.1 This method is used to check the SSW for compliance with the
requirements of paragraphs 3.2.4, 3.2.4.1 of the TOR for the Amezit-V R&D SC.
A.40.2 In accordance with the requirements of paragraphs 3.2.4, 3.2.4.1 of the TOR for the MF
OKR "Amezit-V" SPO POT should provide testing
telecommunications equipment at the distribution level and the core level for the
possibility of penetration by an external intruder and the possibility of installing
third-party expansion modules using the following approaches:
definition in the automated mode of network settings (IP address
-
subnet mask) when connected to a network segment for searching and
scanning telecommunications equipment and life support systems;
104
- automated search for vulnerabilities for identified
software versions of telecommunications equipment and life support systems
according to the built-in database of vulnerabilities (in this case, a procedure for
updating the built-in database of vulnerabilities should be provided);
- installation of expansion modules in the form of command scripts when
having administrative access to manage the device.
Notes:
1. A solution must be provided to counteract
detection of password brute force attempts by information security systems
(including built-in ones).
2. The procedure for updating the vulnerability database should be
automated.
A.40.3 Verification is performed in accordance with paragraphs A.40.4-
A.40.14.1.
A.40.4 To check the determination of network settings in automated
mode (IP address, subnet mask) when connected to a network segment to
search and scan telecommunications equipment and life support systems, it
is necessary to check the possibility of determining network settings in
automated mode when connected to a network segment with DHCP-
enabled by following the steps below.
A.40.4.1 Assemble the stand in accordance with the scheme (see Figure
2). Launch the dhcp server, which is part of the test bench's switching
equipment, or on the DD-WRT node as a service with the address range
10.0.6.10-250 assigned.
A.40.4.2 Run SPO POT on ARM POT: " # pot ".
A.40.4.3 Select the menu item: "File" → "Connection manager".
A.40.4.4 In the Network Connection Methods dialog box, select
item "DHCP client" and click on the "Next" button.
A.40.4.5 In the dialog box that appears, click on the "Start" button and wait
for the value to appear in the "IP found" field.
A.40.4.6 In a separate console window, type the command: "#ifconfig".
A.40.4.7 In a separate console window, execute the command (specifying the IP address
DD-WRT node):
ping -c4 10.0.6.207
105
values of network interface parameters displayed in the console,
-
match the values in the connection manager interface;
- receivedparameter values in the manager interface
connections correspond to the values of the IP address parameters specified in the scheme
of the stand;
- availability information was displayed in the AWP POT console window
node like this:
PING 10.0.6.207 (10.0.6.207) 56(84) bytes of data. 64 bytes from 10.0.6.207:
icmp_seq=1 ttl=255 time=17.9 ms 64 bytes from 10.0.6.207: icmp_seq=2
ttl=255 time=2.27 ms ms 64 bytes from 10.0.6.207: icmp_seq=4 ttl=255
time=1.19 ms
A.40.5.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
Disable
A.40.5.2 service DHCP test contour (on
switching equipment or DD-WRT node).
A.40.5.3 On the ARM POT, run the SPO POT by executing in the console window ".
command: " # pot
A.40.5.4 Select the menu item: "File" → "Connection manager".
A.40.5.5 In the Network Connection Methods dialog box, select
item "Manually" and click on the "Next" button.
A.40.5.6 Select the value of the network interface "Interface" - "eth0".
A.40.5.7 Specify the values ip= "10.0.6.50", mask= "255.255.255.0",
Leave the MAC address unchanged.
A.40.5.8 Click on the "Connect" button.
A.40.5.9 In the AWP POT console window, type the command (indicating the IP address
DD-WRT host): " ping -c4 10.0.6.207 ".
A.40.5.10 Enable service DHCP test contour (on
switching equipment or DD-WRT node).
106
A.40.5.11 The check in accordance with clauses A.40.5.1-A.40.5.10 is
considered successful if the AWP POT console window displays information about
the availability of the DHCP server of the following form:
PING 10.0.6.207 (10.0.6.207) 56(84) bytes of data. 64 bytes from 10.0.6.207:
icmp_seq=1 ttl=255 time=17.9 ms 64 bytes from 10.0.6.207: icmp_seq=2
ttl=255 time=2.27 ms ms 64 bytes from 10.0.6.207: icmp_seq=4 ttl=255
time=1.19 ms
A.40.6.1 Assemble the stand in accordance with the scheme (see Figure
2). Launch the dhcp server, which is part of the test bench's switching
equipment, or on the DD-WRT node as a service with the address range
10.0.6.10-250 assigned.
A.40.6.2 Run the SSW POT on the workstation POT by executing the command: “#pot” in the
console window.
A.40.6.3 Select the menu item: "File" → "Connection manager".
A.40.6.4 In the Network Connection Methods dialog box, select
"Automatically" and click on the "Next" button.
A.40.6.5 Select the value of the network interface "Interface" - "eth0".
A.40.6.6 Click on the "Search" button.
A.40.6.7 Wait for three values to be found (discovery process
will end automatically).
A.40.6.8 Select one of the found values and click the button
Next.
A.40.6.9 In the window that appears, leave the input fields unchanged and
click on the "Connect" button.
A.40.6.10 In a separate console window, execute the command (indicating the IP address
of the DD-WRT host): "ping -с4 10.0.6.207".
A.40.6.11 Checking in accordance with clauses A.40.6-A.40.6.10 is considered
successful if information about the availability of a node of the following form is
displayed in the console window of AWS POT:
107
PING 10.0.6.207 (10.0.6.207) 56(84) bytes of data. 64 bytes from 10.0.6.207:
icmp_seq=1 ttl=255 time=17.9 ms 64 bytes from 10.0.6.207: icmp_seq=2
ttl=255 time=2.27 ms ms 64 bytes from 10.0.6.207: icmp_seq=4 ttl=255
time=1.19 ms
108
A.40.8 To check the possibility of determining in an automated mode
open transport ports on telecommunications equipment and life support
systems, the following steps should be performed, described below.
A.40.8.1 Assemble the stand in accordance with the diagram (see Figure
2).
A.40.8.2 Run the APCS test traffic generation utility in a separate terminal
from the SSW SSW distribution directory in a separate terminal by executing
the command: “#./test/trafficGenerator”.
A.40.8.3 Run the SSW POT on the workstation POT by executing the command: “#pot” in the
console window.
A.40.8.4Press the "Run" button on the control panel.
A.40.8.5In the dialog box that appears, the "Scan group name" field
leave unchanged, set the scanning mode "Scan type" to the "Active" mode.
109
Press the "Run" button on the control panel.
A.40.9.3
In the dialog box that appears, the "Scan group name" field
A.40.9.4
leave unchanged, set the scanning mode "Scan type" to the "Active" mode.
110
A.40.10.5 In the dialog box that opens, leave the "Scan group name"
field unchanged, set the "Scan type" scanning mode to "Active".
111
A.40.11.7 Set the password for the user "root:toor" by executing the
command: "passwd root".
A.40.11.8 Run the command: "sudo service sshd restart".
A.40.11.9 Run the "bfd -s" command and add the task to cron with a
check interval of 1 minute.
A.40.11.10 On the POT workstation, start the PSS POT by executing the
command: “#pot”. A.40.11.11 Press the "Run" button (gray triangle in the
control panel).
A.40.11.12 In the dialog box that appears, leave the “Scan group
name” field unchanged, set the “Scan type” scanning mode to “Active”.
A.40.11.23 Wait for the alert window “Found a password for service ssh!”
to appear.
A.40.11.24 Go to the Bruteforce detector node.
A.40.11.25 Run the command: "bfd -a".
A.40.11.26 The verification in accordance with paragraphs A.40.11.1-
A.40.11.25 is considered successful if:
112
- the message "Found a password for service ssh!";
- when choosing "Authentication" for the Bruteforce detector node
the value of this password is displayed";
- the command will give the following content (list of attacking nodes
will be empty):
Brute Force Detection v1.5-2 < bfd@r-fx.org > (C)
1999-2014, R-fx Networks < proj@r-fx.org >
(C) 2014, Ryan MacDonald < ryan@r-fx.org >
This program may be freely redistributed under the terms of the GNU GPL [+] Top 25 brute
force attackers today
# TRIGS IP FIRST_SEEN LAST_SEEN RULES [+] Top 25
brute force attackers this week
# TRIGS IP FIRST_SEEN LAST_SEEN RULES
113
А.40.13.3 Reinstall the database (for the purposes of cleaning) on the workstation
POTS by executing the command: “./install.sh”.
A.40.13.4 On the workstation POT, launch the PSS POT by executing the command: "#pot" in
the console window.
A.40.13.5 Select the menu item "File" → "Vulnerability database search".
A.40.13.6 Enter the keyword "Windows" and click on the button in the form
of a magnifying glass. Make sure there are no search results.
A.40.13.7 Select the menu item “File” → “Vulnerability database update”.
A.40.13.8 Select the "From file" item and click on the "Update" button.
A.40.13.9 In the dialog box, select the allitems-cvrf-year-2018.xml file.
A.40.13.10 Wait for the update process to complete.
A.40.13.11 Select the menu item "File" → "Vulnerability database search".
A.40.13.12 Enter the keyword "Windows" and click on the button in the form
of a magnifying glass. Make sure you have search results.
A.40.13.13 The verification in accordance with paragraphs A.40.13.1-
A.40.13.12 is considered successful if:
- there are no search results for the keyword in point A.40.13.6;
- there are search results for the keyword in the paragraph
A.40.13.12.
A.40.14 To check the installation of add-on modules in the form of
command scripts with administrative access to device management, follow
the steps described below.
A.40.14.1 Execute command scenarios By violation
functioning of network devices manufactured by Cisco, Juniper and Huawei
in accordance with the document RU.VATS.00180 -01 31 01 “Special software
for the analysis subsystem of information and technical objects of
telecommunication systems. Description of the application" Appendix 1.
114
A.41 Practice No. 41
A.41.1 This method is used to check the SSW for compliance with the
requirements of clauses 3.2.4, 3.2.4.2 of the TOR for the Amezit-V R&D SC.
A.41.2 In accordance with the requirements of paragraphs 3.2.4,
3.2.4.2 of the ToR for the Amezit-V SC R&D, the SSW should ensure load and
functional testing aimed at blocking the operation of telecommunications
equipment, with the following requirements:
- generate specific corporate or
operator networks of a combination of traffic at a speed of at least 40 Gbit / s;
- provide connectivity to the network by technologyethernet
and Fiber Optic;
- provide the ability to download sample network traffic for
using it as a test load;
- provide the ability to modify recorded trafficDoS-
attacks to organize the redirection of this traffic to the tested node.
A.41.3 Verification is performed in accordance with paragraphs A.41.4 to
A.41.8.13.
A.41.4 To test the possibility of generating traffic combinations specific
to specific corporate or operator networks at a speed of at least 40 Gbit/s,
the following steps should be performed, described below.
A.41.4.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
A.41.4.2 Run SPO POT on ARM POT by executing in the console window
command: "#pot".
A.41.4.3 Select the traffic generation control menu item “File” →
“Traffic generator”.
A.41.4.4 In the field "Source: IP range" enter the value: 8.8.8.1 / 8.8.8.255. In
A.41.4.5 the field "Destination: IP range" enter the value: 10.0.6.1 /
10.0.6.255.
A.41.4.6 Press the "Start" button.
A.41.4.7 The verification in accordance with paragraphs A.41.4.1 to
A.41.4.6 is considered successful if:
- on the panel "Packets" it is possible to view the packages
generated traffic;
- on the panel "Statistics” displays the statistics of the current session;
115
- packet generation speed in the statistics panel (line "gb/s :")
is at least 39 (taking into account the effective bandwidth of the channel).
116
A.41.6.5 In accordance with the software documentation for the SCAT
“Traffic Generator” HSC, connect via ssh protocol to the “Traffic Generator”
HSC SCAT from AWS POT.
A.41.6.6 Execute the ping command, specifying the destination address - the IP
address of the DVL node assigned in accordance with the bench configuration.
A.41.6.7 The verification in accordance with paragraphs A.41.6.1 to
A.41.6.6 is considered successful if:
- in the console of APK SCAT Traffic Generator, information about
availability of the DVL node;
in the SPO POT, an interface for managing traffic generation was
-
displayed. A.41.7 To test the ability to download network traffic
samples for use as a test load, you must perform the following steps,
described below.
A.41.7.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
A.41.7.2 Run SPO POT on ARM POT by executing in the console window
command: "#pot". In the program settings, specify the parameters for connecting to
the APK "SKAT. Traffic Generator" in accordance with the stand specification.
A.41.7.3 Select the menu item for uploading network traffic samples “File”
→ “Upload traffic”.
A.41.7.4 In the dialog box, select (by clicking "...") the test pcap file
provided with the SCAT. Traffic Generator.
A.41.7.5 Click on the "Upload" button and wait for the process to complete
downloads.
A.41.7.6 Close dialog box.
A.41.7.7 Select the traffic generation control menu item "File-
> traffic generator.
A.41.7.8 Click on the "Load pcap dump from file" button. Select the
A.41.7.9 pcap file loaded into the device's memory.
A.41.7.10 Press the "Start" button.
A.41.7.11 The verification in accordance with paragraphs A.41.7.1-
A.41.7.10 is considered successful if:
- in the panel "Packets” displays the packets of generated traffic;
- in the panel "Statistics" displays statistics for the current session. A.41.8
To check the possibility of modifying the recorded traffic of a DoS attack in
order to organize the redirection of this traffic to the node under test, you must
perform the following steps, described below.
117
A.41.8.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
A.41.8.2 Run SPO POT on ARM POT by executing in the console window
command: "#pot". In the program settings, specify the parameters for connecting to
the APK "SKAT. Traffic Generator" in accordance with the stand specification.
A.41.8.3 Select the menu item for uploading network traffic samples “File”
→ “Upload traffic”.
A.41.8.4 In the dialog box, select (by clicking “...”) the test pcap file
provided with the APK “SKAT. Traffic Generator.
A.41.8.5 Click on the "Upload" button and wait for the process to complete
downloads.
A.41.8.6 Close dialog box.
A.41.8.7 Select the traffic generation control menu item “File” →
traffic generator.
A.41.8.8 Click on the "Load pcap dump from file" button. Select the
A.41.8.9 pcap file loaded into the device's memory.
A.41.8.10 In the field "Source: IP range" enter: 8.8.8.1 / 8.8.8.255.
A.41.8.11 In the "Destination: IP range" field enter: 10.0.6.1 / 10.0.6.255.
A.41.8.12 Press the "Start" button.
A.41.8.13 The verification in accordance with paragraphs A.41.8.1-
A.41.8.12 is considered successful if:
- in the panel "Packets” displays the packets of generated traffic;
- in the panel "Statistics" displays statistics for the current session. A.41.9 SPO
POT is considered to have passed the tests according to clauses A.41.4-A.41.8.13 of
the test program and procedure and fulfill clauses 3.2.4, 3.2.4.2 of the TOR for the R&D
MF, if the checks of clauses A.41.4.7 are successfully completed, A.41.5.7, A.41.6.7,
A.41.7.11, A.41.8.13.
118
Notes:
1. Stands should provide a visual display on models in
scale not less than 1:70 and 1:87 (stand No. 1 and stand No. 2, respectively)
features of automation in subject areas.
2. The composition of the stands should include typical for the simulated spheres
sensors, actuators, typical technological processes should be modeled.
119
A.42.4.4 Checking in accordance with paragraphs A.42.4-A.42.4.3 is
considered successful if, as a result of process control in the user interface
of launch complex No. 1, features of automation in subject areas are
displayed on a scale of at least 1:70 and 1:87.
A.42.5 To check the composition and operation of the launch complex No. 1, it is
necessary to perform the actions described below.
A.42.5.1 Assemble the stand in accordance with the diagram (see Figure
2).
120
A.42.5.2 Comparison of the composition of the stand with the
composition of the stand declared in RU.VATS.00180-01 92 02 “Special
software for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 1. Control stand of the
railway automated process control system. User guide".
A.42.5.3 Checking in accordance with paragraphs A.42.5-A.42.5.2 is
considered successful if the composition of the stand corresponds to the
composition of the stand declared in RU.VATS.00180-01 92 02 objects of
telecommunication systems. Start-up complex No. 1. Control stand of the
railway automated process control system. User guide". The stand includes
sensors and actuators typical for the simulated spheres.
121
telecommunication systems. Start-up complex No. 2. Stand for control of automated
process control systems for life support systems of a settlement and production. User
guide".
A.42.6.3 Checking in accordance with paragraphs A.42.6-A.42.6.2 is
considered successful if the composition of the stand corresponds to the
composition of the stand declared in RU.VATS.00180-01 92 03 “Special
software for the information analysis subsystem technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User guide". The stand includes sensors and actuators
typical for the simulated spheres.
A.42.6.4 Run the ProgS_PLC program on the workstation of the APCS
operator in accordance with RU.VATS.00180-01 92 03 “Special software for the
analysis subsystem of information and technical objects of telecommunication
systems. Start-up complex No. 2. Stand for control of automated process
control systems for life support systems of a settlement and production. User
guide".
A.42.6.5 In accordance with RU.VATS.00180-01 92 03 “Special software
for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User Guide" in the user interface to perform process
control:
- to simulate the flow of oil products through the pipeline,
by pumping a dark liquid;
- check the indication of the level of liquids in the tanks;
- check the indication of the operation of the pump unit by turning
blades;
- check status indication (on/off).
A.42.6.6 The verification in accordance with paragraphs A.42.6.4-
A.42.6.5 is considered successful if the simulation of typical technological
processes is performed.
A.42.7 In order to check the launch complex No. 1 for the simulation of
ARP-spoofing attacks that lead to violations of the simulated technological
processes, it is necessary to perform the actions described below.
A.42.7.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
122
A.42.7.2 On the attacker's workstation, from the Scripts-S folder in the
console, run a set of scripts in accordance with RU.VATS.00180-01 92 02
“Special software for the analysis subsystem of information and technical
objects of telecommunication systems. Start-up complex No. 1. Control
stand of the railway automated process control system. User guide".
A.42.7.3 In accordance with RU.VATS.00180-01 92 02 “Special software
for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 1. Control stand of the
railway automated process control system. User Guide" to simulate attacks
such as ARP-spoofing, leading to violations of the simulated technological
processes:
- typical malicious information impact on the network
stand infrastructure;
- complex harmful information impact aimed at
to change the parameters of the technological process at the stand using
special software.
A.42.7.4 The verification in accordance with paragraphs A.42.7-A.42.7.3 is
considered successful if, as a result of modeling attacks of the ARPspoofing
type at launch complex No. 1, a violation of the simulation of technological
processes occurred.
A.42.8 To check the launch complex No. 2 for the simulation of ARP-
spoofing attacks that lead to violations of the simulated technological
processes, it is necessary to perform the actions described below.
A.42.8.1 Assemble the stand in accordance with the scheme (see figure Figure
2).
A.42.8.2 On the attacker's workstation from the Scripts-E folder in the console
run a set of scripts in accordance with RU.VATS.00180-01 92 03 “Special
software for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User guide".
A.42.8.3 In accordance with RU.VATS.00180-01 92 03 “Special software
for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User Guide" to simulate ARP-type attacks
123
spoofing, leading to violations of the simulated technological processes:
124
A.42.10 To check the implementation of emergency situations at the launch
complex No. 2, it is necessary to perform the actions described below.
A.42.10.1 Assemble the test bench in accordance with the diagram in Figure
2. A.42.10.2 On the attacker’s workstation, launch the program “Checking
the implementation of the program” in accordance with RU.VATS.00180-01 92 03
“Special software for the information analysis subsystem - technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement and
production. User guide".
A.42.10.3 In accordance with RU.VATS.00180-01 92 03 “Special
software for the analysis subsystem of information and technical objects of
telecommunication systems. Start-up complex No. 2. Stand for control of
automated process control systems for life support systems of a settlement
and production. User Guide" in the user interface to simulate emergency
situations:
- unauthorized closing of valves;
- unauthorized stop of the pump unit;
- overflow of tanks;
- spills of raw materials on the surface of the layout;
- cavitation on the pump unit, accompanied by vibration of the pump
unit;
- overheating of the pump unit, accompanied by smoke of the unit;
- smoke from the oil heating station in case of exceeding the operating
temperatures.
A.42.10.4 Checking in accordance with paragraphs A.42.10-A.42.10.3 is
considered successful if, as a result of their implementation, the violation of
the simulated technological processes is accompanied by visual changes in
the operation of the mock-up (activation of a light alarm, collision of objects,
smoke emission, etc.). .P.).
A.42.11 The SPO POT is considered to have passed the tests according to clauses
A.42.4-A.42.10.4 of the test program and procedure and fulfill clauses 3.2.4, 3.2.4.3 of the
TOR for the R&D MF, if:
- a stand for monitoring information and technical objects of systems was created
life support with the ability to visualize the mechanisms of impacts in the
composition of:
- launch complexNo. 1 - control stand of the railway automated control system
TP;
125
- launch complexNo. 2 - stand for control of automated process control systems
life support of the settlement and production;
- successfully completed checks of points A.42.4.4, A.42.4.9, A.42.5.3,
A.42.5.6, A.42.6.3, A.42.6.6, A.42.7.4, A.42.8.4, A.42.9.4, A.42.10.4.
A.43 Practice No. 43
A.43.1 This method is used to check the SSW for compliance with the
requirements of clause 3.2.4.4 of the TOR for the Amezit-V R&D center.
A.43.2 In accordance with the requirements of clauses 3.2.4, 3.2.4.4 of the ToR, a
set of methods for reverse engineering of embedded software (HPE) should be
developed at the Amezit-V R&D center, consisting of:
- a technique for restoring the circuitry features of key
nodes;
- methodology for determining the presence of debugging interfaces;
- method for obtaining an image of control malware through software analysis
updating (if present) and reading the ROM using the programmer;
- methods for restoring the storage structure of malware;
- methodology for determining the basic system of commands, the location of modules
VPO in the address space of the microprocessor;
techniqueconducting research (reverse) of HPE modules
-
(static analysis), determination of key algorithms for the interaction of
components and modules;
- a technique for determining and restoring the algorithms responsible for
network interaction and firmware update;
- methodology for analyzing and describing the possibilities of technological
protocols;
- methodology for analyzing the mechanisms used to protect malware from
unauthorized update
- methodology for modifying malware in order to check the possibility of introducing
changes;
- techniquehighlighting key components (controllers,
processors, memory) using a sample Cisco device as an example;
- algorithm for establishing relationships between key components
on the example of a sample Cisco device;
determination algorithmJTAG interface (on the example of a sample
-
Cisco devices;
- determination algorithmUART interface (on the example of a sample
Cisco devices);
126
- analysis of the control key components of the target system on
the presence of internal memory;
algorithm for extracting malware from internal memory (if any) on
-
sample Cisco device;
- description of the features of obtaining an image of a control malware from a ROM with
with the help of a programmer
- analysis of update software on the example of a sample deviceCisco;
- restoration of the malware storage structure;
- development of a methodology for determining the basic system of commands for
characteristic hardware platforms of the Cisco device;
- analysis of the location of malware modules in the address space
microprocessor and development of an algorithm for identifying malware modules on the
example of a sample Cisco device.
A.43.3 Verification is performed in accordance with paragraphs A.1.1-A.1.3.3 of Methodology No.
Methodology No. 1.
A.43.4 The SPO FOT is considered to have passed the tests in accordance with clause A.43.3
of the program and test procedure and fulfill clause 3.2.4.4 of the TOR for the SC R&D, if a
collection of embedded software reverse engineering techniques (HPE) has been developed,
consisting of:
- a technique for restoring the circuitry features of key
nodes;
- methodology for determining the presence of debugging interfaces;
- method for obtaining an image of control malware through software analysis
updating (if present) and reading the ROM using the programmer;
- methods for restoring the storage structure of malware;
- methodology for determining the basic system of commands, the location of modules
VPO in the address space of the microprocessor;
techniqueconducting research (reverse) of HPE modules
-
(static analysis), determination of key algorithms for the interaction of
components and modules;
- a technique for determining and restoring the algorithms responsible for
network interaction and firmware update;
- methodology for analyzing and describing the possibilities of technological
protocols;
- methodology for analyzing the mechanisms used to protect malware from
unauthorized update
- methodology for modifying malware in order to check the possibility of introducing
changes;
127
- techniquehighlighting key components (controllers,
processors, memory) using a sample Cisco device as an example;
- algorithm for establishing relationships between key components
on the example of a sample Cisco device;
-determination algorithmJTAG interface (on the example of a sample
Cisco devices;
- determination algorithmUART interface (on the example of a sample
Cisco devices);
- analysis of the control key components of the target system on
the presence of internal memory;
algorithm for extracting malware from internal memory (if any) on
-
sample Cisco device;
- description of the features of obtaining an image of a control malware from a ROM with
with the help of a programmer
- analysis of update software on the example of a sample deviceCisco;
- restoration of the malware storage structure;
- development of a methodology for determining the basic command system for
characteristic hardware platforms of the Cisco device;
- analysis of the location of malware modules in the address space
microprocessor and development of an algorithm for identifying malware modules on the
example of a sample Cisco device.
A.44.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.44.3.2 Connect the traffic generator (HSC SCAT) to the test bench.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document
128
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.44.3.3 Run a traffic generator that provides stable traffic passing
through the PPA traffic pickup software from node 10.10.10.15 using the ftp
protocol. The procedure for launching and configuring the traffic generator
is given in the document RU.BATC.00181-01 32 01 “Special software for the
subsystem of primary information analysis. System Programmer's Guide.
129
A.45.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.2 of
the ToR for the Amezit-V R&D SC, the PPA must ensure the organization of
intermediate control nodes in order to gain access to information
transmitted using protocols such as IPSEC.
A.45.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.45.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.45.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.45.3.3 Run a traffic generator that provides stable traffic via the
IPSEC protocol passing through the PPA traffic pickup software (traffic
simulates entering a resource with password and address information:
"user300" and "password300"). The procedure for launching and
configuring the traffic generator is given in the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.45.3.4 Connect the PPA traffic pickup software (as an intermediate
control node) to the test stand. The procedure for setting up the test bench
is given in the document RU.BATC.00181-01 32 01 “Special software for the
subsystem of primary information analysis. System Programmer's Guide.
130
A.45.3.7 Review files, containing password-address
information. Make sure that traffic is routed through the intermediate
control node, which provides access to information transmitted using
protocols such as IPSEC.
A.45.3.8 Log in to the operator interface of the PPA traffic pickup
software and go to the saved traffic viewing section. The procedure is given
in the document RU.BATC.00181-01 34 01 “Special software for the
subsystem of primary information analysis. Operator's Manual".
A.45.3.9 View the contents of files containing saved traffic. Verify that
traffic containing the IPSEC protocol is collected and saved for analysis as
"pcap" files. The procedure for viewing the contents of files is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. User guide".
A.45.4 SPO PPA is considered to have passed the tests according to clauses
A.45.3.1-A.45.3.9 of the test program and methodology and fulfill clauses 3.2.5,
3.2.5.2 of the TOR for the R&D SC, if the operator, by organizing an intermediate
control unit, extracts the password -address information: "user300" and
"password300".
A.46 Practice No. 46
A.46.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.3 on the Amezit-V R&D center.
A.46.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.3 of the
ToR for the Amezit-V R&D MF, the PPA SSW must provide automatic recognition
and selection of files.
Notes:
1. List of file types to be recognized and selected:
HTML, GIF, JPEG, PNG, PDF, AVI, MPEG, DOC (DOCX), XLS (XLSX), PPT (PPTX),
PPS, ZIP, GZIP, ARJ, RAR, BZIP, MP3, WAV, BMP, CDR, RTF , CSV, MPP, PST,
XHTML, MHT, SXW, SXC, SXI, SXD, SXM, ODS, ODP, ODG, ODF, MDF, DBF, DB,
MYD, DBQUERY, VSD.
2. List of protocols to be recognized and analyzed: FTP,
HTTP, POP/POP3, IMAP, SMTP, SNMP, TELNET, Web-mail, SIP, H323, SKYPE,
SSH, protocols for transferring electronic messages between users
(including the InstantMessaging protocol), including messages sent via
social networking services.
131
3. Measures must be taken to prevent
use of cryptographically protected versions of the specified protocols.
A.46.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.46.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.46.3.2 Connect the traffic generator (APK SCAT) to the test bench.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.46.3.3 Run a traffic generator that generates traffic that transfers
files. The list of transferred files is given in the appendix of the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
132
A.46.3.6 Enter file recognition rules. The list of formats of recognizable
files is given in the appendix of the document RU.BATC.00181-01 32 01
“Special software for the subsystem of primary information analysis. System
Programmer's Guide. The procedure for setting up recognition rules is given
in the document RU.BATC.00181-01 34 01 “Special software for the
subsystem of primary information analysis. Operator's Manual".
A.46.3.8 Log in to the operator interface of the PPA traffic analysis SSW
and go to the section for viewing the results of extracting files from traffic.
The procedure is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.46.3.9 Log in to the operator interface of the PPA traffic analysis
software and go to the section for viewing connection blocking results. The
procedure is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.46.3.10 Review the results and verify that files have been extracted
and saved from the traffic in accordance with the configured rules. The list
of files, their sizes and checksums correspond to those given in the
appendix of the document RU.BATC.00181-01 32 01 “Special software for the
subsystem of primary information analysis. System Programmer's Guide.
133
and in accordance with the list of protocols (FTP, HTTP, POP / POP3, IMAP,
SMTP, SNMP, TELNET, Web-mail, SIP, H323, SKYPE, SSH, protocols for
transferring electronic messages between users (including the
InstantMessaging protocol)) .
A.47 Practice No. 47
A.47.1 In this method, the PPA software is checked for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.4 on the Amezit-V R&D center.
A.47.2 In accordance with the requirements of paragraphs 3.2.5, 3.2.5.4 of the
TOR for the SC R&D "Amezit-V", the PPA SSW should provide automated preparation
and deployment of "twins" for legitimate GIS OP resources in the autonomous
segment of the data transmission network.
Note: as a technology for creating "twins" for legitimate resources,
use:
-for static resources - copying information up to a third
degree of nesting;
- for dynamic resources - copying the main page from
the possibility of registering identification information (password address
information).
A.47.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.47.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.47.3.2 Enter the operator interface of the open source software for
creating "twins" of legitimate GIS resources of the EP and go to the section
for creating "twins" of static resources. The procedure for creating “double”
sites is given in the document RU.BATC.00181-01 34 01 “Special software for
the primary information analysis subsystem. Operator's Manual".
A.47.3.3 Specify the address of the original legitimate resource of the GIS
OP (news1000.ru), for which it is necessary to create a “double” site. The source
resource structure must consist of static web pages.
A.47.3.4 Specify the address where the twin site is to be deployed.
134
Make sure that information is copied up to the third degree of nesting of the
original legitimate resource.
A.47.3.7 Enter the operator interface of the open source software for
creating “twins” of legitimate GIS OP resources, go to the section for
creating “twins” of dynamic resources. The procedure is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
A.47.3.8 Specify the address of the original legitimate resource of the GIS OP
for which it is necessary to create a "double" site. The structure of the original
resource should consist of dynamic web pages.
A.47.3.9 Specify the address where the twin site is to be deployed.
A.47.3.10 Start the procedure for creating a "twin" site. A.47.3.11 At the
end of the procedure, view the page structure of the “double” site
located at the deployment address. Make sure that the copy of the main
page is completed with the possibility of registering the identification
information (password address information) of the original resource. The
procedure for viewing a copy of the deployed “double” site is given in the
document RU.BATC.00181-01 34 01 “Special software for the primary
information analysis subsystem. Operator's Manual".
A.47.4 PPA SSS is considered to have passed the tests according to clauses
A.47.3.1-A.47.3.11 of the test program and procedure and fulfill clauses 3.2.5,
3.2.5.4 of the TOR for the R&D MF, if the user uses the SSS to create "twins" of
legitimate GIS resources, the OP was able to carry out automated preparation and
deployment of a twin for the news1000.ru resource in an autonomous segment of
the data transmission network.
A.48 Practice No. 48
A.48.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.5 on the Amezit-V R&D center.
A.48.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.5 of
the TOR for the SC R&D "Amezit-V", the PPA SSW should block and redirect
client requests (HTTP/HTTPS) to legitimate GIS OP resources (mirrors).
Notes:
1. Blocked resources are specified as a list of URLs (containing
hostname or IP).
2. It should be possible for the blocked resource to specify an IP address
the web server to which the incoming request should be redirected.
135
3. The possibility of organizing several
mirrors (with different content) on the same IP address.
A.48.3 To check the PPA SSS for compliance
requirements, follow the steps below.
A.48.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.48.3.2 Log in to the operator interface of the PPA traffic pickup
software and go to the section for setting up “twins” of GIS OP resources.
The procedure is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.48.3.3 In the operator interface of the PPA traffic pickup software,
specify a list of URLs (news1000.ru) that define the list of resources, requests
to which (via HTTP, HTTPS protocols) should be redirected. The procedure
for setting up the list of redirected resources is given in the document
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
A.48.3.4 In the interface of the PPA traffic pickup SSW operator, specify
a list of URLs (news2000.ru and news3000.ru) that define the prepared sites
- "twins" of the GIS OP. The procedure is given in the document
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
A.48.3.5 Launch a browser on the operator's workstation connected to
the autonomous segment and execute a client request to the resource
(news1000.ru), which should be redirected to the prepared "double" site.
A.48.3.6 View the web page displayed by the browser and make sure
that the request was redirected to the "double" site (news2000.ru).
A.48.4 The SPO PPA is considered to have passed the tests according to clauses
A.48.3.1-A.48.3.6 of the test program and procedure and fulfill clauses 3.2.5, 3.2.5.5 of the
TOR for the R&D MF, if:
-SSW PPA provides redirection of client (HTTP, HTTPS)
requests to news1000.ru on prepared sites-"twins" of GIS OP (news2000.ru
and news3000.ru);
- PPA traffic pickup operator has the ability to configure
the list of resources, the request to which should be redirected (news1000.ru);
136
- PPA traffic pickup operator has the ability to configure
a list of "double" sites to which the request should be redirected
(news2000.ru and news3000.ru);
A.49 Practice No. 49
A.49.1 This method is used to check the PPA software for compliance with
the requirements of clauses 3.2.5, 3.2.5.6 on the Amezit-V R&D center.
A.49.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.6 of the TOR
for the Amezit-V SC OCR, the PPA SSS should provide the ability to select a given
subscriber of an autonomous segment of the data transmission network by setting by
the operator a set of switching and address characteristics, including IP - addresses,
IP masks, MAC addresses, addresses for application layer protocols.
A.49.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.49.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.49.3.2 Log in to the operator interface of the SSS traffic pickup software
and go to the section for entering subscriber traffic saving rules. The
procedure for entering the rules for saving subscriber traffic is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
A.49.3.3 View the input form and make sure that the operator has the
ability to select a given subscriber by specifying a set of switching address
characteristics, including IP addresses (10.10.10.15), IP masks
(255.255.255.0), MAC addresses, addresses application layer protocols (ftp).
A.49.4 PPA SSS is considered to have passed the tests in accordance with
clauses A.49.3.1-A.49.3.3 of the test program and methodology and fulfills clauses
3.2.5, 3.2.5.6 of the TOR on the PPA MF, if the operator in the SSS interface of the PPA
traffic pickup at entering the rules for selecting and saving subscriber traffic, it has
the ability to select a subscriber by setting (10.10.10.15), IP mask (255.255.255.0), MAC
address, address of application layer protocols (ftp).
137
A.50.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.7 of the ToR for the
Amezit-V SC OCD, the PPA SSW must ensure the identification of data transmission channels
of the communication and control systems of the opposing party.
A.50.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.50.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.50.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.50.3.3 Log in to the operator interface of the PPA traffic pickup
software and go to the section for setting the rules for detecting data
transmission channels of the communication and control systems of the
opposing side. The procedure is given in the document RU.BATC.00181-01 34
01 “Special software for the subsystem of primary information analysis.
Operator's Manual".
A.50.3.4 Introduce the rules for detecting data transmission channels of the
communication and control systems of the opposing side, setting the criteria for
"suspiciousness" (connections to the IP address 10.10.10.100 and the ftp protocol).
The procedure for setting the criteria is given in the document RU.BATC.00181-01
34 01 “Special software for the subsystem of primary information analysis.
Operator's Manual".
A.50.3.5 Run a traffic generator to create traffic simulating the data
transmission channels of the communication and control systems of the
adversary, passing through the PPA traffic pickup SS. The procedure for
launching and configuring the traffic generator is given in the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.50.3.6 Log in to the operator interface of the PPA traffic analysis software and
go to the section for viewing messages about detected data transmission channels of
the communication and control systems of the opposing side.
A.50.3.7 View messages about the detection of data transmission channels
and make sure that data transmission channels of the opposing side's
communication and control systems have been detected from the passing traffic,
and the following information is displayed for each detected channel:
138
- connection time;
- subscriber (IP address, port);
- recipient (IP address, port);
- protocol;
- traffic volume.
A.50.4 SPO PPA is considered to have passed the tests according to clauses
A.50.3.1-A.50.3.7 of the test program and procedure and fulfill clauses 3.2.5, 3.2.5.7 of the
TOR for the R&D MF, if:
- SSW PPA provides identification of data transmission channels of systems
communication and control of the opposing party by identifying connections
that meet the criteria of "suspiciousness" (connections with the IP address
10.10.10.100 and the ftp protocol);
- user in the operator interface of PPA traffic analysis open source software
can see messages about the detection of data transmission channels of the
communication and control systems of the opposing side, containing information:
connection time, subscriber (IP address, port), recipient (IP address, port), protocol,
traffic volume: 14:56:10; 10.10.10.100:21; 192.168.1.10:1329; ftp; 105300 bytes.
A.51.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.51.3.2 Log in to the operator interface of the PPA traffic pickup
software and go to the section for configuring traffic intended to disrupt the
normal operation of the opposing side's communication equipment. The
procedure is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.51.3.3 Specifying the IP address 10.10.10.200, select the
communication equipment (technical
139
a means of monitoring objects of telecommunication systems), the
operation of which should be disrupted. The procedure is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
А.51.3.4 In the PPA traffic pickup SS operator interface, select a file
(attack_pcap) containing saved traffic with specially prepared packet
parameters and intended to disrupt the normal operation of
communication equipment. The procedure is given in the document
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
140
A.52.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.52.3.2 Log in to the operator interface of the PPA traffic pickup
software and go to the section for viewing the operation mode and the
composition of the telecommunications equipment. The procedure is given
in the document RU.BATC.00181-01 34 01 “Special software for the
subsystem of primary information analysis. Operator's Manual".
A.52.3.3 Start preparing a report containing the operating modes and the
composition of the telecommunications equipment of the node at
10.10.10.200. The procedure for generating a report is given in the document
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
A.52.3.4 View the generated report and make sure that the operating mode
is defined and displayed for the equipment, as well as the composition of the
telecommunications equipment.
A.52.3.5 View content ensure that formed report And
when displayed operating mode And composition
telecommunications equipment shows the following information:
- equipment status (working / not working);
- used protocols;
- Type of equipment.
A.52.4 PPA SSS is considered to have passed the tests according to clauses
A.52.3.1-A.52.3.5 of the test program and procedure and fulfill clauses 3.2.5, 3.2.5.9 of the
TOR for the R&D midrange, if the PPA SSS ensures the determination of the operating
mode and composition node of telecommunication equipment 10.10.10.200.
A.53.3.1 Assemble the test bench according to the diagram (see Figure
5).
141
A.53.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.53.3.3 Log in to the operator interface of the PPA traffic pickup
software and go to the section for setting the rules for detecting data
transmission channels of critical information objects. The procedure for
setting up rules is given in the document RU.BATC.00181-01 34 01 “Special
software for the subsystem of primary information analysis. Operator's
Manual".
A.53.3.4 Introduce rules for identifying data transmission channels of
critical information objects by specifying a set of criteria (connections to IP
address 10.10.10.11 and SNMP protocol).
A.53.3.5 Start a traffic generator to create traffic containing data
transmission channels of critical information objects and passing through
the PPA traffic pickup SS (file_SNMP). The procedure for launching and
configuring the traffic generator is given in the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.53.3.6 Log in to the operator interface of the PPA traffic analysis
software and go to the section for viewing messages about detected data
transmission channels of critical information objects. The procedure for
viewing messages is given in the document RU.BATC.00181-01 34 01
“Special software for the subsystem of primary information analysis.
Operator's Manual".
A.53.3.7 View data link discovery messages and verify that data links of
critical information objects have been identified from passing traffic, and
the following information is displayed for each detected link:
- connection time;
- subscriber (IP address, port);
- recipient (IP address, port);
- protocol;
- traffic volume.
A.53.4 PPA SPO is considered to have passed the tests according to clauses
A.53.3.1-A.53.3.7 of the test program and procedure and fulfill clauses 3.2.5, 3.2.5.10 of
the TOR for the R&D MF, if:
142
- SSW PPA provides detection of data transmission channels
critical information objects of the connection with the IP address 10.10.10.11
and the SNMP protocol.
A.54 Practice No. 54
A.54.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.11 on the Amezit-V R&D center.
A.54.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.11 of the ToR
for the Amezit-V R&D MF, the PPA SSS must ensure the identification of information
resources of the opposing side.
A.54.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.54.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.54.3.2 Connect the traffic generator (HSC SKAT) to the test bench.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
А.54.3.3 Log in to the operator interface of the PPA traffic pickup SS
and go to the section for setting the rules for detecting information
resources of the opposing party. The procedure for setting the rules for
identifying information resources is given in the document
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
A.54.3.4 Introduce rules for identifying information resources of the
opposing side by specifying a set of connection criteria to IP address
10.10.10.115 on port 13333.
A.54.3.5 Start the traffic generator to create traffic containing
connections to IP address 10.10.10.115 on port 13333 (pcap_13333 file) and
passing through the PPA traffic capture software. Resources are specified by
a set of criteria: IP address, port, protocol, URL, host name (SNI), Common
Name (CN). The procedure for launching and configuring the traffic
generator is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
143
A.54.3.6 Log in to the operator interface of the PPA traffic analysis SSW
and go to the section for viewing messages about detected resources of the
opposing party. The procedure for viewing messages is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
A.54.3.7 Review resource discovery messages and verify that adversary
information resources are identified from passing traffic that meet
predetermined criteria.
A.54.4 SPO PPA is considered to have passed the tests according to clauses
A.54.3.1-A.54.3.7 of the test program and procedure and fulfill clauses 3.2.5, 3.2.5.11 of
the TOR for the R&D MF, if:
- user in the operator interface of PPA traffic analysis open source software
can see adversary resource discovery messages containing the following
information: connections to a host with IP address 10.10.10.115 on port
13333.
A.55 Practice No. 55
A.55.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.12 on the Amezit-V R&D center.
A.55.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.12 of
the TOR for the MF OCR "Amezit-V", the PPA PPA must ensure registration in
the information exchange drive (in full) of the subscriber specified by the
operator.
A.55.3 To check the SPO PPA for compliance
requirements, follow the steps below.
A.55.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.55.3.2 Connect the traffic generator (HSC SKAT) to the test bench.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.55.3.3 Log in to the operator interface of the PPA traffic acquisition
software and go to the section for setting the rules that determine the subscriber
whose traffic should be saved. The procedure is given in the document
144
RU.BATC.00181-01 34 01 “Special software for the subsystem of primary
information analysis. Operator's Manual".
A.55.3.4 Enter the rules for saving traffic in the operator interface of the PPA
traffic pickup software for the selected subscriber of the connection to the IP
address 10.10.10.111 via the ftp protocol. The procedure for entering rules is
given in the document RU.BATC.00181-01 34 01 “Special software for the
subsystem of primary information analysis. Operator's Manual".
A.55.3.5 Start the traffic generator to create a stable information
exchange on behalf of the selected subscriber passing through the PPA
traffic pickup SS (the testdataftp file is transferred). The procedure for
launching and configuring the traffic generator is given in the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.55.3.6 Log in to the operator interface of the PPA traffic analysis
software and go to the saved traffic viewing section. The procedure for
viewing the saved traffic is given in the document RU.BATC.00181-01 34 01
“Special software for the primary information analysis subsystem.
Operator's Manual".
A.55.3.7 View the content of files containing saved traffic and make
sure that the traffic of the subscriber specified by the operator is saved as
pcap files. The procedure for viewing the contents of files is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
145
- the user, using the PPA traffic pickup software, was able to
configuring the rules for collecting traffic at the IP address 10.10.10.111 using the ftp protocol;
- SSW for retrieval of traffic The PPA completed the retrieval and saving of the filetest-
dataftp to connect to the IP address 10.10.10.111 using the ftp protocol.
A.56.3.1 Assemble the test stand in accordance with the diagram (see
Figure 5).
A.56.3.2 Connect the traffic generator (HSC SCAT) to the test stand.
The procedure for connecting the traffic generator (APK SCAT) and setting
up the test bench is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.56.3.3 Enter the traffic generator configuration interface, set the
parameters for generating traffic at a rate of 10 Gbit/s (the share of short
packets (up to 64 bytes long) does not exceed 20%). The procedure for
launching and configuring the traffic generator is given in the document
RU.BATC.00181-01 32 01 “Special software for the subsystem of primary
information analysis. System Programmer's Guide.
A.56.3.4 Log in to the operator interface of the PPA traffic analysis
software and go to the statistics viewing section. The procedure is given in
the document RU.BATC.00181-01 34 01 “Special software for the subsystem
of primary information analysis. Operator's Manual".
A.56.3.5 View traffic statistics and make sure that the speed of traffic
entering the PPA traffic analysis software complies with the requirements of
paragraph 3.2.5.13 of the TOR.
146
A.56.3.6 Enter the traffic generator configuration interface, set the
parameters for continuous traffic generation at a rate of 6 Gbit/s (the share
of short packets (up to 64 bytes long) exceeds 20%). The procedure for
setting up is given in the document RU.BATC.00181-01 32 01 “Special
software for the subsystem of primary information analysis. System
Programmer's Guide.
A.56.3.7 Log in to the operator interface of PPA traffic analysis SSW
and go to the statistics viewing section. The procedure is given in the
document RU.BATC.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
A.56.3.8 View traffic statistics and make sure that the speed of traffic
entering the PPA traffic analysis software complies with the requirements of
paragraph 3.2.5.13 of the TOR for the R&D MF.
A.56.4 PPA software is considered to have passed the tests according to
clauses A.56.3.1-A.56.3.8 of the test program and methodology and fulfill
clauses 3.2.5, 3.2.5.13 of the TOR for the SC R&D, if the report shows that the
primary analysis software information provide processing of traffic at speeds
up to 10 Gbit/s when the condition of "normal" traffic is met, as well as at
speeds up to 6 Gbit/s for traffic that does not satisfy the condition of
"normality".
A.57 Practice No. 57
A.57.1 This method is used to check the PPA software for compliance with the
requirements of paragraphs 3.2.5, 3.2.5.14 on the Amezit-V R&D center.
A.57.2 In accordance with the requirements of clauses 3.2.5, 3.2.5.14 of the ToR
for the MF R&D "Amezit-V", the SPO PPA must ensure interfacing with the channel-
forming equipment of various backbone data transmission networks.
N o t e . The list of joints is specified based on the results of
preliminary and technical (if necessary) design and is agreed with the lead
contractor.
A.57.3 To check the PPA SSW for compliance with the requirements,
you must perform the steps described below.
A.57.3.1 Assemble the test bench according to the diagram (see Figure
5).
A.57.3.2 Using a set of patch cords (containing connectors of types FC,
SC, ST, LC), connect the D-link DGS-1100-24 router of the test bench to the
channel-forming equipment of the backbone networks
147
data transmission (communication channel with the stand simulating the
segment of the Internet). The procedure for setting up the test bench is given
in the document RU.BATC.00181-01 32 01 “Special software for the subsystem
of primary information analysis. System Programmer's Guide.
A.57.3.3 Using interfaces such as Ethernet and SFP, connect the PPA
servers to the test bench. The procedure for setting up the test bench is
given in the document RU.BATC.00181-01 32 01 “Special software for the
subsystem of primary information analysis. System Programmer's Guide.
148
A.58.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.58.3.3 Go to the "Routes" section.
A.58.3.4 Create a Tor type route named "Tor Route", in
as a rule for selecting an output node, select a rule of type "By country" and
specify a two-letter code of an arbitrary European country (for example, FR for
France or DE for Germany).
A.58.3.5 Go to the "Rules" section and create a rule of the "subnet" type for
the PMS PMS subsystem with the names "PMS".
A.58.3.6 Assign to createduser ruleroute "Route Tor".
149
A.59 Practice No. 59
А.59.1 In this method, the TRD software is checked for compliance with the
requirements of paragraphs 3.2.6, 3.2.6.2 of the TOR for the Amezit-V R&D SC.
A.59.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.2
of the ToR for the Amezit-V R&D SC, the PRD SSW must ensure the
performance of data relaying functions in order to implement a covert
exchange between the technical means of preparing, placing and "promoting"
special materials and Internet GIS resources using TCP/IP family protocols.
Notes:
1. The criteria for the secrecy of the exchange are the possibilities for
counteraction of the TX subsystem to the following signs of information
exchange using virtual routes:
- uniformity of outgoing traffic;
- long-term use of the nodes of the TX subsystem;
- uniformity of nodes (including control nodes).
2. The criteria for secrecy of the exchange also include:
- the ability of the DRP subsystem to resist attacks on traffic;
- protection of the client part of the DRP subsystem from attacks,
directed at application software in order to obtain a real network address;
150
A.59.3.8 Go to the "Rules" section and create a rule of the "subnet" type for the
RRP SSW subsystem with the name "PRR".
A.59.3.9 In the created rule, enter the IP address of the RRP workstation and select the
subnet mask "255.255.255.0".
A.59.3.10 Assign the "VPN route" route to the created rule. A.59.3.11
Disable checking of application settings in this rule. A.59.3.12 Start the
browser on the workstation of the RRR user and open the address: http://
internet.yandex.ru.
A.59.3.13 Verify that the displayed IPv4 address matches the egress
node rule in the VPN Route route.
A.59.3.14 Go to the "Tunnels" section on the TX user's workstation.
A.59.3.15 Select VPN Route tunnel and record the list of nodes used in
the tunnel.
A.59.3.16 Wait for VPN Route tunnel to be rebuilt. A.59.3.17 Check that
the duration of use of the nodes of the TX subsystem is determined by
the lifetime of the tunnel, to do this, check the list of used nodes in the card
of the new tunnel with the nodes used earlier.
A.59.3.18 Check that the list of tunnels contains "VPN Route" and "Tor
Route" entries.
A.59.3.19 Go to the "Rules" section.
A.59.3.20 Select the RRR rule.
A.59.3.21 Specify "Individual" in the value of the "Application settings"
parameter.
A.59.3.22 Select "disable" for the following parameters: Webrtc, Adobe
Flash, ActiveX, Java.
A.59.3.23 At the user's workstation PMS open address:
https://browserleaks.com/webrtc
A.59.3.24 Verify that the user software is protected from the attack to
obtain real local and public IP addresses - The Local IP Address and Public IP
Address fields should not display user IP addresses.
151
A.59.3.27 Check heterogeneity nodes - output at
scanning, the ports of the services are different.
A.59.4 PWD SPO is considered to have passed the tests according to clauses
A.59.3.1-A.59.3.27 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.2 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- the created route appeared in the route table "RouteVPN";
- the created rule is displayed in the rules table;
- displayedin the service http://internet.yandex.ru IPv4 address
corresponds to the IPv4 address of the specified exit node of the VPN route.
successfully tested methodology MethodologyNo. 58, during which
-
confirms support for relaying using Tor along the "Tor Route" route;
152
A.60.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
A.60.3.1 Launch the browser and go to the authorization page of the DRS
SSW management interface.
A.60.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.60.3.3 Go to the "Routes" section.
A.60.3.4 Select an arbitrary active VPN route. Open the
A.60.3.5 Tunnels panel.
A.60.3.6 Verify that relay tunnels are built according to
with rules in the route – the exit node of the current tunnel is subject to the
rule for choosing the exit node of the route (for a VPN route, the node
properties are in the tooltip for the IP address field).
A.60.3.7 Initiate the creation of a new route template by pressing the
"Create" button.
A.60.3.8 Select the route type "VPN".
A.60.3.9 Set route length to "3".
A.60.3.10 Activate the "Rules" panel.
A.60.3.11 Check for all rules the possibility of selecting criteria types:
Group, Country, IP address.
A.60.3.12 Check that when any criterion is changed in an arbitrary rule:
A.60.3.15 Set each chain rule to one host IP address. A.60.3.16 Check
the operation of the stealth assessment function - in the route card in
the line "Stealth" the value "Minimum" should be displayed.
153
A.60.3.18 Check the operation of the stealth assessment function - the
route card displays the value "High" in the line "Stealth" (provided that the
number of available nodes in each card is at least 3).
A.60.4 PWD SPO is considered to have passed the tests according to clauses
A.60.3.1-A.60.3.18 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.3 of
the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- successful authorization was made in the management interface;
- route tunnels are built in accordance with
specified rules in the route (checking the output address of the route tunnel
was successful);
- in the route editing tool, it is possible to set
the following types of host selection criteria: Group, Country, IP address;
- successfully tested the operation of the forecasting function
stealth and speed of information exchange when editing route rules.
A.61.3.1 Open the "Network and Sharing Control Center" on the DRP
user workstation.
A.61.3.2 Go to the "Change adapter settings" section. Right-click on
A.61.3.3 the Ethernet network interface
(LAN connection).
A.61.3.4 Select "Properties" from the context menu.
A.61.3.5 Select "Internet Protocol Version 4 (TCP/IPv4)" from the list and
click on the "Properties" button.
A.61.3.6 On the tab "Are common" choose "Get IP address
automatically" and "Obtain DNS server address automatically".
154
A.61.3.7 Connect the TX user workstation to the TX switch. Launch
A.61.3.8 the browser on the user's workstation and check
access to Internet GIS resources by opening an arbitrary Internet resource.
155
A.62.3.6 In the new route card, make sure that the following parameters are
available: Type, Route length, Route lifetime.
A.62.3.7 Select any available active VPN route. Open the Tunnels
A.62.3.8 panel.
A.62.3.9 Make sure that the frequency of building new tunnels
corresponds to the lifetime parameter specified for the route (columns
“creation time” and “completion time”), with an error of no more than two
minutes.
A.62.3.10 Go to the "Tunnels" section.
A.62.3.11 Right-click any active VPN tunnel type.
A.62.3.12 Check for "Rebuild" and "Close" buttons in the tunnel card.
156
A.63.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.6 of the TOR for the MF
OKR "Amezit-V" SPO PRD should provide concealment
personalizing information about the means of data transmission from the means
of monitoring and analysis of the opposing side;
N o t e . The personalizing attributes of data transmission media
include:
- networkaddresses (MAC-, IP-addresses) belonging to (or
identified as hardware) RF Ministry of Defense;
- peculiarities network interactions, inherent
operating systems certified in the Russian Federation;
- application software (including GIS),
used in the Russian Federation.
A.63.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
157
A.63.3.11 Connect to the relay node via SSH (according to the
document RU.VATS.00182-01 32 01 "Special software for the data relay
subsystem using intermediate servers. System programmer's manual") from
the TX user's workstation using the data of point A. 63.3.10.
A.63.3.12 In the terminal of the SSH session, run the following command:
tcpdump –i <network interface with host IP address> tcp port443<VPN server port>
- w /tmp/traffic.pcap
A.63.3.26 Using the ICP user's workstation, launch the browser and
download the data file from the relay node by clicking on the link: https://<ip-
address-of-relay-node>>:<VPN server port> /traffic.pcap.
A.63.3.27 Copy the resulting traffic.pcap and pc_traffic.pcap files to the
DRP user workstation using a USB flash drive.
158
A.63.3.28 Launch Wireshark And open file traffic.pcap.
Filter traffic using filter expression: ip.addr == <IP ip- point address http://
myexternalip.com/raw> and tcp.port ==443<VPN server port> .
A.63.3.29 Start Wireshark and open the pc_traffic.pcap file. Filter traffic
using filter expression: ip.addr == < IP-relay node address SSH access
address>andor socks.remote_name == <IP address of the relay host> or
tcp.port == <port of the "Tor Route" route proxy service tcp.port == 443.
A.63.3.30 Check that the personalizing features in the PMS user's AWS
packets do not reach the relay nodes:
-The source IP address in outgoing pc_traffic.pcap packets must not be
found in traffic.pcap packages;
- The source MAC address in outgoing pc_traffic.pcap packets must not
be found in traffic.pcap packages.
A.63.3.31 At the RRP workstation open link V browser:
https://bit.ly/2Jb7jzR
A.63.3.32 Connect using an SSH client to the management server and execute
the command: sudo netstat –ntp | grep 37.9.96.20
A.63.3.33 Verify that the connection to the server 37.9.96.20 from the
DRP client is terminated on the control server and interaction with the
target service is performed on behalf of the application broker on the
control server, which eliminates the leakage of network interaction features
of client operating systems, as well as any other software security at the
network level. To do this, the output of the command must contain lines of
the following format:
tcp 0 0 <IP address on the management server>:<port> 37.9.96.20:443 ESTABLISHED <pid>/socks
A.63.3.34 Wait for the link to open or abort the download via the link to the RRP
workstation.
A.63.3.35 In the ssh session, re-execute the command:
sudo netstat –ntp | grep 37.9.96.20
159
A.63.4 PWD SPO is considered to have passed the tests according to paragraphs
A.63.3.1-A.63.3.36 of the test program and procedure and fulfill paragraphs 3.2.6, 3.2.6.6 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- successful authorization was made in the management interface;
- have been successfully receivedIP address and SSH credentials
for node;
when comparing traffic files, no matching files were found
-
personalizing features;
- successfully tested blocking leaks of network features
interactions inherent in operating systems certified in the Russian
Federation and application software.
A.64 Practice No. 64
A.64.1 In this methodology, the TRD software is checked for compliance with
the requirements of clauses 3.2.6, 3.2.6.7 of the TOR for the Amezit-V R&D SC.
A.64.2 In accordance with the requirements of clauses 3.2.6, 3.2.6.7 of the
ToR for the Amezit-V R&D MF, the DRP SSS must ensure the concealment of
information about nationality.
A.64.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
160
A.64.3.6 According to the document RU.VATS.00182-01 92 01 “Special
software for the data relay subsystem using intermediate servers. User
Guide" follow the steps below.
A.64.3.7 Launch the browser and go to the authorization page of the DRS
SSW management interface.
A.64.3.8 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.64.3.9 Go to the "Rules" section and create a new rule with the name
"ARM DRP".
A.64.3.10 Enter for the rule the IP address obtained in A.64.3.4 and the
mask 255.255.255.255.
A.64.3.11 Select the route in the field: “Tor route” (created when
executing Method # Method # 58).
A.64.3.12 In the "Applied settings" choose meaning
"Individual" field.
A.64.3.13 Set all application settings parameters to "Enable".
A.64.3.14 Set the value of the "Time zone" parameter to any value
different from the time zone of the city of Moscow.
A.64.3.15 Select only one layout in the "Language layouts" parameter -
"en_US English (United States)".
A.64.3.16 Save the created rule.
A.64.3.17 At the operator's workstation, according to the document
RU.VATS.00182-01 34 01 “Special software for the data relay subsystem
using intermediate servers. Operator's Guide”, adjust the system settings to
provide access to Internet GIS resources.
A.64.4 PWD SPO is considered to have passed the tests according to clauses
A.64.3.1-A.64.3.19 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.7 of
the TOR for the R&D MF, if:
161
when performing the above steps of this technique
-
there were no error messages;
- command resultipconfig contained the IP address of the workstation
user;
- successful authorization was made in the management interface;
the created rule appears in the rules table;
-
- wassuccessful masking national
accessories.
A.65 Practice No. 65
A.65.1 In this method, the TRD software is checked for compliance with the
requirements of paragraphs 3.2.6, 3.2.6.8 of the TOR for the Amezit-V R&D SC.
A.65.2 In accordance with the requirements of paragraphs 3.2.6,
3.2.6.8 of the TOR for the Amezit-V R&D MF, the DRP SSW must provide data
masking at relay nodes for legitimate user requests to public services in the
following ways:
- placement of public proxy servers on relay nodes
data;
- placement of exit nodesTOR on data relay nodes;
- accommodationI2P routers on data relay nodes.
The method of masking data on relay nodes is determined by the
administrator.
For each of the methods, it should be possible to create a distribution
kit with the necessary software and settings, suitable for installation by the
administrator on a given data relay node.
N o t e . When creating a distribution kit, it is necessary to ensure a
difference in software settings in order to prevent opening of the nodes of the
DRP subsystem based on this feature, or to develop an additional configuration
tool.
A.65.3 To check the compliance of the SPO with the DRP
requirements, follow the steps below.
162
A.65.3.6 Open the "Access Data" panel. Write
A.65.3.7 down the data for access via SSH.
A.65.3.8 Go to the "Routes" section. Select
A.65.3.9 the "VPN Route" route.
A.65.3.10 Clear exit node selection criteria (last node selection rule).
163
A.65.3.22 Run the "netstat –nltpa | grep 'tor|openvpn|i2p|fhs| prox|
socks'" to display a list of open ports and connections.
A.65.3.23 Run a command to check existing connections through this
nodeas superuser :sudoif top
A.65.3.24 Customize connection mapping consistent
keystroke: sDn
This sequence disables source address mapping (s), enables target
service port mapping (D), disables domain name mapping (n).
A.65.3.31 Launch the Chromium browser on the workstation of the RPP user and
open the link:https://bit.ly/2Jb7jzR .
A.65.3.32 Checkat the output node of the relay, Whathave a connection to in
the iftop status output window, among the masked legitimate connections, the
connection to the node is displayedIP address 37.9.96.20.To do this, run the
command:
netstat --ntp|grep 37.9.96.20
A.65.4 PWD SPO is considered to have passed the tests according to clauses
A.65.3.1-A.65.3.32 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.8 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- the distribution kit for the node was successfully created;
164
- ports for processes were present in the list of open portstor
(arbitrary port), i2p (arbitrary port), proxy server (arbitrary port), openvpn,
https webserver;
- wasrequest masking test successfully passed
users of the DRP subsystem among requests from third-party users.
A.66 Practice No. 66
A.66.1 In this methodology, the TRD software is checked for compliance with
the requirements of clauses 3.2.6, 3.2.6.9 of the TOR for the Amezit-V R&D SC.
A.66.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.9 of the ToR for the MF
OKR "Amezit-V" SPO PRD should provide concealment
personalizing application layer information should
be controlled by open source software installed on the operator's
workstation. The installed SSW must check the compliance of the user's local
settings and the user's current output network address. Checked settings
are as follows:
- prohibition of useWebRTC in the user's browser;
- prohibition of the use of plug-ins in the user's browser:Adobe
Flash, ActiveX, Java applets;
- time zone of the user in the system;
- available language layouts in the system.
The administrator should be able to define the requirements for the
user settings to be checked. If the user settings do not match, access to the
data relay subsystem should be blocked.
165
А.66.3.4 For all parameters of application settings, set the value
"Disable" (except for the time zone and language layouts).
A.66.3.5 Save changes to user settings.
A.66.3.6 Open a new browser tab and open the page:
http://ya.ru
A.66.3.7According to document RU.VATS.00182-01 34 01 “Special
data relay subsystem software using intermediate servers. Operator's
Guide" to change the application settings on the user's workstation
according to the recommendations of the SPO KPN.
A.66.3.8 Refresh browser tab according to paragraph
A.66.3.6.
A.66.3.9 Open public service checks settings
browser and anonymization settings (for example, https://2ip.ru/privacy).
A.66.4 PWD SPO is considered to have passed the tests in accordance with clauses
A.66.3.1-A.66.3.9 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.9 of the
TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- successful authorization was made in the management interface;
before changing application settings on the user's workstation
-
the page was not opened (access to Internet GIS resources was blocked);
166
- exit point (a range of personalizing features or
nationality);
- list of national features corresponding to the virtual
route;
- mechanism for relaying data in the chain between the first and last
virtual route point - tor or vpn.
A.67.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
167
A.68 Practice No. 68
A.68.1 In this methodology, the TRD SSW is checked for compliance with the
requirements of clauses 3.2.6, 3.2.6.11 of the TOR for the Amezit-V R&D SC.
A.68.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.11 of the TOR for the MF
OKR "Amezit-V" SPO PRD should provide the ability to
centralized management of open source software for data relaying (in
manual and automated mode): configuring "points" of entry, exit and
intermediate points of virtual transport routes of data relaying.
A.68.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
168
A.69 Practice No. 69
A.69.1 In this methodology, the TRD software is checked for compliance with the
requirements of paragraphs 3.2.6, 3.2.6.12 of the TOR for the Amezit-V R&D SC.
A.69.2 In accordance with the requirements of paragraphs 3.2.6,
3.2.6.12 of the TOR for the MF OCR "Amezit-V", the TX SSS should provide
the ability to predict the data transfer rate using a virtual transport route.
A.69.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
A.69.4 PWD SPO is considered to have passed the tests according to clauses
A.69.3.1-A.69.3.11 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.12 of
the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- when performing paragraphs. A.69.3.2 successful authorization was made in
management interface;
- the predicted data rate has been successfully displayed;
169
- the difference between the results of points A.69.3.10 and A.69.3.11 is
no more than 25%.
A.70.3.1 Launch the browser and go to the authorization page of the PRD
SSW management interface.
A.70.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.70.3.3 Go to the "Nodes" section.
A.70.3.4 Select any relay node with the node status displayed as a
"green indicator".
A.70.3.5 Write down its IP address and host number.
A.70.3.6 Open the "Access Data" panel. Write down the
A.70.3.7 data for access via SSH. Leave the browser tab
A.70.3.8 open. Using an SSH client, according to
A.70.3.9 document
RU.VATS.00182-01 32 01 “Special software for the data relay subsystem
using intermediate servers. System programmer's guide”, connect to the
relay node using the data of clause A.70.3.7.
A.70.3.10 Install tmux on the relay node. For relay nodes based on
Debian OS, the installation is performed by the command:
sudo apt-get install tmux
170
iptables -I INPUT 1 -j DROP; sleep 300; iptables -D INPUT 1
A.70.3.13 In the browser, return to the relay node tab (clause A.70.3.8).
A.70.4 The TRD SPO is considered to have passed the tests according to clauses
A.70.3.1-A.70.3.15 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.13 of
the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- when performing paragraphs. A.70.3.2 successful authorization was made in
management interface;
-the health check was successfully carried out, the state of the node
during the first test it was displayed with a “red indicator” (the node is
unavailable), during the second test it was displayed with a “green indicator” (the
node is available).
A.71 Practice No. 71
A.71.1 This method is used to check the TRD software for compliance with the
requirements of clauses 3.2.6, 3.2.6.14 of the TOR for the Amezit-V R&D SC.
A.71.2 In accordance with the requirements of clauses 3.2.6, 3.2.6.14
of the TOR for the Amezit-V R&D MF, the PRD SSW must provide the
functions of adding noise structures in order to statistically camouflage data
passing through data relaying facilities under legal user requests to public
services.
A.71.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
A.71.3.1 Verification is carried out in the course of the activities carried out under
Practice No. Practice No. 65.
A.71.4 The PRD SSW is considered to have passed the tests in accordance with
clause A.71.3.1 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.14 of
the TOR on the midrange of R&D upon successful completion of Method No. Method No.
65, since the function of camouflaging data passing through relay nodes
171
data is solved by running additional software on them, which ensures the
generation of constant transit traffic. Such software is Tor (in exit-node
mode) and I2P. In addition, the VPN server is started in port-sharing mode
with the https server, which is checked by accessing the browser at: https://
<relay-host-IP-address>. When opening the specified address in the
browser, the user should see an html page.
A.72.3.1 Verification is carried out in the course of the activities carried out under
Practice No. Practice No. 65.
A.72.4 The TRD SPO is considered to have passed the tests in accordance with
clause A.72.3.1 of the test program and methodology and fulfill clauses 3.2.6, 3.2.6.15 of
the TOR on the R&D midrange, if the checks of methodology No. Methodology No. 65
were successfully completed in terms of ensuring the possibility of placement on public
resource relay nodes of the following types:
- exit nodes of the anonymization networkTor;
- routeri2p;
- proxy server;
- web server (can be used to maskVPN servers under
https server).
172
Translated from Russian to English - www.onlinedoctranslator.com
173
A.75.2 In accordance with the requirements of clauses 3.2.6, 3.2.6.18 of the
ToR for the Amezit-V R&D SC, the DRP SSW must provide an anonymization
gateway that provides the following interface mechanisms for other technical
means of the Amezit HSC (including geographically remote ones) :
-completeredirecting client traffic according to specified
rules administrator through the selected anonymization mechanism (VPN or
TOR);
- providingsocks proxy for each available exit node
on the anonymization gateway.
Notes:
1. The admin blocking function must be implemented
traffic of other technical means in the presence of signs that can violate the
secrecy of the work of the TX subsystem.
2. Such signs include:
- personalizing attributes of data transmission media (see clause A.63.2
of this document);
- personalizing information at the application level (see clause A.66.2
of this document);
- list of resources prohibited to visits (should be
customizable).
3. The function of timely notification should be implemented
administrator in case the traffic blocking function is triggered.
4. It must be possible to connect to the subsystem
PRD of territorially remote elements (including mobile components) of the
APC "Amezit".
A.75.3 To check the compliance of the SPO with the DRP
requirements, follow the steps below.
A.75.3.1 Launch the browser and go to the authorization page of the PRD
SSW management interface.
A.75.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.75.3.3 Go to the "Rules" section. Select the
A.75.3.4 rule "User DRP". Change the rules on
A.75.3.5 the card meaning parameter
"Application settings" to "Do not check".
A.75.3.6 In the "Assigned route" parameter, select "Route
VPN.
A.75.3.7 Save the change.
174
A.75.3.8 Go V subsection "Proxy routes" section
"Settings".
A.75.3.9 Record the link in the value of the parameter: "List of routes".
A.75.3.10 A list of the format shall be output: socks5://
<proxyhost:proxy-port>, route name, route type (Tor or VPN), <exit node IP
address or Tor exit node selection options>.
A.75.3.11 Select an arbitrary entry for a VPN type route from the given
list.
A.75.3.12 Launch the Firefox browser and do the following:
175
A.75.3.28 Check registration events V interface
administrator. In the "monitoring" section in the "Message log" panel, check
for an entry about blocking access for the "PDC User" to the
"myexternalip.com" resource.
A.75.3.29 Go to the "Settings" section.
A.75.3.30 Go to the "Forbidden resources" subsection. A.75.3.31
Remove "myexternalip.com" from the list of prohibited entry
resources.
A.75.4 PWD SPO is considered to have passed the tests according to clauses
A.75.3.1-A.75.3.31 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.18 of
the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- when performing paragraphs. A.75.3.2 successful authorization was made in
management interface;
- when performing paragraphs. A.75.3.20 checked IP addresses matched;
- when performing paragraphs. A.75.3.25 an opening error was displayed
pages after it was added to the list of prohibited resources;
- when performing paragraphs. A.75.3.27 was present in the message log
access block record.
A.76 Practice No. 76
A.76.1 In this methodology, the TRD software is checked for compliance with
the requirements of clauses 3.2.6, 3.2.6.19 of the TOR for the Amezit-V R&D SC.
A.76.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.19 of the TOR for the MF
OKR "Amezit-V" SPO PRD must perform detection and
countering attempts to run special software in a virtual environment and
under the control of debuggers.
A.76.3 To check the compliance of the DRP SSW with the requirements,
it is necessary to perform the actions described below.
A.76.3.1 Launch the browser and go to the authorization page of the PRD
SSW management interface.
A.76.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.76.3.3 Go to the "Nodes" section.
A.76.3.4 Select any relay node with the node status displayed as a
"green indicator".
176
A.76.3.5 Write down its IP address and host
A.76.3.6 number. Open the "Access Data" panel.
A.76.3.7
A.76.3.8 Write down the data for access via
A.76.3.9 SSH. Open the Active Services panel.
A.76.3.10Record the process IDs (PIDs) of active services. The data is protected
by the monitoring and control service from the management of debuggers.
A.76.3.11 With the help of an SSH client, according to the document
RU.VATS.00182-01 32 01 “Special software for the data relay subsystem
using intermediate servers. System programmer's guide”, connect to the
relay node using the data of clause A.76.3.8.
177
A.76.3.19 Create a relay node installation package for an arbitrary
relay node in the system.
A.76.3.20 Copy received packet to RRP VM(or any other virtual machine
running Debian OS) by running the command on the management server:
A.76.3.22 The result of execution of the start command shall contain the
message: VM detected.
A.76.4 PWD SPO is considered to have passed the tests in accordance with clauses
A.76.3.1-A.76.3.22 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.19 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when performing paragraphs. A.76.3.2 successful authorization was made in
management interface;
- when performing paragraphs. A.76.3.15 the debugger displayed a message about
impossibilityconnect to the TOTP authorization moduleconnect to protected
processes ;
- when performing paragraphs. A.76.3.16 the debugger displayed a message about
inability to connect to the monitoring and control module;
- when performing paragraphs. A.76.3.22 the result of the command execution contained
"VM detected" message.
A.77 Practice No. 77
A.77.1 In this methodology, the TRD software is checked for compliance with
the requirements of clauses 3.2.6, 3.2.6.20 of the TOR for the Amezit-V R&D SC.
A.77.2 In accordance with the requirements of paragraphs 3.2.6, 3.2.6.20 of the
ToR for the Amezit-V R&D MF, the PRD SSW should provide control over the state of
the grouping of points of virtual routes, prompt detection of attempts
178
receipt of UA to them, abnormal reboots of the hardware OS and other facts
of violation of information security (IS) of technical means of relaying,
including:
- unauthorized access with superuser rights;
- installation of additional (malicious) software;
- implementation of denial-of-service attacks;
- attempts to study open source software algorithms (launch under the control
debugger, tracing, setting breakpoints, violating the integrity of open source
software, running under the control of virtualization tools, changing the time);
-attempts to study the data transfer protocol (transfer
incorrect data to neighboring nodes of the virtual transport route, frequent
disconnections or long delays when sending service data);
- setting the prohibition to act as an exit point of the virtual
route.
N o t e . The list of actions related to the violation of IS of technical
means of data relaying is specified based on the results of preliminary and
technical (if necessary) design and is agreed with the lead contractor.
179
A.77.3.9 Upon completion of the basic setup, restart the workstation without
authorization in the system after the reboot.
A.77.3.10 According to the document RU.VATS.00182-01 32 01 “Special
software for the data relay subsystem using intermediate servers. System
programmer's guide" perform the following actions on the mobile
workstation of the user of the SPO DRD to add a new node:
A.77.3.17 Start the SSH client and connect to the control server of the
SPO PRD (according to the document RU.VATS.00182-01 32 01 "Special
software for the data relay subsystem using intermediate servers. System
programmer's guide").
A.77.3.18 Generate relay node software package for fixed
ARM.
A.77.3.19 Install the received package on the stationary
workstation. A.77.3.20 Switch to the browser window.
A.77.3.21 Go to the "Nodes" section. A.77.3.22
Update data on node "Node M20".
A.77.3.23 Verify that the node status indicator is green.
180
A.77.3.28 The local authorization attempt (clause A.77.3.25) shall not
succeed.
A.77.3.29 Disconnect the "Mouse" type manipulator from the stationary
workstation. A.77.3.30 Update data on node "Node M20".
A.77.3.31 Within five minutes, the node status indicator should display
orange. Before moving to the specified color, the indicator may be displayed
in red.
A.77.3.32 Activate the "Event Log" panel. A.77.3.33 Check for
reports of the following events:
- hardware change: removed hardware <vendorId>:<producer-
tId>;
-system last boot time: Date and time of last boot;
- disable network interface <network interface name>;
- trying to login locally on behalf ofroot;
- unknown process detected:sambasmbd (PIDs=<one or
multiple process IDs>).
A.77.3.34 Go to the "Active Services" panel.
A.77.3.35 Find the process(es) "smbd" in the list.
A.77.3.36 Process identifiers must coincide With
identifiers in the PIDs of clause A.77.3.33. The state of the process(es)
should be Frozen.
A.77.4 PWD SPO is considered to have passed the tests according to clauses
A.77.3.1-A.77.3.36 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.20 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when performing paragraphs. A.77.3.12 successful authorization was made
to the management interface;
- when performing paragraphs. A.77.3.25 in the "Access Data" panel
the Onion node name was present;
- when performing paragraphs. A.77.3.28 an authorization error was displayed;
- after the execution of paragraphs. A.77.3.26 on the management server were received
node status data. Data transmission from the relay node was performed via a
GSM modem, since there were no other channels of communication with the GIS
OP Internet at the relay node. Thus, the possibility of connecting mobile
components to the subsystem is demonstrated;
when performing paragraphs. A.77.3.33 on the Event Log panel
-
were present listed in paragraphs. A.77.3.33 events;
181
- when performing paragraphs. A.77.3.35 was present in the list of processes
"smbd";
- when performing paragraphs. A.77.3.36 process IDs matched
identifiers of paragraphs. A.77.3.33, and the state of the processes was "Frozen".
182
The source of payment must not reveal the nationality of the tenant.
183
run the following check commands on the relay host as superuser:
grep –RiE “<relay host IP search regular expression>” /var/log | grep -v "IP-address-of-host-to-connected-to"
A.78.3.17 Verify that the result of the search command in the system
event logs is not logged relay chain IP addresses
– the output of the search command must not contain the IP addresses of
other relay route nodes.
A.78.3.18 Check that the data relaying open source software processes
do not have files open for writing (they do not log actions in the file system).
To do this, run the commandas superuser:
"lsof-a-d1-999 -p“$(ps-ax|grep-E'[v]pn|[f]hs|[n]cs' |awk'{print $1;}' |paste-sd',' -)” / |awk'NR==1 ||
$4~/[0-9]+[uw]/'".
To display files opened for writing for open source processes. The
result of the command shouldbe emptycontain only one line - output title.
.
A.78.4 PWD SPO is considered to have passed the tests according to clauses
A.78.3.1-A.78.3.18 of the test program and procedure and fulfill clauses 3.2.6, 3.2.6.21 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- successful authorization was made in the management interface;
- access data has been successfully obtainedSSH to all nodes
route;
in the "Message Log" and "Check History" panels of the card
-
the selected rule had entries;
- in the history of the creation of tunnels along the selected route was present
one active tunnel and a list of previously closed tunnels;
- searchRoute node IP addresses in node event logs
route relay showed no entries found.
A.79 Practice No. 79
A.79.1 In this methodology, the TRP SSW is checked for compliance with the
requirements of paragraphs 9, 9.12 of the TOR for the Amezit-V R&D SC.
A.79.2 In accordance with the requirements of paragraphs 9, 9.12 of the
TOR for the Amezit-V R&D SC, in case of emergency situations, attempts to
analyze the data relaying SSW, as well as at the administrator's command, all
SSW modules, configuration files, input and output data of the relay SSW must
be destroyed.
184
A.79.3 In order to check the compliance of the DRP SSW with the
requirements, it is necessary to perform the actions described below.
A.79.3.1 Launch the browser and go to the authorization page of the PRD
SSW management interface.
A.79.3.2 Authorize in the management interface using the credentials
of the system programmer (administrator).
A.79.3.3 Go to the "Nodes" section.
A.79.3.4 Select any node where an https server is available. The
presence of an https server can be checked in the Active Services panel of
the tunnel card. In the absence of such nodes, it is necessary to refer to the
document RU.VATS.00182-01 32 01 “Special software for the data relay
subsystem using intermediate servers. System Programmer's Guide" to
generate and install on the relay node a software package that includes an
https web server.
A.79.3.5 Get the host IP address and SSH credentials for a host
running an https web server.
A.79.3.6 Connect to the relay node via SSH (according to the document
RU.VATS.00182-01 32 01 "Special software for the data relay subsystem
using intermediate servers. System programmer's manual") from the TX
user's workstation using the IP address and SSH access data for a host
running an https web server.
A.79.3.8 Check that the output contains a path to the form< /fhs> to the executable
file of the open source software of the relay node.
A.79.3.9 Verify that the binary executable is not available for retrieval
with the command: ls</fhs> /fhs. You should see a message that the
specified file does not exist in the file system.
A.79.3.10 Check that the given file does not exist in the file system by
running the command: sudo find / -type f -name fhs. The output of the
command should not contain any files.
A.79.3.11 Check that the SSW DRP cryptocontainer image is filled with
null bytes: sudo hexdump -C /dev/mapper/cdisk | head.
185
A.79.3.12 Check that the fhs process (the HTTPS server of the open source
software package) is actually running and is bound by the cryptocontainer. To do this,
execute the commandsas superuser (root): :
# get the device ID of the cryptocontainer sudodmsetup ls|grep
cdisk
# output should be: cdsisk (<DEV:ID>)
sudolsof -p`pidof fhs|sed “s/ /,/”` $FHS_PID| grep <DEV,ID>
A.79.3.13 Check that the non-empty output of the last command contains
the stringkind :< /fhs> where /fhs– path to the fhs file (non-existent)..
A.79.3.14 If necessary, repeat the test of this technique for all
processes associated with the cryptocontainer (the entire SS package of the
relay node). Getting a list of process data is done with the command: sudo
lsof | grep <DEV,ID>
A.79.4 SPO PRD is considered to have passed the tests according to clauses
A.79.3.1-A.79.3.14 of the test program and methodology and fulfill clauses 9, 9.12 of the
TOR for MF R&D if:
- as a result of checking the location of the executable files of the node's open source software
retransmission - no files were found;
- as a result of checking the contents of the cryptocontainer - it is full
null bytes, i.e. the contents of the cryptocontainer are cleared after launch;
- node SF files were not found in the file system
relays.
A.80 Practice No. 80
A.80.1 In this methodology, the SPO of the RRR is checked for compliance with the
requirements of paragraphs 3.2.7, 3.2.7.1 of the TOR for the Amezit-V R&D SC.
A.80.2 In accordance with the requirements of clauses 3.2.7, 3.2.7.1 of the
ToR for the MF R&D "Amezit-V", the SPO RRP should ensure the preparation of
special materials (text, graphics, video, audio messages).
A.80.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
186
A.80.3.2.2 In the empty text document that opens, enter the following text:
"Checking the preparation of text materials using an office software
package."
A.80.3.2.3 From the "File" menu, select "Save As...". Select the
A.80.3.2.4 "Materials" directory on the desktop, created
in paragraph A.80.3.1.
A.80.3.2.5 In the "File name" field, enter "Text material", in the field
"File type" select "Microsoft Word 2007-2013 XML (.docx)".
A.80.3.2.6 Save the file with the prepared text material by clicking the
"Save" button. (If the message "Document may include formatting or
content that cannot be saved in the selected Microsoft Windows 2007-2013
XML format" is displayed, deselect "Ask when saving in a format other than
ODF or the default" and click on the " Use the Microsoft Windows 2007-2013
XML format."
A.80.3.2.19 In the "Edit Content" panel that opens, select the "Add
Text" command.
A.80.3.2.20 In a new line of the open file, enter the text "Checking the
preparation of text materials using Adobe Acrobat".
A.80.3.2.21 Select "Save As..." from the "File" menu.
187
A.80.3.2.22 In the dialog box that opens, go to the "Materials"
directory on the desktop, created in paragraph A.80.3.1.
A.80.3.2.23 In the "File name" field, enter "Text material2", in the "File
type" field, select "Adobe PDF files".
A.80.3.2.24 Save the file with the prepared text material by clicking the
"Save" button.
A.80.3.2.25 Close Adobe Acrobat by selecting Exit from the File menu.
188
A.80.3.3.12 In the "JPEG Options" window that opens, click the button
OK.
A.80.3.3.13 Exit the application by selecting "Exit" in the
"File" menu (if the message "Save changes to the Adobe Photoshop Image
Data document before exiting?" is displayed, click on the "No" button).
189
- in the "Destination" line, click on the "Browse" button, select a directory
"Materials" on the desktop, set the file name "Audio data" and the file type - Wave
files (*.wav);
- click on the "Make" button;
- wait for the conversion process to complete;
- click on the "Exit" button.
A.80.3.4.13Quit the program by selecting "Exit"
MorphVOX menu.
A.80.3.4.14 Launch the Voice Converter application.
A.80.3.4.15 Double-click with the left mouse button in the central area
program windows.
A.80.3.4.16 In the "Materials" directory on the desktop created in
paragraph A.80.3.1, select the file "Audio data.wav".
A.80.3.4.17 If the message “This is a stereo sound. Only left channel
will be processed" press the "OK" button.
A.80.3.4.18 In the top menu, press the “PRESETS” button and select the
“Kid” preset from the drop-down list.
A.80.3.4.19 Click on the "Apply And Save Conversion" button in the top
menu.
A.80.3.4.20 In the window that opens, select the "Materials" folder on
the desktop, set the file name "Audio data2" and click the "Save" button.
A.80.3.4.21 Wait for the conversion process to complete and the file to be
written.
A.80.3.4.22 Close the program by clicking on the "Close" button in the
upper right corner of the window.
A.80.3.4.23 Training check audio materials counts
performed if in the Materials catalog (created in A.80.3.1):
- atwhen you open the "Audio Data.wav" file, the
modified audio data according to the voice alias selected in clause
A.80.3.4.10;
- atopening the "Audio Data2.wav" file is played
modified audio data according to the presets selected in clause A.80.3.4.18.
190
A.80.3.5.3 In the window that opens, select the "Materials" directory on
desktop (created in clause A.80.3.1). While holding down the Ctrl key, select
the files "Audio data2.wav" and "Graphic data.jpg" in it.
A.80.3.5.4 Click on the "Open" button.
A.80.3.5.5 From the Project Media panel, drag the Audio2.wav file onto
the timeline.
A.80.3.5.6 From the Project Media panel, drag the Image Data.jpg file
onto the timeline.
A.80.3.5.7 Align the timing of graphic data on the timeline with the
audio data by moving the right edge of the graphic data on the timeline to
the right edge of the audio data.
A.80.3.5.8 On the "Video Special Effects" panel, select the "News" item
from the tree-like list.
A.80.3.5.9 Drag and drop the "Color" preset onto the graphics data
timeline.
А.80.3.5.10 In the "Video event special effects" window that opens, in the "Point
size" line, click on the "Animate" button.
A.80.3.5.11 On the displayed timeline, set the cursor position to the
beginning of the timeline and set the value 0 in the "Point size" field.
A.80.3.5.12 Set the cursor position to the end of the time scale, click on
the "Add keyframe" button and set the value 1 in the "Point size" field.
A.80.3.5.13 Close the Video Event FX window with the Close button in the
upper right corner of the window.
A.80.3.5.14 Select "Render As..." from the File menu. In the "Render as"
A.80.3.5.15 window that opens, in the "Output Format" section
saving in MPEG-4 format (select video quality in presets for iPod).
191
A.80.3.5.21 Verification training video materials counts
executed if in the "Materials" directory, when opening the "Video data.mp4"
file, a video image of the "Lightning" figure is played with the phrase
"Checking the preparation of audio materials using the Sony Sound Forge
program" in the audio sequence.
A.80.4 SPO RRR is considered to have passed the tests according to clauses
A.80.3.1-A.80.3.5.21 of the test program and methodology and fulfill clauses 3.2.7, 3.2.7.1
of the TOR for the R&D MF, if the checks of clauses A.80.3 are successfully completed.
2.26, A.80.3.3.14, A.80.3.4.23, A.80.3.5.21.
- graphic files (JPG, PNG) in terms of exif attributes (for JPG) and GPS-
coordinates;
- audio files (mp3) in the part of ID3 tags;
video files - modification of the time of creation and modification of
-
tracks. A.81.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
192
- "Name": PIM test;
- "Theme": checking the legend;
- "Author": Pyotr Razumovsky;
- "Keywords": PIM; legend;
- "Time of creation":2000.08.01 10:20:30;
- "Time to change":2000.10.20 01:02:03;
- "Manager": Ivanov Ivan Ivanovich;
- "Company": Titanum;
- "Category": test document;
- "Status": checked;
- "Last edited author": PIM operator;
- "Version number":5;
- "Application": notepad;
- "Comments": test comment;
- "Last print time":2010.01.02 03:04:05.
A.81.3.2.5 Click on the "Save Changes" button.
A.81.3.2.6 Through Windows Explorer, open the "Materials" directory on
desktop.
A.81.3.2.7 Right-click on the text file icon
material.docx" and select "Properties" from its context menu.
A.81.3.2.8 In the opened window "Properties: Text material.docx", on the
tab "Details", check the presence of the values specified in paragraph
A.81.3.2.4 in the file's metadata.
A.81.3.2.9 Close the "Properties: Text Material.docx" window by
pressing the "OK" button.
A.81.3.3 Checking for metadata filling in graphic files is performed in
the following order:
A.81.3.3.1 Click on the "Select file" button.
A.81.3.3.2 Select on the desktop in the "Materials" catalog
(created in A.80.3.1) the Image Data.jpg file (created in A.80.3.3.1 to
A.80.3.3.12).
A.81.3.3.3 Click on the "Open" button. Set the
A.81.3.3.4 following parameters in the table:
- "Comments":LegendCheck;
- "Copyright":JPGAuthor
- "Creator":JPGCreator;
- Shooting time:2000.08.01 10:20:30;
- "Camera Maker":SONY;
193
- "Camera Model":DSC-H300;
- "GPS Latitude": 51;
- "GPS Longitude": 20;
- "GPS Altitude: 8.
A.81.3.3.5 Click on the "Save Changes" button.
A.81.3.3.6 Through Windows Explorer, open the "Materials" directory on
desktop.
A.81.3.3.7 Right click on file icon
"Graphic data.jpg" and select "Properties" from its context menu.
194
A.81.3.5 Checking for metadata filling in video files is performed in the
following order:
A.81.3.5.1 Click on the "Select file" button.
A.81.3.5.2 Select on the desktop in the "Materials" catalog
(created in clause A.80.3.1) the file “Video data. mp4" (created in A.80.3.5.1
to A.80.3.5.19).
A.81.3.5.3 Click on the "Open" button. Set the
A.81.3.5.4 following parameters in the table:
- "Time of creation":2000.08.01 10:20:30;
- "Time to change":2000.10.20 01:02:03.
A.81.3.5.5 Click on the "Save Changes" button.
A.81.3.5.6 Through Windows Explorer, open the "Materials" directory on
desktop.
A.81.3.5.7Right click on file icon
"Video data.mp4" and select "Properties" from its context menu.
A.81.3.5.8 In the "Properties: Video data.mp4" window that opens, on the
"Details" tab, check the presence of the values specified in paragraph A.81.3.5.4 in
the file's metadata.
A.81.3.5.9 Close the "Properties: Video data.mp4" window by clicking on
"OK" button.
A.81.3.6 Click on the "Select file" button.
A.81.3.7 Select on the desktop in the "Materials" catalog (created
in clause A.80.3.1) the "Text Material.docx" file (created in clauses A.80.3.2.1
to A.80.3.2.6).
A.81.3.8 Click on the "Open" button.
A.81.3.9 Click on the "Clear all metadata" button.
A.81.3.10 Through Windows Explorer, open the "Materials" directory on
the desktop.
A.81.3.11 Right-click on the "Text material.docx" file icon and select the
"Properties" item from its context menu.
A.81.3.12 In the opened window "Properties: Text material.docx" on
the "Details" tab, check the absence of personalizing information in the file's
metadata.
A.81.3.13 Close the "Properties: Text material.docx" window by pressing the
"OK" button.
A.81.4 The SPO of the RRR is considered to have passed the tests in accordance with
clauses A.81.3.1-A.81.3.13 of the test program and procedure and fulfill clauses 3.2.7,
195
3.2.7.2 ToR for R&D MF, if the checks in paragraphs A.81.3.2.8, A.81.3.3.8, A.81.3.4.8,
A.81.3.5.8, A.81.3.12 are completed successfully.
A.82.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
196
- "Address": ask address groups For intros:
https://vk.com/urup_group;
- "Quantity":5.
A.82.3.6.3 Click on the "Create" button.
A.82.3.6.4 Wait for the creation of the event to complete. Check for
A.82.3.6.5 users from the PIM community
fictitious" in the subscribers of the group specified in clause A.82.3.6.2.
A.82.3.7 Verification of sending user friend requests is performed in
the following order:
A.82.3.7.1 Open V web browser page
"https://twitter.com/kotova74".
A.82.3.7.2 Mark (remember or write down) the number of readers.
A.82.3.7.3 From the PfM Events collection, click on
command bar to the "+ Event" button.
A.82.3.7.4 In the window that opens, set the following event
parameters:
- "Name": PIM User Subscription;
- "Type of event": Typical actions;
- "Script": Subscribe to the user;
- "Social networks": turn on Twitter;
- "Start": set the current time;
- "end": set the time for15 minutes more than current;
- "Communities": select the "PIM Fictional" group;
- "Address" set the address of the user to add to friends:https://twit-
ter.com/kotova74;
- "Quantity":5.
A.82.3.7.5 Click on the "Save" button. Wait for the creation
A.82.3.7.6 of the event to complete. Repeating paragraphs
A.82.3.7.7 A.82.3.7.1 to A.82.3.7.2, check
increasing the number of readers on the user's page by the value specified
in clause A.82.3.7.4.
A.82.4 SPO RRR is considered to have passed the tests according to clauses
A.82.3.1-A.82.3.7.7 of the test program and methodology and fulfill clauses 3.2.7, 3.2.7.3
of the TOR for the R&D MF, if:
- regarding the entry of virtual users into the group, if
users from the "PIM fictitious" group are present in the subscribers of the group
https://vk.com/urup_group;
197
- in terms of sending requests to add users as friends, if
the number of readers on the user page "https://twitter.com/kotova74"
increased by 5.
A.83 Practice No. 83
A.83.1 In this methodology, the SPO of the RRR is checked for compliance with the
requirements of paragraphs 3.2.7, 3.2.7.4 of the TOR for the Amezit-V R&D SC.
A.83.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.4
of the ToR for the Amezit-V R&D MF, the RRP SSW should provide automated
placement of special materials in the following services:
- Twitter;
- livejournal;
- In contact with;
- Facebook;
- YouTube;
- Classmates;
- Instagram;
- blog spot.
The following types of actions of virtual users must be supported in
the specified social networks:
- Twitter:
- automatic registration of accounts;
- fillinguser profiles: avatar, geography, name
user, description (about yourself);
- placement of text publications (tweets);
- placement of publications with images;
- posting comments;
- "likes" (approvals) to publications and comments;
- reprint of publications (reposts);
- adding to friends (subscriptions);
- receiving and sending private messages.
- livejournal:
- automatic registration of accounts;
- fillinguser profiles: avatar, geography, name
user, description (about yourself), interests;
- placement of text publications;
- placement of publications with images;
- posting comments;
198
- "likes" (approvals) to publications and comments;
- reprint of publications;
- adding to friends (subscriptions);
- receiving and sending private messages.
- In contact with:
199
- Classmates:
- automatic registration of accounts with confirmation bySMS;
- placement of text publications;
- placement of publications with images;
- posting comments;
- "likes" (approvals) to publications and comments;
- reprint of publications;
- adding to friends;
- joining a group;
- receiving and sending private messages.
- Instagram:
- automatic registration of accounts with confirmation bySMS;
- posting comments;
- "likes" (approvals) to photos;
- adding to friends;
- receiving and sending private messages;
- placing photos on their pages.
- blog spot:
- automatic registration of accounts;
- placement of text publications;
- placement of publications with images;
- posting comments;
- adding to friends (subscriptions);
- receiving and sending private messages.
- instant messaging servicesTelegram, Whatsapp):
- automatic registration of accounts;
- completing user profiles;
- sending text messages toTelegram and WhatsApp;
- sending images, video and audio materials toTelegram.
To implement confirmation of registration by SMS, as well as the tasks of
sending SMS and distributing audio recordings through telephone networks
(calls), the Dinstar multi-SIM solution hardware and software system should be
used, including: SIM-bank, GSM-gateway (at least 4 antennas), local SIM cloud
server.
The function of copying profile information should be supported
only for social networks supported by the subsystem.
200
A.83.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
201
A.84 Practice No. 84
A.84.1 In this methodology, the SPO of the RRR is checked for compliance with the
requirements of paragraphs 3.2.7, 3.2.7.5 of the TOR for the Amezit-V R&D SC.
A.84.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.5 of
the TOR, the following means of raising the ratings of distributed special materials
should be provided at the Amezit-V R&D center:
- automated cheat counters of approvals (likes) and
reprints (reposts) for user-defined publications;
- identification of keywords (hashtags) corresponding to a given
user text.
Notes:
1. It must be possible to automate reprints
source materials to other social networks
2. Automation of actions should be carried out taking into account
“Methods for increasing the effectiveness of the distribution of special and
counter-propaganda materials, agreed with the main contractor (see clause
13.3.9 of the ToR).
A.84.3
requirements, follow the steps below.
202
- "Communities": select the "PIM Fictional" group;
- "Address": set the address of any publication from the results obtained in
paragraph A.83.3.9;
"Approvals":3;
-
- "Reprints":5.
A.84.3.3.5 Click on the "Save" button.
A.84.3.3.6 Wait for the event to complete. Checking
A.84.3.4 Keyword Identification (hashtags),
matching the user-specified text is executed in the following order:
203
A.85.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.6
of the TOR for the Amezit-V R&D SC, the RRP SSW must provide automated
registration of user accounts using personal data generated (taking into
account social engineering technologies): first name, last name, date of birth,
place of residence, interests, as well as photographs.
A.85.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
204
A.85.3.9 On the left in the list of "Objects" click on the line with the
"Registration Fictitious" community.
A.85.3.10 After selecting an arbitrary user in the workspace, check that
the data in the user profile and registered services match the data specified
in clause A.85.3.5.
A.85.4 SPO RRR is considered to have passed the tests according to clause A.85.3.1-
A.85.3.10 of the test program and procedure and fulfill clauses 3.2.7, 3.2.7.6 of the TOR on
the R&D MF, if clause A.85.3.10 is successfully completed .
205
A.86.3.9 On the left in the list of "Objects" click on the line with the
"Register Real" group.
A.86.3.10 Click on the user avatars in the workspace, check that the
data in the user profiles matches the data of the real profiles specified in
clause A.86.3.5.
A.86.4 SPO RRR is considered to have passed the tests according to clauses
A.86.3.1-A.86.3.10 of the test program and procedure and fulfill clauses 3.2.7, 3.2.7.7 of
the TOR on the R&D MF, if clause A.86.3.10 is successfully completed .
206
A.88.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.88.3.7 At the level of the "PIM Fictional" user community, click in the
workspace on the name of any user in the "Users" column to go to a window
with information about the existing accounts of the selected user.
A.88.3.8 Verify that the following rules are followed for account
passwords generated by STRs to prevent unauthorized access to created
accounts:
- password length at least10 characters;
- passwords use upper and lower characters at the same time
registers;
- Passwords contain special characters and/or numbers.
A.88.4 SPO RRP is considered to have passed the tests according to
clauses A.88.3.1-A.88.3.8 of the test program and methodology and fulfill
clauses 3.2.7, 3.2.7.9 of the TOR on the R&D MF, if e-mail registration is
completed and the following rules are met for account passwords
generated by open source software that prevent unauthorized access to
created accounts:
- password length at least10 characters;
- passwords use upper and lower characters at the same time
registers;
- Passwords contain special characters and/or numbers.
207
A.89 Practice No. 89
A.89.1 In this methodology, the SPO of the RRP is checked for compliance with the
requirements of paragraphs 3.2.7, 3.2.7.10 of the TOR for the Amezit-V R&D SC.
A.89.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.10
of the ToR for the Amezit-V R&D SC, the RRP SSW must ensure the preparation,
storage and presentation of the virtual user profile to the operator: personal
data, existing accounts in supported services, history of actions , private
conversations in existing accounts.
Notes:
1. It should be possible to add, edit and
deleting the comments of the APK operator.
2. Must be able to customize the display
list of virtual user profiles (grouping accounts of one profile, grouping
profiles, sorting, filters by age, languages, interests, nationality, etc.).
A.89.3
requirements, follow the steps below.
A.89.3.1 In the address bar, enter the address of the web interface of the RRP open source software
in the browser and pass authorization in the system.
A.89.3.2 The technique is carried out using the results of the technique
Method No. 86.
A.89.3.3 Go to the "Users" section.
A.89.3.4 On the left in the "Objects" list, click on the line with the community
"Registration Real".
A.89.3.5 In the upper part of the objects menu, click on the filter
button. In the filter panel that opens, enter the following data: "User
description (about yourself)": boxer.
A.89.3.6 Press the "Enter" button.
A.89.3.7 Make sure that the workspace on the right displays the user
"Murat Gassiev".
A.89.3.8 In the upper part of the workspace to the right of the name of
the user community, left-click and enter the text in the activated input field:
“checking the input of an arbitrary comment to the community”.
A.89.3.9 On the left in the "Objects" list, hover the cursor over the line
with the "Register Real" community and make sure that the operator's
comment is also displayed as a tooltip to the community.
208
A.89.3.10 In the upper part of the workspace to the right of the name
of the user community, left-click on the comment "checking the input of an
arbitrary comment to the group".
A.89.3.11 Clear the input field from the comment.
A.89.3.12 On the left in the list of "Objects" move the cursor over the line with the
"Register Real" community and make sure that the operator's comment has been
successfully deleted.
A.89.3.13 B working areas press on name column
User: Make sure the list is sorted by username.
A.89.3.15 Make sure that the displayed user data contains: image
(avatar), first name, last name, interests, description, age (date of birth).
A.89.3.16 Click on the link in the "User" column of any virtual user and
go to the list of his accounts.
A.89.3.17 Verify that a list of accounts is displayed for the selected
user.
A.89.3.18 In the command bar, click on the "Tasks" button. In the
upper right corner of the workspace, select the type of displayed tasks
"Planned" and click on the "View" button for any of the tasks.
A.89.3.19 Make sure that the task parameters contain the login and
password of one of the accounts of the user being viewed. Click on the
"Close" button.
A.89.3.20 In the command bar, click on the "Dialogues" button.
A.89.3.21 Verify that a list of private message conversations for the
given user is displayed.
A.89.4 SPO RRR is considered to have passed the tests according to clauses
A.89.3.1-A.89.3.21 of the test program and methodology and fulfill clauses 3.2.7, 3.2.7.10
of the TOR for the R&D MF, if:
-user profile data has an informative presentation
and match the given filters;
- for the selected user, a list of his accounts is displayed;
- for the selected user, a list of his personal
messages (dialogs).
209
A.90 Practice No. 90
A.90.1 In this methodology, the SPO of the RRR is checked for compliance with the
requirements of clauses 3.2.7, 3.2.7.11 of the TOR for the Amezit-V R&D SC.
A.90.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.11 of the
ToR for the Amezit-V R&D SC, the RRP SSS should provide analysis and generation of
reports on activity external to the profile, including:
- personal messages received and their number;
the number of added subscribers (friends);
-
- mentions by other users and their number (if any)
technical feasibility);
- comments and reposts to profile publications, as well as their
quantity;
- recommendations for improving dissemination efficiency
special materials (see paragraph A.84.2 of this document).
N o t e . Analysis and report generation should be performed in the
following modes:
- at the request of the user - in a specified time interval from
notification of the user about the readiness of the report;
-in near real time according to a predetermined
set of parameters.
A.90.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
210
A.90.3.8 Click on the "Create" button.
A.90.3.9 Wait for completion formation report (stage
formation is displayed in the current modal window).
A.90.3.10 Click on the "Save" button.
A.90.3.11 Open a saved file.
A.90.4 SPO RRR is considered to have passed the tests according to clauses
A.90.3.1-A.90.3.11 of the test program and methodology and fulfill clauses 3.2.7,
3.2.7.11 of the TOR for the R&D MF, if the opened document displays:
- information about the account for which the report was generated;
- the time interval for which the data for the report was collected;
-table containing counters: "Private messages", "Subscribers",
"Mentions", "Comments", "Reprints", "Approvals", "Recommendations";
A.91.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
211
A.91.3.3 Go to the "Events" section.
A.91.3.4 On the left in the list of "Objects" select the collection "Events
PIM" (created in clause A.82.3.5).
A.91.3.5 On the command bar, click on the "+ Event" button. In the
A.91.3.6 window that opens, set the following parameters
Events:
- "Name": PIM Placement of materials;
- "Type of event": Distribution of materials;
- "Script": Sending emails;
- "Start": set the current time;
- "End": set the time after20 minutes from current;
- "Communities": select the "PIM Fictional" group;
- "Library": select from the library "PIM Publications" (must
be created and filled with text materials in accordance with the document
RU.BATC.00183-01 92 01 “Special software for the subsystem for preparing,
placing and promoting special materials. User guide");
212
A.92.2 In accordance with the requirements of clauses 3.2.7, 3.2.7.13 of the
ToR for the MF R&D "Amezit-V", the RRP SSS should ensure the dissemination of
information messages to subscribers of the GIS OP through automated
distribution of personal messages in supported services.
A.92.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
213
A.92.4 SPO RRR is considered to have passed the tests according to
clause A.92.3.1-A.92.3.9 of the test program and methodology and fulfill
clauses 3.2.7, 3.2.7.13 of the TOR for the R&D MF, if messages from the PIM
Messages library, are present in personal messages of social network
recipients specified during events.
A.93 Practice No. 93
A.93.1 In this methodology, the SPO of the RRP is checked for compliance with the
requirements of paragraphs 3.2.7, 3.2.7.14 of the TOR for the Amezit-V R&D SC.
A.93.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.14 of
the ToR on the MF R&D "Amezit-V", the RRP SSS must ensure the dissemination of
information messages to subscribers via telephone networks using IP telephony
technology.
A.93.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
214
A.93.3.8 Wait for the creation of the event to complete.
A.93.3.9 Wait for an incoming call to the phone used for
checks.
A.93.3.10 Accept an incoming call and listen to the message. A.93.3.11 Go
to the "Management" section. Select "Settings" from the list of objects.
Using the IP address, login and password specified in the "Value" field of the
"IP telephony server" parameter, connect to the server and log in to the web
interface.
A.93.3.12 Select the menu item "Reports" - "Asterisk log files". In the
"Filter" field, enter "\[<mobile phone number for testing in the format
79161234567>@from-internal". Click on the "Show" button. Check for up-to-
date log records of the test call made.
A.93.3.13 Select the menu item "Reports" - "Call Event Logging". Click
on the "Search" button. Check for a completed test call in the list.
A.93.4 SPO RRP is considered to have passed the tests according to paragraphs
A.93.3.1-A.93.3.10 of the test program and procedure and fulfill paragraphs 3.2.7, 3.2.7.14 of
the TOR for the R&D MF, if:
- an incoming phone call was made from one of the numbers
specified in the "SIM cards" field when creating an event;
-the listened message matched the message loaded
to the "Test call" library;
- on serverIP telephony log and call history were present
records of the completed test call.
A.94 Practice No. 94
A.94.1 This method is used to check the SPO RRR for compliance with the
requirements of clauses 3.2.7, 3.2.7.15 of the TOR for the Amezit-V R&D SC.
A.94.2 In accordance with the requirements of paragraphs 3.2.7, 3.2.7.15 of
the ToR for the MF R&D "Amezit-V", the RRP SSS should ensure the dissemination
of information messages to subscribers via SMS / MMS messages.
A.94.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
215
A.94.3.4 On the left in the "Objects" list, select the "PIM Activities" collection
(created in paragraph A.82.3.5).
A.94.3.5 On the command bar, click on the "+ Event" button. In the
A.94.3.6 window that opens, set the following parameters
Events:
-"Name": PIMSMS mailing;
- "Event type": Telephony;
- "Scenario": Sending SMS messages;
- "SIM-cards": select 3 arbitrary SIM-cards from the list;
- "Start": set the current time;
- "End": set the time after10 minutes from the current;
- "Recipient numbers": enter the mobile phone number,
used for testing;
- "Message Library": select from the "PIM Messages" library
SMS” (should be prepared and filled in in advance in accordance with the
document RU.BATC.00183-01 92 01 “Special software for the subsystem for
preparing, placing and promoting special materials. User’s Guide”);
216
- analysis of text materials specified by the operator and generation
relevant keywords (hashtags);
- analysis of the effectiveness of dissemination of information materials,
including the dynamics of publications and the activity of the response from
users of social networks.
N o t e . informational security activities By
distribution of materials should be carried out taking into account the
“Methodology for increasing the efficiency of distribution of special and
counter-propaganda materials”, agreed with the main contractor (see clause
13.3.9 of the ToR).
A.95.3
requirements, follow the steps below.
217
A.95.3.3.13 Verify that the modal window displays between 1 and 10
suggested hashtags.
A.95.3.3.14 Click on the "Save" button.
A.95.3.3.15 Place the cursor on the title of the message for which
analysis was performed and click on the edit button that appears.
A.95.3.3.16 Verify in the displayed modal window that the "Hashtags"
field contains the recommended hashtags.
A.95.3.4 Checking the analysis of the effectiveness of information
dissemination
materials, including the dynamics of publications and the activity of the
response from users of social networks, is performed in the following order:
218
A.96 Practice No. 96
A.96.1 In this methodology, the SPO of the RRR is checked for compliance with the
requirements of paragraph 3.2.7.17 of the TOR for the Amezit-V R&D SC.
A.96.2 In accordance with the requirements of clauses 3.2.7, 3.2.7.17
of the ToR for the Amezit-V R&D MF, in the process of distributing
information materials, the RRP subsystem must provide the “real user
effect” in the following ways:
- automatic conducting vital activity virtual
users, including the following actions: filling personal pages with
publications in accordance with their personal interests, adding friends,
joining groups, viewing social network pages in reading mode (“surfing”);
219
A.96.3.4 Go to the "Journals" section.
A.96.3.5 Check for success records of the following types:
-"Publication";
- "User Subscription";
- "Republishing".
A.96.3.6 Go to the page of any user who has completed a successful
"Publish" action. Check if the user's page contains a posted post made as
part of automatic liveness.
220
managing the actions of virtual users through
-
subsystem graphical interface: sending private messages, adding friends,
joining groups, posting publications, sending comments. The execution of
these actions by a virtual user must occur in accordance with an individual
activity schedule or at a point in time specified by the operator;
Notes:
1. The application verification function must be implemented
software based on the virtual user legend (keyboard layouts supported by
the browser, version and language of the operating system, etc.).
221
- Vkontakte services.
A.97.3.1.6 In the workspace, in the "User" column, click on the link with
the left mouse button.
A.97.3.1.7 On the command bar, click the "+ Task" button. In the "Account"
A.97.3.1.8 field, select the account of the "VKontakte" service. Check the
A.97.3.1.9 contents of the list of available tasks in the "Type
tasks".
A.97.3.1.10 Select "Publication" in the "Type of task" field. Set the
A.97.3.1.11 following values in the task parameters:
- in the "Start of the task" field: time in5 minutes from current;
- in the "Text" field: My new post;
- in the "Links" field:http://ya.ru;
- in the "Hashtags" field: post tag.
A.97.3.1.12Click on the "Save" button.
A.97.3.1.13 In the command bar, click on the "Tasks" button.
A.97.3.1.14 In the upper right corner of the workspace, select the value
"Planned" filter.
A.97.3.1.15 Find the created task in the list of scheduled tasks for
publication.
A.97.3.1.16 Click on the "View" button for this task. Check the task
A.97.3.1.17 parameters for compliance with the specified ones. Remove a
A.97.3.1.18 task from the list of scheduled tasks by clicking on
the delete icon in the line with the task.
A.97.3.1.19 Verify that the remote task is not in the list of scheduled
tasks.
A.97.3.2 Verification of interaction with supported services through
DRP SS only is carried out in the following order:
A.97.3.2.1 Block access to Internet GIS resources for RRP open source
users.
A.97.3.2.2 Carry out the activity "PIM Entering the group" according to
the procedure Method No. 82.
A.97.3.2.3 Verify that result repeated tests
negative (no action should be performed successfully by virtual users).
222
A.97.3.3.1 Enter the web address in the browser's address bar
the open source software interface of the RRR and pass authorization in the system.
A.97.3.4.3 Log in to the PRR open source software on behalf of a user with a role
"User".
A.97.3.4.4Go to the "Events" section.
A.97.3.4.5Select the collection in which the event was created
"PIM Joining the Group".
A.97.3.4.6 Verify that the created event is displayed with the status
"Awaiting confirmation", next to the status the "Confirm" button is
displayed.
A.97.3.4.7 Click on the "Confirm" button for this event. Check for a
A.97.3.4.8 change in event status.
A.97.3.4.9 SPO RRP is considered to have passed the tests according to clause A.97.3.1-
A.97.3.4.9 of the test program and methodology and fulfilling paragraph 3.2.7.18 of the TOR
for MF R&D, if:
- the list of available virtual user tasks contains:
- private message;
- user subscription;
- joining a group;
- publication;
- a comment;
- OK;
- reprint.
- user task parameters correspond to the specified ones;
223
- the remote user task is not in the list of scheduled tasks;
- when blocking resources with the help of SPO PRD, the created event
not performed;
- for each available virtual user account
its service, login and password are displayed;
- The user session data contains the following entries:
- user agent of the browser;
- proxy server;
- user screen resolution;
- user's time zone;
- user language;
- command to launch the browser "Chromium.
- a user with the "Operator" role cannot run the created
action to be taken; confirmation of the event by a user with the role "User"
transfers the event to the "Started" state.
A.98 Practice No. 98
A.98.1 In this methodology, the SPO of the RRP is checked for compliance with the
requirements of clause 3.2.7.19 of the TOR for the Amezit-V R&D SC.
A.98.2 In accordance with the requirements of paragraphs of paragraph
3.2.7.19 of the ToR for the MF R&D "Amezit-V", the RRP SSS should provide
automated interaction with the SSS of the linguistic support subsystem.
A.98.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.98.3.1 Configure the path to the server of the linguistic support subsystem by
setting the value plo_server in the configuration file config/config.yml (the action is
performed by the administrator of the Amezit APK).
A.98.3.2 Launch browser.
A.98.3.3 In the address bar of the browser, enter the address of the web interface
STR software and are authorized in the system.
A.98.3.4 Go to the "Libraries" section.
A.98.3.5 On the left in the menu of objects, select the "Messages"
A.98.3.6 subsection. On the left in the "Message Libraries" list, select any
a non-empty message library.
A.98.3.7 In the workspace, move the cursor over the header of any
message.
224
A.98.3.8 In the header of the message, click on the displayed button “
” (“Translate”).
A.98.3.9 In the "Message translation" modal window that opens, in the "Text"
field, enter the text to translate "hello test one two three".
A.98.3.10 Click on the "Run" button.
A.98.3.11 Wait for the result of the transfer in the "Transfer" field.
A.98.3.12 To view the format of the transmitted data in the browser,
open the developer console (using the Ctrl+J key combination) and go to the
“Network” tab.
A.98.4 SPO RRP is considered to have passed the tests according to paragraphs
A.98.3.1-A.98.3.12 of the test program and procedure and fulfill paragraph 3.2.7.18 of the TOR
for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when translating the text of the message, the text "hello
check one two three";
- when viewing the format of the transmitted data, the formats of the sent
and received data correspond to accepted PLO formats.
A.99 Practice No. 99
A.99.1 In this methodology, the SPO of the RRP is checked for compliance with the
requirements of paragraphs 9.3.2, 9.3.3 of the TOR for the Amezit-V R&D SC.
A.99.2 In accordance with the requirements of paragraphs 9.3.2, 9.3.3 of the ToR
for the Amezit-V R&D SC, the RRP SSW must ensure that the requirements for the data
processing mode and the rights to access the processed information are met.
A.99.3 To check the compliance of the RRP SSW with the requirements,
it is necessary to perform the actions described below.
225
software for the subsystem of preparation, placement and "promotion" of
special materials. User guide".
A.99.3.6 After clicking on the “Login” button, the main interface of the
RRP SSW should open, which indicates successful access to the SSW.
A.99.4 The SPO of the RRR is considered to have passed the tests according to
clauses A.99.3.1-A.99.3.6 of the test program and procedure and fulfill clauses 9.3.2, 9.3.3
of the TOR for the R&D MF, if in clause A.99.3.4 access the user is not provided and an
error message is displayed, and in clause A.99.3.6 the user has successfully logged on to
the system.
A.100.1 In this methodology, the SPO of the RRP is checked for compliance with
the requirements of clause 9.17 of the TOR for the Amezit-V R&D SC.
A.100.2 In accordance with the requirements of clause 9.17 of the ToR for the
Amezit-V R&D SC, the RRP SSW must ensure the functions of registering and storing the
actions of operators.
A.100.3 In order to check the RRP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.100.3.2 In the SSH client window, enter the following command: tail –f /srv/prr-ui/logs/*log.
A.100.3.3 Start the browser and in the address bar enter the address of the control interface of
the PRR open source software.
A.100.4 The RRP SSW is considered to have passed the tests in accordance with clauses
A.100.3.1-A.100.3.3 of the test program and methodology and fulfill clause 9.17 of the TOR on
the R&D MF, if after the execution of clause A.100.3.3 in the SSH client window there are the
request data to the control interface of the following form is displayed:
Started GET “<request path>” for <client IP> at <Request time> Processing by
<Controller and request processing method via #>
For example:
226
A.101 Practice No. 101
A.101.1 In this methodology, the SPO PTT is checked for compliance with the
requirements of paragraphs 3.2.8, 3.2.8.1 of the TOR for the Amezit-V R&D SC.
A.101.2 In accordance with the requirements of clauses 3.2.8, 3.2.8.1 of the TOR
for the Amezit-V R&D SC, the PTT open source software must ensure the detection of
actual critical vulnerabilities in Microsoft Windows XP and older, Microsoft Windows
Server 2003 and older, Red Hat 5 and older, CentOS 5 and older, Debian 6 and older,
Ubuntu 12 and older. The relevance of software versions is established on the date of
approval of the program and methods of preliminary testing.
A.101.3 In order to check the SPO PTT for compliance with the
requirements, it is necessary to perform the actions described below.
A.101.3.1 Make sure you have a set of software and hardware tools,
including a PC with installed OS Microsoft Windows XP and older, Microsoft
Windows Server 2003 and older, Red Hat 5 and older, CentOS 5 and older,
Debian 6 and older, Ubuntu 12 and older.
N o t e . It is allowed to use VMs imitating PCs operating under the
control of the listed operating systems.
A.101.3.2 Select one of the PCs listed in A.101.3.1, and
scan the software components of the OS of this PC using the MaxPatrol
vulnerability scanner. The check is carried out in accordance with the
document RU.VATS.00184-01 92 02 “Special software for the
telecommunications equipment testing subsystem. MaxPatrol software.
User guide".
A.101.3.3 Perform operations on static and structural code analysis in
accordance with clause A.104 for OS components for which there are
program source codes.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.104 (methodology Methodology No. 104).
A.101.3.4 Perform operations on dynamic analysis of OS code in
in accordance with paragraph A.105.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.105 (methodology Methodology No. 105).
A.101.3.5 Perform automated recognition operations
standard library functions used in the OS, in accordance with clause A.106.
227
A.101.3.6 Perform operations on signature analysis of dangerous
operations performed in the OS, in accordance with clause A.107.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.107 (methodology Methodology No. 107).
A.101.3.7 Perform automated search operations
the changes made to the OS program code when it is modified in
accordance with clause A.111.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.111 (methodology Methodology No. 111).
A.101.4 SPO PTT is considered to have passed the tests according to clause A.101.3.1-
A.101.3.7 of the test program and methodology and fulfilling clauses 3.2.8, 3.2.8.1 of
the TOR for MF R&D, if:
- according to the results of the checks performed in points A.101.3.2-A.101.3.7,
received reports containing correct and consistent data on the vulnerabilities of
the tested operating systems;
- The software used during inspections searches for and
detection of vulnerabilities of the tested OS.
A.102 Practice No. 102
A.102.1 In this methodology, the SPO PTT is checked for compliance with the
requirements of paragraphs 3.2.8, 3.2.8.2 of the TOR for the Amezit-V R&D SC.
A.102.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.2 of the
TOR for the Amezit-V R&D SC, the PTT open source software must ensure the detection of
current critical vulnerabilities in MS SQL Server 2008/2008R2/2012, Oracle Database 10
for Linux/Windows, Oracle MySQL 4.x. and Microsoft Office 2003 and higher, Adobe,
OpenOffice for Linux platforms, Microsoft Explorer, Opera, FireFox, Google Chrome
browsers, Adobe Reader software, Adobe Flash. The relevance of software versions is
established on the date of approval of the program and methods of preliminary testing.
A.102.3 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
228
N o t e . It is allowed to use VMs imitating PCs with the listed software
installed on them.
A.102.3.2 Select one of the PCs with installed software listed
in clause A.102.3.1. Select one program from the software installed on the
PC and scan it using the MaxPatrol Vulnerability Scanner. The check is
carried out in accordance with the document RU.VATS.00184-01 92 02
“Special software for the telecommunications equipment testing subsystem.
MaxPatrol software. User guide".
229
- The software used during inspections searches for and
detection of vulnerabilities in programs being checked.
230
A.103.3.5 Perform operations for automated recognition of standard
library functions used in information security software, in accordance with
clause A.106.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.106 (methodology Methodology No. 106).
A.103.3.6 Perform signature analysis operations on hazardous
operations performed by information security software, in accordance with
clause A.107.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.107 (methodology Methodology No. 107).
A.103.3.7 Perform automated search operations
changes made to the program code of the software of information security tools
when it is modified in accordance with clause A.111.
N o t e . It is allowed to combine this action with the check performed in
paragraph A.111 (methodology Methodology No. 111).
A.103.3.8 Testing the ability to detect current critical
information security software vulnerabilities is considered passed if:
231
A.104.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.5 of the TOR
for the SC R&D "Amezit-V", the PTT open source software must provide a structural and static
analysis of the source texts of programs in programming languages:
-C;
- C++;
- NET;
- java
- PHP.
A.104.3 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
prepared software samples, which are files developed in C, C++, .NET, Java,
PHP programming languages. The files of open source software of the APC
"Amezit", files of any freely distributed software, or specially generated test
cases can serve as samples of program source texts.
2 FindBugs Java
232
A.104.3.4 To carry out a check, the following steps should be taken:
233
A.105.3.2 Verification of software sample files is performed using the
following analysis software tools:
- disassembler -IDA Pro Disassembler;
- decompiler -Hex-Rays Decompiler;
- application fuzzing softwarePeach Fuzzer;
- console utility for fuzzing applications -AFL;
- additional module for softwareIDA Pro - ida-x86emu;
- debugger -x64dbg.
A.105.3.3 Testing is performed in accordance with documents
RU.BATC.00184-01 92 10 “Special software for the telecommunications
equipment testing subsystem. IDA Pro software. User Manual”,
RU.BATC.00184-01 92 11 “Special Software for Telecommunication
Equipment Testing Subsystem. x64dbg software. User guide".
234
A.106.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.7 of
the ToR for the Amezit-V R&D MF, the PTT open source software must provide
automated recognition of the used standard library functions according to the
following list: _getlong, udp_cksum, os_strncpy, os_strncmp, os_strlen, os_strchr,
os_strrchr, os_memcmp, os_memset, os_memcpy, scanf, printf, gets.
A.106.3 Checking the provision of automated recognition of the
standard library functions used is performed using pre-prepared software
sample files, which are files containing the standard library functions listed
in clause A.106.2.
A.106.6 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
A.106.7 SPO PTT is considered to have passed the tests in accordance with
clauses A.106.6.1-A.106.6.6 of the test program and procedure and fulfill clauses
3.2.8, 3.2.8.7 of the TOR for the R&D MF, if, upon fulfillment of clauses A.106.6.3 –
A.106.6.6 All standard library functions from the list of standard library functions
given in clause A.106.2 are found in the sample software files.
235
A.107 Practice No. 107
A.107.1 This method is used to check the SPO PTT for compliance with the
requirements of clauses 3.2.8, 3.2.8.8 of the TOR for the Amezit-V R&D SC.
A.107.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.8 of the
ToR for the Amezit-V R&D SC, the PTT SSS must provide signature analysis of
potentially hazardous operations according to the following list:
- callLoadLibraryEx or LoadLibrary with an argument containing
relative path;
- calling functions that work with the format string (scanf, printf);
- calling functions that do not control the size of the input when writing to the buffer
(gets, scanf, strcpy);
- calling functions that copy buffers (memcpy,
CopyMemory);
- function withoutControl Flow Guard;
- the presence of a module without supportASLR;
- the presence of a page with the rights to record and execute;
- register transfer operations (jmpreg, allreg);
- absenceNX-bit;
- the presence of debug information in the file.
A.107.3 Verification of signature analysis of potentially dangerous
operations is performed using pre-prepared software samples, which are
files that include calls to the functions listed in clause A.107.2.
A.107.6 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
236
A.107.6.4 Start the analysis process of the open sample software file and
wait for the completion message.
A.107.6.5 View the presence of potentially dangerous operations in the list of
identified operations and compare them with the list of operations in the source code
of the software sample file. Make sure that all potentially dangerous operations of the
source code of the software sample file are displayed in the list of detected
operations.
A.107.6.6 Repeat (if necessary) steps A.107.6.3–A.107.6.5 for the
remaining software sample files located in the critical_test directory.
A.107.7 SPO PTT is considered to have passed the tests in accordance with
clauses A.107.6.1-A.107.6.6 of the test program and procedure and fulfill clauses 3.2.8,
3.2.8.8 of the TOR for the R&D MF, if, when performing the actions in clauses A.107.6
.3- A.107.6.6 all potentially dangerous operations from the list given in paragraph
A.107.2 are detected.
237
dynamic analysis, Taint-analysis using dynamic analysis software tools such
as Intel PIN and Dynamo Rio.
N o t e . To include in the program documentation for the Amezit APK
a methodology for restoring the operation logic and protocols for software
network interaction based on working with the above technical means.
238
A.108.3.3.5 Perform recording and playback of network sessions.
A.108.3.3.6 Conduct protocol encapsulation research. Perform the
A.108.3.3.7 formation of your own samples of individual
packages and their sequences.
A.108.3.3.8 Simulate information exchange between a mail service
client and server using SMTP and/or POP3 protocols and check the
applicability of guidelines for restoring the operation logic and network
interaction protocols of third-party software in relation to the network traffic
analysis tools used.
A.108.3.4 Verification ensure recovery logic
functioning and protocols of network interaction Third-party software by using
mechanisms and software tools for capturing network packets passing
through the network interface, parsing them according to the levels of the OSI
model, statistical analysis of packet arrays, recording and replaying network
sessions, studying protocol encapsulation, compiling your own samples of
individual packets and their sequences using software tools for analyzing
traffic such as Wireshark and Scapy is considered successful if clauses
A.108.3.3.1–A.108.3.3.7 are successfully completed, and the analysis of the
recorded session of the exchange of the client and the server of the mail
service with messages using the SMTP protocols and / or POP3 made it
possible to highlight the sequence of operations that correspond to the RFC
specifications for these protocols.
A.108.3.5 Verification ensure recovery logic
functioning and network interaction protocols for third-party software
through the use of mechanisms and software tools for debugging, tracing,
monitoring data changes, changing the values of variables during code
execution, monitoring program execution, viewing the contents of memory
cells and processor registers, searching for errors, installing and
uninstalling breakpoints using software debugging tools such as WinDBG
and GNU Debugger are carried out in accordance with clauses A.108.3.6–
A.108.3.9.
A.108.3.6 Verification in progress With using in advance
a prepared software sample, which is a binary executable file with the “exe”
extension.
A.108.3.7 Testing is performed in accordance with documents
RU.BATC.00184-01 92 03 “Special software for the telecommunications
equipment testing subsystem. GNU Debugger software. User Manual”,
RU.BATC.00184-01 92 04 “Special
239
software for testing subsystem of telecommunication equipment. WinDBG
software. User guide".
A.108.3.8 To perform a check, the following steps must be taken:
240
analysis of the Intel Pin and DynamoRIO types is carried out in accordance with clauses
A.108.3.11 to A.108.3.14.
A.108.3.11 Verificationperformed With using in advance
a prepared software sample, which is a binary executable file with the “exe”
extension.
A.108.3.12 Verification is carried out in accordance with the documents
RU.BATC.00184-01 92 12 “Special software for the telecommunications
equipment testing subsystem. Intel PIN software. Operation manual”,
RU.BATC.00184-01 92 13 “Special software for testing subsystem of
telecommunication equipment. DynamoRIO software. Manual".
A.108.3.13.1 Start the Intel Pin tool. A.108.3.13.2 Open the sample software
file in the Intel Pin program. A.108.3.13.3 Check for the absence of
information about errors and failures in the operation of binary code
dynamic instrumentation mechanisms.
A.108.3.13.4 Check the absence of information about errors and
failures in the operation of command injection mechanisms during program
execution.
A.108.3.13.5 Check the absence of information about errors and failures in the
operation of mechanisms for creating your own dynamic analysis utilities,
Taintanalysis.
A.108.3.13.6 Do points A.108.3.13.1 to A.108.3.13.5 With
using the DynamoRIO software.
A.108.3.14 Verification ensure recovery logic
functioning and protocols of network interaction Third-party software
through the use of mechanisms and software tools for dynamic
instrumentation of binary code, command injection during program
execution, creation of own dynamic analysis utilities, Taint-analysis using
dynamic analysis software tools such as Intel Pin and DynamoRIO is
considered successful if, during the checks performed in paragraphs
A.108.3.13.1 to A.108.3.13.6, information about errors and failures is
missing.
A.108.3.15 Verification of the presentation of methods for restoring the
operation logic and protocols of network interaction of the software as part of
the software documentation for the Amezit-V software is carried out by viewing
the documentation set submitted for testing for the presence of
241
of these methods and evaluation of the content of these methods for the possibility
of their application when conducting checks using Wireshark and Scapy, WinDBG and
GNU Debugger, Intel Pin and DynamoRIO programs.
A.108.3.16 The verification is considered successful if the set of
documentation submitted for testing contains methodological instructions
for restoring the operation logic and protocols of software network
interaction, and their content ensures that they are carried out using
Wireshark and Scapy, WinDBG and GNU Debugger, Intel software Pin and
DynamoRIO restoration of the logic of functioning and protocols of software
network interaction.
A.108.4 SPO PTT is considered to have passed the tests according to clauses
A.108.3.1-A.108.3.16 of the test program and procedure and fulfill clauses 3.2.8, 3.2.8.9 of
the TOR for the R&D MF, if the conditions in clauses A.108.3 are met. 4, A.108.3.9,
A.108.3.14, A.108.3.16.
242
A.109.4.4 Launch the browser and connect to the web interface of the open
source software of the anti-virus control stand.
A.109.4.5 Select the software control sample No. 1 and start the procedure for its
verification by the ABCS.
A.109.4.6 Wait until the end of the check, view the results in a report
presented in tabular and graphical form, make sure that the SAVZ of
malicious code is detected in the software sample No. 1, make sure that
there is data from all the SAVZ included in the anti-virus control stand SSW .
A.109.4.7 Write (copy to a text file) the hash value of software sample
No. 1.
A.109.4.8 Select the software control sample No. 2 and start the procedure for its
verification by the ABCS.
A.109.4.9 Wait until the end of the check, view the results in a report
presented in tabular and graphical form, make sure that software sample
No. 2 is safe, make sure that there is data from all SAVZ included in the SSW
of the anti-virus control stand.
A.109.4.10 Select one of the additional software samples and start the
procedure for its verification by the CAD (clauses A.109.4.10 and A.109.4.11 can be
omitted or performed by decision of the commission).
A.109.4.11 Wait for the end of the check, view the results in a report
presented in tabular and graphical form, make sure that the SAVZ of
malicious code is detected in the software sample, make sure that there is
data from all the SAVZ included in the anti-virus control stand SSW.
243
A.109.4.15 Set a new schedule for Software Sample #1. Verify that the
dialog box that opens before saving the new schedule is displayed with
information about the previous schedule.
A.109.4.16 View the event logs, make sure that there are no Internet
connections during and after the checks, that there are no critical errors
that could occur during the operation of the anti-virus control stand SSW
(errors that arose for reasons not related to the work of the checked
programs are not a sign of inoperability of the open source software of the
anti-virus control stand).
A.109.5 The PTT SSS is considered to have passed the tests in accordance with clauses
A.109.4.2-A.109.4.16 of the test program and methodology and fulfills clauses 3.2.8, 3.2.8.10
of the TOR on the R&D MF, if during the operation of the SWS of the anti-virus control stand:
A.110.1 In this methodology, the SPO PTT is checked for compliance with the
requirements of paragraphs 3.2.8, 3.2.8.11 of the TOR for the Amezit-V R&D SC.
A.110.2 In accordance with the requirements of clauses 3.2.8, 3.2.8.11 of
the ToR for the Amezit-V R&D SC, the PTT SSW must provide automated
updating of virus signature databases from trusted sources.
A.110.3 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
244
A.110.3.2 Run the VMware Client software, check that the management VM and the
SAVZ VM are turned on, make sure that the VM is disconnected from the Internet, make
sure that anti-virus programs are working.
A.110.3.3 Specify the update time in the config.py configuration file and
coordinate the specified time with the time for updating the BAT (in each BAT, set
the required time and conditions for updating).
A.110.3.4 Run (restart) the control software (launcher.py) on the
control VM (restart is performed to accept the changed data of the
configuration file and generate new event logs if the control software was
launched earlier).
A.110.3.5 Wait for the start time of the BAS update. Make sure that
VMs automatically connect to the Internet after they are restored from pre-
created images (snapshots).
A.110.3.6 Use a traffic analyzer to monitor the IP addresses that the
ABBA are accessing for updates.
A.110.3.7 Wait for the update procedure to complete (by default, the
update duration is one hour). Make sure that the Internet is automatically
turned off after the update procedure is completed.
A.110.3.8 Make sure that the IP addresses from which the SAVZ anti-
virus databases are updated belong to the developers of anti-virus
programs using the Whois service.
Notes:
1. The IP addresses of the update servers are pre-set by the SAVZ
developers and cannot be changed by standard means of anti-virus
programs.
2. Updating anti-virus databases and SAVZ can be performed using the
main or "mirror" servers of anti-virus software developers.
245
- Reconfigured virtual machine (virtual machine reconfiguration -
disconnecting the VM from the Internet);
- Reconfigured virtual machine (virtual machine reconfiguration -
connection of the VM to the Internet);
- The execution state of the virtual machine has been reverted to the state of
cnapshot temp_snap,with ID [number] (the virtual machine was restored from a snapshot
(backup image) temp_snap with ID [number], where [number] is the snapshot number);
A.111.1 In this methodology, the SPO PTT is checked for compliance with the
requirements of paragraphs 3.2.8, 3.2.8.12 of the TOR for the Amezit-V R&D SC.
A.111.2 In accordance with the requirements of paragraphs 3.2.8, 3.2.8.12 of the
ToR for the Amezit-V R&D SC, the PTT open source software must provide an automated
search for changes made to the program code of system and application software of
third-party developers when it is modified.
246
N o t e . All software includes 32-bit and 64-bit versions where
available.
A.111.3 To check the SPO PTT for compliance
requirements, follow the steps below.
A.111.3.1 In the directory with the diff_test test data sets, create
nested directories, place the control files v1.c, v2.c (or others), as well as
their compiled versions (the v2 file is a modified version of the v1 file) in
them.
A.111.3.2 Using the BinDiff software tool, search for changes in
executable files in accordance with the instructions given in the document
RU.BATC.00184-01 34 05 “Special software for the telecommunications
equipment testing subsystem. BinDiff and Diaphora software. Operator's
Manual".
A.111.3.3 Check the completeness of the changes found. A.111.3.4
Using the Daiphora software tool, search for changes in executable
files in accordance with the instructions given in the document
RU.BATC.00184-01 34 05 “Special software for the telecommunications
equipment testing subsystem. BinDiff and Diaphora software. Operator's
Manual".
A.111.3.5 Check the completeness of the changes found. A.111.3.6 If
necessary, perform similar operations with additional test pieces.
A.112.1 This method is used to check the SPO PTT for compliance with the
requirements of clauses 3.2.8, 3.2.8.13 of the TOR for the Amezit-V R&D SC.
A.112.2 In accordance with the requirements of paragraphs 3.2.8,
3.2.8.13 of the ToR for the Amezit-V R&D SC, the PTT SSW should provide
modeling of information security threats based on the developed SSW
sample that imitates the behavior of widespread computer viruses (Trojans)
and provides :
247
functioning under the control of operating systems of the family
-
Windows on 32- and 64-bit processors;
- remote control through an intermediate data exchange node and
commands over a secure protocol (using our own control system and
command relaying);
- counteracting detection by local defenses when
installation in the system;
-uniqueness of the binary file of each sample and implementation
algorithms for modifying an executable file to minimize the possibility of
entering it into anti-virus databases;
- countering detection by local defenses after
installation in the system;
- collecting general information about the system and sending it to the management server;
- collecting information about keystrokes on the keyboard;
- collecting information about the file system and transferring the specified files to
control center, as well as transferring files from the control center to the file
system;
- taking screenshots with the transfer of information to the center
management;
- support for a modular structure that allows you to dynamically change
sample functionality.
A.112.3 To check the SPO PTT for compliance with the requirements,
you must perform the steps described below.
intermediate node for the exchange of data and commands over a secure
248
protocol (using its own control system and command relay) is performed in
accordance with clauses A.112.3.4 to A.112.3.6.
A.112.3.4 Verification is performed using an infrastructure consisting
of a control workstation and components simulating: a control server, an
intermediate server, a target PC running Windows OS (version 7 x32 or
version 10 x64), with the corresponding software modules SPO "Sputnik",
and a traffic control node.
A.112.3.5.1 Run the traffic analysis software on the traffic control node,
make sure it is connected to the intermediate server.
A.112.3.5.2 Launch a browser on the control workstation, connect to
the web interface of the SPO "Sputnik", create a task for viewing the list of
directories of the target PC, wait for the status of the task to change to
"Completed".
A.112.3.5.3 Verify, using traffic analysis software, that there are no
unencrypted packets transmitted through the intermediate server during
data exchange between the control server and the target PC.
A.112.3.6 Verification of the possibility of remote control through an
intermediate node for the exchange of data and commands over a secure
protocol (using its own control system and command relay) is considered
successful if:
- target PC directory listing operation completed
correctly;
- The traffic analysis software did not register the transmission of commands and data in
open (unencrypted) form during their relaying through an intermediate
server.
A.112.3.7 Verification ensure opposition discovery
local means of protection when installed in the system is carried out in
accordance with clauses A.112.3.8–A.112.3.10.
A.112.3.8 The check is performed using the installation file of the "agent"
module of the "Sputnik" open source software, a component that imitates the
target PC running under Windows OS (version 7 x32 or version 10 x64) with the
installed SAVZ.
N o t e . To carry out the check, as target PCs with the SAVZ installed on
them, it is allowed to use the components of the open source software of the
anti-virus control stand.
249
A.112.3.9 To perform a check, the following steps must be performed:
250
algorithm and compare the obtained checksum values. Note the difference
in the obtained values of the checksums.
A.112.3.13.4 Examine each SABZ sample that initially identified the
prepared sample file as a security risk and verify that there are no security
risks.
A.112.3.14 The verification of ensuring the uniqueness of the binary file of
each sample and the implementation of algorithms for modifying the executable
file, which make it possible to minimize the possibility of entering it into the
databases of anti-virus tools, is considered successful if:
- checksums of similarly generated samples
different from each other;
- generated samples are not identified by CABZ as representing
security threat.
A.112.3.15 Verification of the provision of countermeasures after installation
in the system to detection by local means of protection is carried out in
accordance with paragraphs A.112.3.16–A.112.3.18.
A.112.3.16 The check is performed using the installation file of the "agent"
module of the "Sputnik" open source software, a component that imitates the
target PC running under Windows OS (version 7 x32 or version 10 x64) with the
SAVZ installed.
N o t e . To carry out the check, it is allowed to use the components of the
open source software of the anti-virus control stand as target PCs with the
SAVZ installed on them.
A.112.3.17
actions:
A.112.3.17.1 Update the SAVZ anti-virus database (if not updated
earlier) on the target PC running Windows OS (version 7 x32 or version 10
x64).
A.112.3.17.2 Disconnect the target PC from the Internet. A.112.3.17.3 Install
on the target PC the “agent” program module of the “Sputnik” open source
software and launch the SAVZ in the full computer scan mode. Wait for the end of
the check and make sure that there are no security threats or that they exist in
accordance with the operational restrictions on the use of the Sputnik software.
251
A.112.3.19 The verification of countermeasures after installation in the
system to detection by local means of protection is considered successful if
the SAVZ does not detect security threats or if security threats are detected
in accordance with the operational restrictions on the use of the Sputnik
software.
A.112.3.20 Verification of ensuring that general information about the system is
collected and sent to the management server is performed in accordance with clauses
A.112.3.21–A.112.3.23.
A.112.3.21 The check is performed using an infrastructure consisting
of a control workstation and components that imitate: a control server, an
intermediate server and a target PC running Windows OS (version 7 x32 or
version 10 x64), with the corresponding software installed on these
components. SPO Sputnik modules.
252
A.112.3.26 To carry out an audit, the following steps must be
performed:
A.112.3.26.1 Execute a set on the keyboard of the target PC
free text, press navigation keys such as down arrow, left arrow, PageUp, etc.
(the set of keys to be pressed can be prepared in advance, or recorded in
the process of pressing arbitrary keys).
A.112.3.26.2 View the received data on the pressed keys on the control
workstation and compare the list of keys pressed on the target PC with the
list of keys received by the control server.
A.112.3.27 The keystroke collection assurance check is considered
successful if the keystroke list and sequence data received by the control
server matches the keystroke list and sequence on the target PC.
253
A.112.3.30.5 Wait for the file to be loaded, make sure that the file is loaded
into the specified directory of the target PC. Compare the file loaded on the target
PC with the source file and make sure they are identical.
A.112.3.31 Verification of ensuring the collection of information about the file
system and the transfer of specified files to the control center, as well as the transfer
of files from the control center to the file system, is considered successful if:
- the list of directories and files of the target PC is displayed correctly;
- files transferred between the control server and the target PC,
identical;
- the file transferred to the target PC is loaded into the specified
directory operator.
A.112.3.32 Verification of ensuring that screenshots are taken with the
transfer of information to the control center is performed in accordance with
paragraphs
A.112.3.33–A.112.3.35.
A.112.3.33 Verification is performed using an infrastructure consisting
of a control workstation and components that simulate a control server, an
intermediate server and a target PC running Windows OS (version 7 x32 or
version 10 x64), with the corresponding software modules installed on these
components SPO "Sputnik".
254
on the specified components by the corresponding software modules of SPO
"Sputnik".
A.112.3.38 To carry out the test, it is necessary to download the test
module to the target PC, run the function of the installed module with the
specified parameters, check the correctness of the specified function
execution.
A.112.3.39 A test to ensure support for a modular structure that allows
dynamic modification of the functionality of a sample is considered
successful if:
- module core "agent" SPO "Sputnik" allows you to install
additional modules loaded onto the target PC via the Internet;
- module core "agent" SPO "Sputnik" correctly performs the functions
loaded module.
A.112.4 SPO PTT is considered to have passed the tests according to clauses
A.112.3.1-A.112.3.39 of the test program and procedure and fulfill clauses 3.2.8,
3.2.8.13 of the TOR for the R&D MF, if the conditions of clauses A.112.3.2 are met
A.112.3.6, A.112.3.10, A.112.3.14, A.112.3.19, A.112.3.23, A.112.3.27, A.112.3.31,
A.112.3.35, A .112.3.39.
A.113.1 In this methodology, the SPO PTT is checked for compliance with the
requirements of paragraphs 3.2.8, 3.2.8.14 of the TOR for the Amezit-V R&D SC.
A.113.2 In accordance with the requirements of clauses 3.2.8, 3.2.8.14 of
the ToR for the Amezit-V SC R&D, the SPO PTT should provide modeling of
elements and segments of computer networks of an autonomous segment for
testing the functionality of information security tools.
N o t e . Options and functional modeling of information security
possibilities
threats are determined based on the results of preliminary design and are
agreed with the lead contractor.
A.113.3.1 Run VMware ESXi software, make sure all VMs of LAN No. 1
are connected to virtual gateway No. 1 (if there is no connection, connect),
make sure that all VMs of LAN No. 2 are connected to virtual gateway No. 2
(if there is no connection – connect), view and record the IP addresses of
servers No. 1 and No. 2 of the Internet, start (restart) all VMs.
255
A.113.3.2 Log in to one of the LAN No. 1 VMs, launch a command line
window (cmd.exe) on this VM and execute the ipconfig command in it.
A.113.3.3 Make sure that the IP addresses of all PCs included in LAN No. 1
are displayed.
A.113.3.4 Execute the ping [IP address] command, where [IP address] is the IP address of
one of the servers (No. 1 or No. 2) of the Internet.
A.113.3.5 Make sure that the selected VM is connected to LAN No. 1 to
the Internet servers.
A.113.3.6 Log in to one of the VMs of LAN No. 2, launch a command
line window (cmd.exe) on this VM and execute the ipconfig command in it.
A.113.3.7 Make sure that the IP addresses of all PCs included in LAN No. 2
are displayed.
A.113.3.8 Execute the ping [IP address] command, where [IP address] is the IP address of
one of the servers (No. 1 or No. 2) of the Internet.
A.113.3.9 Make sure that the selected VM is connected to LAN No. 2 to
the Internet servers.
A.113.4 SPO PTT is considered to have passed the tests according to clauses
A.113.3.1-A.113.3.9 of the test program and procedure and fulfill clauses 3.2.8, 3.2.8.14 of
the TOR for the R&D MF, if:
- network VMLAN No. 1 form a single network that simulates a local
organization network;
- network VMLAN No. 2 form a single network that simulates a local
network of managing workstations;
A.114.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.1 of the TOR for the Amezit-V R&D SC.
A.114.2 In accordance with the requirements of paragraphs 3.2.9, 3.2.9.1 of the
ToR for the Amezit-V R&D SC, the PCB SSS must ensure the storage of information
collected using the PMS and PKS subsystems with the following deadlines:
256
- for free software for monitoring the Internet and the media:
257
A.114.3.9 In the working area of the "Files" page, select the "pks" directory.
The page will display report files received from the SDN subsystem.
A.114.3.10 At the top of the page in the navigation bar, click on
"Settings". The page with file storage settings opens.
A.114.3.11 Configure data storage parameters by setting the following
fields:
- "Data retention periods":
- "Storage of information from social networks" -1 month;
- "Storage of information from the media" -2 months;
- "File retention periods":
- "Storing metadata about user sessions" -2 weeks;
- "Storing files from a user session" -2 months;
- "Amount of data storage" - minimum16 GB. A.114.3.12 Configure
data storage by setting the flags in the field "Stored information
selection":
- data from social networks;
- files from social networks;
- data from online media and websites;
- files from online media and websites;
- ICP reporting files;
- PCS reporting files. A.114.3.13 Click on
the "Save" button.
A.114.4 The PCB SPO is considered to have passed the tests according to clauses
A.114.3.1-A.114.3.13 of the test program and procedure and fulfill clauses 3.2.9, 3.2.9.1 of
the TOR for R&D SC, if:
- stored publications were displayed on the publications page,
received from PMS, with the specified settings;
- the files page displayed files received from PMS, with
specified settings;
- the files page displays report files received from
PCS, with the specified settings;
- the settings were saved without errors.
A.115.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.2 of the TOR for the Amezit-V R&D SC.
258
A.115.2 In accordance with the requirements of clauses 3.2.9, 3.2.9.2 of the
ToR for the SC R&D "Amezit-V", the PCB SSW must ensure the storage of templates
for processing news information portals.
A.115.3 To check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
A.116.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.3 of the TOR for the Amezit-V R&D SC.
A.116.2 In accordance with the requirements of paragraphs 3.2.9, 3.2.9.3 of the
TOR at the SC R&D "Amezit-V", the SPO PCB should ensure the storage of analytical
reports prepared in the APK "Amezit".
A.116.3 In order to check the PCB STR for compliance with the
requirements, it is necessary to perform the actions described below.
259
A.117 Practice No. 117
A.117.1 This method is used to check PCB SSW for compliance with the
requirements of clauses 3.2.9, 3.2.9.4 of the TOR for the Amezit-V R&D SC.
A.117.2 In accordance with the requirements of paragraphs 3.2.9, 3.2.9.4 of
the TOR for the SC R&D "Amezit-V", the PCB SSS should provide information
structuring.
A.117.3 To check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
where <DBMS host IP address> is the IP address of the DBMS host where the
PostgreSQL DBMS is deployed, and press the Enter key. The IP address of the database node
is specified after installing and configuring the PCB open source software in accordance with
the document RU.VATS.00185-01 32 01 “Special software for the subsystem
260
data storage. System Programmer's Guide. You will be prompted to enter a
password from the root user.
A.117.3.7 Enter the password for the root user (root by default). Press
the "Enter" key. A remote connection to the DBMS node will be made.
where <database name> is the name of the PostgreSQL DBMS, which stores
service information for the operation of the PMS subsystem. The name of the
database is specified after installing and configuring the SPO PCB in accordance with
the document RU.VATS.00185-01 32 01 “Special software for the data storage
subsystem. System Programmer's Guide.
You will be logged into the PostgreSQL DBMS console.
A.117.3.9 In the console enter the command:
\d+ *.*
and press the "Enter" key. All data structures stored in the PostgreSQL
database will be displayed.
A.117.4 PCB SSS is considered to have passed the tests according to clauses
A.117.3.1-A.117.3.9 of the test program and procedure and fulfill clauses 3.2.9, 3.2.9.4 of
the TOR for the R&D MF, if:
- displayed data structures stored in the databaseelasticsearch;
- displayed data structures stored in the databasePostgreSQL.
A.118 Practice No. 118
A.118.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.5 of the TOR for the Amezit-V R&D SC.
A.118.2 In accordance with the requirements of clauses 3.2.9, 3.2.9.5 of the ToR
for the SC R&D "Amezit-V", the PCB SSS should provide data search in information
arrays.
A.118.3 In order to check the PCB STR for compliance with the
requirements, it is necessary to perform the steps described below.
261
- in the "Subjects" field, indicate the topic for which the selected
publications;
- in the "Resource" field, indicate the source of the publication;
- in the "Author" field, indicate the author of the publication;
A.119.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.6 of the TOR for the Amezit-V R&D SC.
A.119.2 In accordance with the requirements of clauses 3.2.9, 3.2.9.6 of
the ToR for the Amezit-V R&D MF, the PCB SSS must provide information to the
operator in graphical form.
A.119.3 To check the compliance of the PCB SSS with the
requirements, it is necessary to perform the actions described below.
262
A.119.3.4 Next to the source, click on the "Templates" icon to go to the
source templates page.
A.119.3.5 At the top of the page, in the navigation bar, click on "Files".
The page with directories in the file storage will open.
A.119.3.6 In the top panel of the page, select the "Settings" tab. A page
with file storage settings will open.
A.119.3.7 At the top of the page in the navigation bar, click on
"Settings". The page with file storage settings opens.
A.119.4 PCB SSS is considered to have passed the tests according to clauses
A.119.3.1-A.119.3.7 of the test program and procedure and fulfill clauses 3.2.9, 3.2.9.6 of
the TOR for the R&D SC, if:
- the publications page is displayed;
- the page of authors of publications was displayed;
- the publication sources page is displayed;
- the publication source templates page is displayed;
- the files page is displayed;
- the settings page is displayed.
A.120 Practice No. 120
A.120.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.7 of the TOR for the Amezit-V R&D SC.
A.120.2 In accordance with the requirements of clauses 3.2.9, 3.2.9.7
of the ToR for the Amezit-V R&D SC, PCB SSS must provide data backup.
A.120.3 In order to check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
A.120.3.4 At the top of the page in the navigation bar, click on "Files".
The page with directories in the file storage will open.
A.120.3.5 Double-click the left mouse button on the "backup"
directory. A page with a list of files - system backups - will open.
A.120.3.6 Perform the data recovery procedure from the latest
backups in accordance with document RU.VATS.00185-01 46 01 “Special
263
data storage subsystem software. Maintenance Manual".
A.120.4 PCB SSS is considered to have passed the tests according to clauses
A.120.3.1-A.120.3.6 of the test program and procedure and fulfill clauses 3.2.9, 3.2.9.7
of the ToR for R&D SC, if:
- backups are successfully created, according to the configured
parameters;
- the backup procedure was successful.
A.121 Practice No. 121
A.121.1 This method is used to check PCB SSW for compliance with the
requirements of paragraphs 3.2.9, 3.2.9.8 of the TOR for the Amezit-V R&D SC.
A.121.2 In accordance with the requirements of clauses 3.2.9, 3.2.9.8 of the ToR
for the Amezit-V R&D MF, the PCB SSS must ensure the storage of video and audio
archives.
A.121.3 In order to check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
264
A.122.3 In order to check the compliance of the PCB SSS with the
requirements, the following steps should be performed.
265
Translated from Russian to English - www.onlinedoctranslator.com
A.122.4 PCB SSS is considered to have passed the tests according to clauses
A.122.3.1-A.122.3.17 of the test program and methodology and fulfill clauses 3.2.9, 3.2.9.9
of the TOR for the R&D SC, if:
when watching a video file or listening to an audio file, the procedure
-
saving the file has not been undone;
saved by the operator1 video or audio file available for
-
viewing or listening to operator 2 and operator 3;
- viewvideo or audio file listening is available
simultaneously for operator 1, operator 2 and operator 3.
266
A.124.2 In accordance with the requirements of paragraphs 3.2.9, 3.2.9.13 of
the ToR on the Amezit-V R&D center in the subsystems of the Amezit APK, processing
of information constituting a state secret is not provided, with the exception of a
separate circuit of the POR subsystem, represented by a separate group servers and
workstations. In the specified circuit, information classified up to and including “top
secret” is processed.
The security of information in this circuit of the ERP subsystem must be
ensured using certified security tools that meet the requirements of the
relevant governing documents.
Providing access to the processed information must be implemented by
using a firewall certified according to the requirements of the 2nd protection
class in accordance with the Order of the FSTEC of Russia dated February 9,
2016 No. 9.
Security role-playing (mandate) demarcations access To
processed information should be implemented at the operating system
level.
Access to the information of the ERP subsystem should be provided taking
into account the category of users and the level of authority granted to each
category.
A.124.3 In order to check the SS of the ROR AP for compliance with the
requirements, it is necessary to perform the actions described below.
A.124.3.1 Make sure that the Kaspersky Anti-Virus software is installed on the
processing workstation.
A.124.3.2 Log in to the Astra Linux SE 1.5 operating system on the AWS of
the POR AP operator under the account of the administrator of the operational
management HSC with access level 2.
A.124.3.3 Log in to the SPO POR AP under the account of the
administrator of the HSC for operational management.
A.124.3.4 Go to the "Administration" section, select the "User
management" item in the menu.
A.124.3.5 Create accounts for users of the following categories: duty
officer, head of the center, operator, administrator of the agro-industrial
complex.
A.124.3.6 In the "Administration" section, select the "Privilege Matrix"
item from the menu, compare the levels of authority granted to each
category of users.
267
A.124.3.7 Log in to the Astra Linux SE 1.5 operating system on the
operator's workstation of the POR AP under the account of the operational
duty operational management with access level 2.
A.124.3.8 Log in to the SPO POR AP under the account of the operational
duty officer of the operational management. Check the current access level in the
SPO POR GS by hovering over the indicator of the current access level displayed in
the upper right corner of the SPO POR GS interface.
A.124.3.9 Go to the AP event planning and control module. A.124.3.10
In the AP event planning and control module, go in turn to the
following sections: "Operations", "Events", "Tasks", "Subtasks" and "Chat".
268
-includes software "Kaspersky Anti-Virus";
- users are assigned access according to the access matrix to
information (constituting a state secret) about current tasks;
- the value "2" indicator of the current access level and
access to sections of the SPO POR GS interface is available when working with access
level 2 and there is no access to sections of the SPO POR GS interface when working with
access levels 0 and 1.
- administrator of the agro-industrial complex access to the processed information,
constituting a state secret is not provided.
A.125 Practice No. 125
A.125.1 In this methodology, the RSS software is checked for compliance with the
requirements of clauses 3.2.10, 3.2.10.1 of the TOR for the Amezit-V R&D SC.
A.125.2 In accordance with the requirements of clauses 3.2.10, 3.2.10.1 of the
TOR for the Amezit-V R&D SC, the ERP SSS must ensure that the closed segment of
the ERP subsystem of the integrated environment in the geographic information
system is displayed on the electronic map of the area with the possibility of
outputting a digital form of the object with graphic and text documents.
A.125.3 In order to check the ERP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.125.3.7 Draw an object from a previously created layer to the map area.
A.125.3.8 Select the added feature on the map. A window will open with
object properties and semantic characteristics. In this window, fill in the "Value"
field:
- to the semantic characteristic "Image" add a link to
image;
269
- to the semantic characteristic "Form" add a link to
document.
A.125.3.9 Save changes made.
A.125.3.10 Reselect the added object on the map. A window will open
with filled semantic characteristics.
A.125.3.11 View object image And attached
text document by selecting the value of the corresponding semantic
characteristic.
A.125.4 SPO ROR is considered to have passed the tests according to clauses
A.125.3.1-A.125.3.11 of the test program and procedure and fulfill clauses 3.2.10, 3.2.10.1
of the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- when the symbol of an object was activated, its form was displayed with
graphic and text documents.
A.126 Practice No. 126
A.126.1 This method is used to check the RSS software for compliance with the
requirements of paragraphs 3.2.10, 3.2.10.2 of the TOR for the Amezit-V R&D SC.
A.126.2 In accordance with the requirements of clauses 3.2.10, 3.2.10.2
of the ToR for the Amezit-V R&D SC, the POR SSW must ensure display and
editing (if you have access rights) on the electronic map of the area of the
geoinformation system of the closed segment of the POR subsystem of the
form (name , location, additional description, etc.) when the symbol of the
object is activated.
A.126.3 In order to check the ERP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
270
A.126.3.6 Open the GIS remote administration program Administrator
(from the GIS Server) on behalf of the administrator. For the selected object,
change the type of protection of the selected data - uncheck the "Editing"
flag.
A.126.3.7 Select edited object. Check the lack of access to editing the
values of the semantic characteristics "Name", "Location", "Additional
description".
A.126.4 SPO ROR is considered to have passed the tests according to clauses
A.126.3.1-A.126.3.7 of the test program and methodology and fulfill clauses 3.2.10,
3.2.10.2 of the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when the symbol of the object was activated, its form was displayed;
when performing paragraphs. A.126.3.5 object form opened with
-
changed values of semantic characteristics;
when performing paragraphs. A.126.3.7 The operator does not have access
to edit the values of the specified semantic characteristics.
A.127 Practice No. 127
A.127.1 This methodology checks the RSS software for compliance with the
requirements of paragraphs 3.2.10, 3.2.10.3 of the TOR for the Amezit-V R&D SC.
A.127.2 In accordance with the requirements of clauses 3.2.10, 3.2.10.3 of the TOR for
the Amezit-V R&D SC, the RSS RSS should provide:
- drawing an integrated situation on an electronic map
terrain in the geoinformation system from the workstation of the operator of the closed segment of
the POR subsystem;
-the ability to manage an electronic map of the area closed
segment of the POR subsystem on the collective display screen using an
additional screen that responds to touch.
N o t e . Under the management of an electronic map are understood
such actions as moving the map, changing the scale and activating symbols
to view the electronic form of the object.
A.127.3 To check the compliance of the ERP SSW with
requirements, follow the steps below.
271
A.127.3.4 Run SS ROR AP. In the AP event planning and control
module, perform the sequence of actions to create a test subtask, add a link
to the map to the subtask.
A.127.3.5 Open the module for visualizing the state and statistics of the
AP, go to the test subtask and display the electronic map of the POR area on
the collective display screen.
A.127.3.6 Move and scale the map using an additional screen that
responds to touch.
A.127.3.7 Select an object on the map (activate the symbol of the
object).
A.127.4 The SPO ROR is considered to have passed the tests according to clauses
A.127.3.1-A.127.3.7 of the test program and procedure and fulfill clauses 3.2.10, 3.2.10.3 of
the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when performing paragraphs. A.127.3.3 application has been carried out
integrated situation on an electronic map of the area;
- when performing p. A.127.3.6 a move has been made and
scaling the map on the shared screen;
when the symbol of an object was activated, its form was displayed.
A.128.3.1 Run the GIS Operator SE on the workstation of the POR AP operator.
A.128.3.2 In the GIS Operator SE open an electronic map of the area. A.128.3.3
Create the "PMI Objects" layer.
A.128.3.4 Add the objects "Object PMI 1" and "Object PMI 2" to the
created layer.
A.128.3.5 Add the object "Object PMI 1" to the map.
A.128.3.6 Save changes on the map and close the GIS Operator SE.
272
A.128.3.7 Repeat paragraphs. A.128.3.1 to A.128.3.2.
A.128.3.8 Add the object "Object PMI 2" to the map.
A.128.3.9 Consistently activate the symbols of the objects "Object PMI
1" and "Object PMI 2".
A.128.4 The SPO ROR is considered to have passed the tests in accordance with clauses
A.128.3.1-A.128.3.9 of the test program and methodology and fulfill clauses 3.2.10, 3.2.10.4 of the
TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- when performing paragraphs. A.128.3.3, А.128.3.8 on the electronic card
areas are displayed "Object PMI 1" and "Object PMI 2";
- when the objects' symbols were activated, their forms were displayed.
A.129 Practice No. 129
A.129.1 This methodology checks the RSS software for compliance with the
requirements of paragraphs 3.2.10, 3.2.10.5 of the TOR for the Amezit-V R&D SC.
A.129.2 In accordance with the requirements of paragraphs 3.2.10, 3.2.10.5 of
the TOR for the Amezit-V R&D SC, the ERP SSS must ensure that the operator applies
graphic information to the electronic map of the area of the closed segment of the
ERP subsystem in the selected layer using a library of conventional symbols.
A.129.3 To check the ERP SSW for compliance with the requirements,
you must perform the steps described below.
A.129.4 SPO ROR is considered to have passed the tests according to clauses
A.129.3.1-A.129.3.7 of the test program and methodology and fulfill clauses 3.2.10,
3.2.10.5 of the TOR for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
273
- when performing paragraphs. A.129.3.3, A.129.3.6 an object has been created with
using the library of symbols;
- when performing paragraphs. A.129.3.5, A.129.3.6 on the electronic card
terrain, only the objects of the “PMI Objects” layer were displayed;
- when performing paragraphs. A.129.3.7 in the symbol library in a layer
"Objects PMI" there is a symbol "Object PMI 3".
A.130 Practice No. 130
A.130.1 This method is used to check the RSS software for compliance with the
requirements of paragraphs 3.2.10, 3.2.10.6 of the TOR for the Amezit-V R&D SC.
A.130.2 In accordance with the requirements of paragraphs 3.2.10, 3.2.10.6 of the
TOR for the SC R&D "Amezit-V", the SPO ROR must ensure the export of the following
types of electronic documents:
- sections of the electronic map with the applied situation in the format
bitmap;
- text data of object forms;
- nested data of card object forms in the archive formatZIP. Import of
files with text data, tables and diagrams is carried out by attaching
files to the object form.
Import forms must be implemented.
A.130.3 In order to check the ERP SSW for compliance with the
requirements, you must perform the steps described below.
274
A.130.3.8 Export the data of the form of the object "PMI Object 1" to
the ZIP format, saving the form in a previously created directory in a file
called "Form 1".
A.130.3.9 Open the "Form 1" file with the built-in software tool for
viewing ZIP files.
A.130.3.10 Import the "Form" file into the "Form Object 1" object's
form.
A.130.3.11 Import the form of the object "Object PMI 1". A.130.3.12 Check
that the connection of the technical means of the open segment to the
technical means of the closed segment of the POR is consistent with the scheme
of the test bench, make sure that there is a unidirectional gateway that excludes
accidental export and transfer of forms from the closed to the open segment of
the POR.
A.130.4 SPO ROR is considered to have passed the tests according to clauses A.130.3.1-
A.130.3.12 of the test program and methodology and fulfill clauses 3.2.10, 3.2.10.6 of the TOR
for the R&D MF, if:
when performing the above steps of this technique
-
there were no error messages;
- atimplementation of paragraphs. A.130.3.4 a review has been performed
exported map area;
- atimplementation of paragraphs. A.130.3.7 was reviewed
exported file with text data;
- atimplementation of paragraphs. A.130.3.9 was reviewed
exported file with object form;
- when performing paragraphs. A.130.3.10 the file was imported into
object form;
- when performing paragraphs. A.130.3.11 the form was imported
object;
- when performing paragraphs. A.130.3.12 compliance was established
connecting the technical means of the open segment to the technical means
of the closed segment of the POR test bench circuit through a unidirectional
gateway.
A.131 Practice No. 131
A.131.1 This method is used to check the RSS software for compliance with the
requirements of clauses 3.2.10, 3.2.10.7 of the TOR for the Amezit-V R&D SC.
A.131.2 In accordance with the requirements of paragraphs 3.2.10, 3.2.10.7 of
the ToR for the Amezit-V R&D MF, the RSS RSS must provide a visual display
275
information displayed in a multi-window mode on information display
means (information windows should be able to freely position and scale on
a shared screen).
276
A.132 Practice No. 132
A.132.1 This methodology checks the RSS software for compliance with the
requirements of clauses 3.2.10, 3.2.10.8 of the TOR for the Amezit-V R&D SC.
A.132.2 In accordance with the requirements of paragraphs 3.2.10, 3.2.10.8
of the ToR for the Amezit-V R&D SC, the SPO ERP should ensure planning and
control of the implementation of measures to limit the information of the local
area.
A.132.3 In order to check the ERP SSW for compliance with the
requirements, it is necessary to perform the actions described below.
A.132.3.1 On the workstation of the operator of the POR AP, start the SPO ROR
AP. A.132.3.2 On the operator’s workstation of the POR AP, enter the SPO of the
POR AP under the account of the operational on-duty operational management,
create the operation “Operation PMI 1”, the event “Action PMI 1”, appoint the
responsible executor of the operational on-duty operational management, take it into
work , create the task "Problem PMI 1 in two segments", appoint the head of the
operational management department as the responsible executor, check the status
of the task. Take the task "Problem PMI 1 AP" to work.
A.132.3.3 Within the framework of the created task "Problem of PMI 1 in two
segments", create a subtask "Subtask of PMI 1 of the AP" and appoint the operational
management operator as the responsible executor.
А.132.3.4 On the workstation of the operator of the POR GS, enter the
SPO of the POR GS under the account of the operator of operational
management, start the subtask "Subtask PMI 1 AP", check the status of the
subtask. Attach to the subtask a text file with a report on the completion of
the subtask "POR PMI Text.txt" and additional analytical materials (image
"POR PMI Image.jpg", audio file "POR PMI Audio.mp3" and video file "POR
PMI Video.avi"), add comments to the subtask.
A.132.3.5 On the ERP OS operator’s workstation, log in to the OS ERP SSS
under the account of the operational on-duty operational management, create
the task “PMI Task 1 for AP” as part of the AP event by entering the task
identifier “PMI Task 1 in two segments” of the closed segment and appoint the
head of the operational management department as the responsible executor.
Take the task to work.
277
A.132.3.6 Within the framework of the created task "Problem of PMI 1 in two
segments", create a subtask "Subtask of PMI 1 for OS" and appoint the operational
management operator as the responsible executor.
A.132.3.7 On the workstation of the POR OS operator, enter the SPO
POR OS under the account of the operational management operator, start
the subtask "Subtask PMI 1 for OS", attach to the subtask a text file with a
report on the completion of the subtask "POR PMI Text. txt" and additional
analytical materials (image "POR PMI Image OS.jpg", audio file "POR PMI
Audio OS.mp3" and video file "POR PMI Video OS.avi"), add comments to the
subtask.
A.132.4 SPO ROR is considered to have passed the tests according to clauses
A.132.3.1-A.132.3.7 of the test program and methodology and fulfill clauses 3.2.10,
3.2.10.8 of the TOR for the R&D MF, if:
- tasks were created in the operating system as part of the events of the closed segment
(AP) from the AP operations, independent of each other;
-when performing the above steps of this technique
there were no error messages;
- in the interface of the module for planning and controlling activities of the AP
created subtasks are displayed;
- in the information exchange module and by e-mail
responsible executors received notifications about changes in the status of
relevant operations, activities, tasks and subtasks;
- positive results of the inspections were obtained;
- an operation containing an activity and a task has been created in the SPO ROR AP, in
SS ERP OS created a copy of the task of the AP in a legend form as part of
the planned AP event;
- the SPO POR GS displays the data of the subtask received from the OS.
278
A.133.3.1 On the workstation of the POR AP operator, enter the SPO of
the ROR AP. In the planning and control module for AP events, open the
subtask "Subtask PMI 1 AP", created earlier.
A.133.3.2 Open in turn the attached files “POR PMI Text.txt”, “POR PMI
Image.jpg”, “POR PMI Audio.mp3”, “POR PMI Video.avi”.
A.133.4 SPO ROR is considered to have passed the tests according to clauses
A.133.3.1-A.133.3.2 of the test program and methodology and fulfill clauses 3.2.10,
3.2.10.9 of the TOR for the R&D MF, if:
-when performing the above steps of this technique
there were no error messages;
- the contents of the files “POR PMI Text.txt",
"POR PMI Image.jpg", "POR PMI Audio.mp3", "POR PMI Video.avi".
279
А.134.3.2 Within the framework of the created task “PMS 1 OS Task”, create the
subtask “PMS 2 OS Subtask” and appoint the operational management operator as
the responsible executor, check the status of the subtask.
A.134.3.3 On the operator's workstation of the OS ERP, enter the SPO
of the ERP OS under the account of the operator of operational
management, start the subtask "Subtask PMI 2 OS", check the status of the
subtask. Attach to the subtask a text file with a report on the completion of
the subtask "POR PMI Text.txt" and additional analytical materials (image
"POR PMI Image.jpg", audio file "POR PMI Audio.mp3" and video file "POR
PMI Video.avi"), add comments to the subtask.
A.134.3.4 During the download of analytical materials, disconnect the
cable from the network interface of the OS application server. On the OS
application server, execute the command to calculate the md5 checksum of
the username of the downloader in the terminal: echo –n “username” |
md5sum. Go to the POR placement directory, then to the uploaddir
directory. Make sure there is a directory with a name that matches the
computed md5 checksum. After the download process is interrupted, you
must restore the network connection by connecting a cable to the network
interface to continue downloading. Wait for the download to finish.
280
A.134.3.9 In the address book, move the cursor over the user name
with the role of the operational duty officer of the regional control center, in
the pop-up menu, click on the "User profile" button. In the window that
opens, click on the link in the "E-mail" field corresponding to the e-mail
address of the operational duty regional control center. In the window that
opens for creating a letter from the Mozilla Thunderbird email client, send a
test message to the operational duty officer of the regional control center
with the attached text file "POR PMI Text.txt".
281
A.134.3.17 In the event planning and control module of the SPO POR
OS, click on the link to download the plug-in for autofilling forms, save and
install the plug-in in accordance with the document RU.VATS.00211-01 32 01
“Special software for the subsystem for processing results and their
visualization on the interactive screen of the open segment. System
Programmer's Guide.
A.134.3.18 Do the following:
A.134.3.18.1 Select the Mail.Ru mail service, set the number of
accounts to 10, click the "Start preparation for registration" button.
A.134.3.18.2 wait until the generation of credentials for 10 mailboxes is
completed.
A.134.3.18.3 Click on the "Save data to file" button. Open file to view
accounts. Close file.
A.134.3.18.4 Select one of the accounts and proceed to registering a
Mail.Ru account. On the registration page, make sure that the required
fields are filled in, and click on the "Register" button. If registration is denied
due to the username being the same as an already registered user, retry
registration for another account.
A.134.4 SPO ROR is considered to have passed the tests according to clauses A.134.3.1-
A.134.3.23 of the test program and methodology and fulfill clauses 3.2.10, 3.3.11 of the TOR
for the R&D MF, if:
282
when performing the above steps of this technique
-
there were no error messages;
- when the network connection was restored, the boot process was
resumed automatically;
- message sentwith attached file from the operator's workstation
OS POR to the OS application server and back via e-mail;
- there were no error messages, in the information module
test messages were received by the operators of the control center and the
regional control center, the file "POR PMI Text.txt" was received by the
operator of the control center from the operator of the regional control
center;
- accounts for preparation were generated in the open source software interface10
mailboxes for the mail services Yandex, Mail.Ru, Gmail, the accounts were
uploaded to a file, when going to the registration page of the SPO POR
mailbox, the registration fields were auto-filled, the mailbox under the created
account was successfully logged in, the message “test” was received from the
created mailbox of the Mail.Ru mail service, the “test” message was
successfully deleted on the mailboxes of the Gmail and Yandex services;
- the presence of a communication organization scheme;
- POR OS web interface was opened from AWP PPD and a request was received for
entering login and password.
283
A.135.3.2 On the OS POR operator's workstation, open the "OS Linguistic
Support Subsystem" in the left field, enter the text to translate "hello test one
two three". In the right window, as you enter text, the translation is displayed.
A.135.3.3 To view the format of transmitted data, click the link "Data
from the server".
A.135.4 A check is considered successful if:
- when performing the above steps of this technique
there were no error messages;
- when performing paragraphs. A.135.3.2 received the text of the translation;
284
-in the event management system of IB "Komrad" was displayed
a diagram of events in near real time.
A.137 Practice No. 137
A.137.1 This method is used to check the RSS software for compliance with the
requirements of paragraphs 9.8, 9.9 of the TOR for the Amezit-V R&D SC.
A.137.2 In accordance with the requirements of clauses 9.8, 9.9 of the ToR for
the Amezit-V R&D MC, the ERP SSW should provide the functions of inventorying
resources and monitoring changes in the Amezit HSC infrastructure.
A.137.3 In order to check the ERP SSW for compliance with the
requirements, you must perform the steps described below.
285
information security events coming from the controlled subsystems of the
APK "Amezit".
A.138.3 To check the compliance of the ERP SSW with the
requirements, it is necessary to perform the actions described below.
А.139.4 Create a correlation directive with the name “Test Directive” on the
workstation of the OS ERP operator for three authorization attempts with an
incorrect password within 30 seconds, received from one source.
A.139.5 On the POR OS operator's workstation in the terminal, execute the
command to connect via SSH to the controlled workstation and enter the wrong
password for the root user three times.
A.139.6 Wait for the incident notification to appear.
A.139.7 On the "Correlation" page in the "Incidents" section, find an
incident with the name "Test Directive" and view the incident card.
286
A.139.8 SPO ROR is considered to have passed the tests in accordance with clauses
A.139.4-A.139.7 of the test program and methodology and fulfill clause 9.11 of the TOR for
the R&D MF, if:
- when performing the above steps of this technique
there were no error messages;
- there were notifications about a new information incident
security;
- the incident record is recorded on the "Correlation" page in
section "Incidents";
- the incident card contains the directive name "Test directive" and
records of three authorization events with incorrect password.
287
SVT) to the impact of mechanical and climatic factors are confirmed by their
specifications and other accompanying documentation.
A.141.3.1 Perform installation, configuration and verification of the open source software included
in the Amezit-V open source software in accordance with the documents:
-RU.VATS.00177-01 32 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission
network. System Programmer's Guide";
-RU.VATS.00178-01 32 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. System Programmer's Guide";
-RU.VATS.00179-01 32 01 "Special software
subsystems for monitoring the Internet and the media. System
Programmer's Guide";
-RU.VATS.00180-01 32 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. System Programmer's Guide";
-RU.VATS.00180-01 32 02 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. Stand for control of information and technical
objects of life support systems No. 1. System programmer's guide”;
288
-RU.VATS.00182-01 32 01 "Special software
data relay subsystems using intermediate servers. System Programmer's
Guide";
-RU.VATS.00183 -01 32 01 "Special software
subsystems for the preparation, placement and "promotion" of special
materials. System Programmer's Guide";
-RU.BATC.00184-01 32 01 "Special software
subsystems for testing telecommunication equipment. System
Programmer's Guide";
-RU.VATS.00185-01 32 01 "Special software
storage subsystems. System Programmer's Guide";
-RU.VATS.00186-01 32 01 "Special software
subsystems for processing results and visualizing them on an interactive
screen. System Programmer's Guide.
A.141.3.2 Verify that there is no loss of configuration information due
to failures and failures of the hardware platform within a given period of
time.
A.141.4 SPO "Amezit-V" is considered to have passed the tests
according to clause A.141.3.1-A.141.3.2 of the test program and
methodology and fulfill clause 3.5.1 of the TOR for the R&D MF, if it is
ensured that the loss of configuration information due to failures and
hardware platform failures.
A.142 Practice No. 142
A.142.1 In this methodology, the Amezit-V open source software is checked for compliance with
the requirements of paragraphs 3.6, 3.6.1-3.6.2 of the TOR for the Amezit-V R&D center.
A.142.2 During the audit, the composition of the roles of users of the Amezit-V
software is evaluated, the distribution of functions between them, as well as the
completeness and quality of the ergonomic support program are evaluated.
A.142.2.1 Verification is performed by comparing the composition of
users of the Amezit-V software and the distribution of functions between them,
described in the operational documentation (user manual, operator's manual,
system programmer's manual) with the functions available to users in the
interface, as well as assessing the completeness and the quality of the
ergonomics program.
A.142.3 SPO "Amezit-V" is considered to have passed the tests according to clause
A.142.2.1 of the test program and procedure and fulfill clauses 3.6, 3.6.1-3.6.2 of the TOR
for the R&D MF, if:
289
- the ergonomics program is drawn up in accordance with
requirements of GOST RV 29.00-002-2005;
- the composition of the roles of users of the Amezit-V open source software, described in
290
objects of life support systems No. 2. Maintenance manual”;
291
TK for MF R&D, if the operational characteristics, safety regulations, illegal
measures presented in the operating manual of the APK "Amezit" comply
with the rules for operation, safety and fire prevention measures described
in the documents: GOST RV 20.39.107-98, GOST 12.2 .007.0, GOST 12.4.124,
GOST 12.1.018, GOST 12.1.038, GOST RV 20.39.309-98.
292
A.145.4 SPO "Amezit-V" is considered to have passed the tests
according to clauses A.145.3.1-A.145.3.4 of the test program and procedure
and fulfill clauses 3.10, 3.11, 9.3.1, 9.3.4, 9.3.5, 10 TK for MF R&D, if the
results obtained (checks of paragraphs A.145.3.1-A.145.3.4 of the program
and test methods) fully comply with the requirements.
A.146 Practice No. 146
A.146.1 In this methodology, the Amezit-V SPO is checked for compliance with the
requirements of paragraphs 3.12, 3.12.1-3.12.4 of the TOR for the Amezit-V R&D SC.
293
-RU.BATC.00184-01 92 01 "Special software
subsystems for testing telecommunication equipment. User guide";
294
-RU.VATS.00186-01 34 01 "Special software
subsystems for processing results and visualizing them on an interactive
screen. Operator's Manual".
A.146.3.4 Make sure that the Amezit-V open source software is
standardized and unified and has the following quality indicators - Amezit open
source software is launched through a browser, is built using thin client
technology (client-server architecture), screen forms of the interface have a
single presentation style .
A.146.4 SPO "Amezit-V" is considered to have passed the tests according to
clauses A.146.3.1-A.146.3.4 of the test program and methodology and fulfill clauses
3.12, 3.12.1-3.12.4 of the TOR for the R&D MF, if:
- standardization and unification of forms of documents circulating in
the product is provided by improving the forms and reducing the variety of
documents of the same functional purpose;
- the requirements for standardization and unification are met, the procedure
tasks and composition in accordance with GOST B 15.207, GOST B 20.39.105;
- the materials of the technical project reflect information about
existing analogues of the developed product;
- Open source software ensures the use of developed and promising
solutions for the systematic modernization of the complex and the creation of
various modifications. This ensures maximum unification of the samples.
295
- the marking applied to the packaging meets the requirements
GOST RV 20.39.309-98;
- the marking is stable, mechanically strong, does not erase, does not
is washed off with liquids used during operation;
- packaging conservation meets the requirements of GOST9.014-78,
GOST RV 20.39.309-98.
A.148 Practice No. 148
A.148.1 In this methodology, the Amezit-V open source software is checked for compliance with
the requirements of paragraphs 4.1-4.3 of the ToR for the Amezit-V R&D SC.
A.148.2 During the audit, the technical and economic requirements for
the Amezit-V software are evaluated.
A.148.3 The following indicators are evaluated:
- calculation of the contract price of the SC R&D "Amezit-
- V"; scope of work performed;
- results of the feasibility study of the created open source software.
A.148.4 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
296
procurement of goods, works, services under the state defense order” (as amended
by Decree of the Government of the Russian Federation dated 04.09.2015 No. 941);
- Order of the Ministry of Industry and Energy of Russia datedAugust 23, 2006 No. 200 "On
approval of the Procedure for determining the composition of costs for the production of
defense products supplied under the state defense order” (as amended by the Order of the
Ministry of Industry and Energy of Russia dated 07.11.2013 No. 1773);
- other applicable legislative and regulatory legal acts
Russian Federation.
A.148.7 Make sure that the initial data in determining the contract price of
the R&D MC were: TOR for the MC R&D, labor intensity of the MC R&D in
accordance with the TOR for the MC R&D "Amezit-V", execution sheet, economic
indicators for R&D, established for 2016. and coordinated by 474 military
representation of the Ministry of Defense of the Russian Federation.
A.148.8 Make sure that the contract price of the SC KOR "Amezit-V" is
270,000,000.00 (Two hundred and seventy million) rubles. 00 kop.
A.148.9 Check the content of the final report on the R&D MF, make sure that
the feasibility studies for the creation of an open source software are determined by
the following indicators:
- estimated cost, duration of training
and development of serial production;
- Estimated price of open source software in mass production;
- cost of life cycle stages, including marginal
the cost of production of open source software, the marginal average annual
cost of operating products and maintaining it during storage;
- limitthe complexity of manufacturing SPO V serial
production.
A.148.10 Amezit-V SPO is considered to have passed the tests in accordance with
clause A.148.5-A.148.9 of the test program and methodology and fulfill clauses 4.1-4.3 of the
TOR for the R&D MF, if the calculation of the contract price for the Amezit-V R&D MF, the
volume of the work performed, the results of the feasibility study of the created open source
software comply with the requirements stated in paragraphs 4.1-4.3 of the TOR for the
Amezit-V R&D center.
297
A.149.2 According to clause 5.3.1 of the TOR for the Amezit-V R&D SC, the diagnostic
support of the product must be carried out in accordance with GOST 26656, GOST 27518 and
other applicable scientific and technical documentation.
A.149.3 According to the requirements of clause 5.3.2 of the TOR for the
Amezit-V R&D SC At the preliminary design stage, the following requirements for
diagnostic support are specified and agreed with the lead contractor:
- quantitativevalues of technical
diagnosing; fitness requirements To technical
diagnostics (testability) of the sample;
- requirements for the nomenclature of diagnosed (controlled)
parameters and their characteristics;
- requirements for the means of technical diagnostics (control
technical condition);
- requirements for methods and rules of technical diagnostics
(control of technical condition);
- conditional probabilities of undetected and false failures
(faults) in the product with the accuracy to which the location of the failure
(fault) is determined;
- conditional probability of erroneous prediction of safe
operation;
- frequency and duration of technical diagnostics
(control of technical condition);
- depth troubleshooting And completeness technical
diagnostics (technical condition control).
A.149.4 According to the requirements of paragraph 5.3.3 of the ToR for
the Amezit-V R&D SC, the substantiation of the requirements for diagnostic
support, indicators of technical diagnostics, as well as restrictions on these
indicators should be carried out based on the achievement of the maximum
possible efficiency of the product.
A.149.5 According to clause 5.3.4 of the ToR for the Amezit-V R&D SC,
to ensure operational control and troubleshooting, the product under
development should provide for software methods for detecting and
localizing faults in the software of subsystems.
A.149.6 To verify the requirements of paragraphs 5.3.1-5.3.3 of the ToR on the
SC R&D, it is necessary to open the agreed requirements for the diagnostic support of
the Amezit-V software (ref. 120/5140s FSUE "RNIIRS" dated 10/25/2017). Make sure
that:
298
- diagnostic software for open source software "Amezit" was developed in
in accordance with GOST 26656, GOST 27518 and other applicable NTD;
- the following indicators are defined:
- quantitative values indicators technical
diagnosing; requirements fitness To
technical diagnostics of the (traceability)
sample;
- requirements To nomenclature diagnosed
(controlled) parameters and their characteristics;
- requirements for technical diagnostic tools (control of
technical condition); requirements for methods and
- diagnostics (technical condition monitoring);
rules technical
299
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
D:\first.rar,testModule,cf4de6a10e4d1c6506be3867e608810c D:
\first.rar,testModule2,cf4de6a10e4d1c6506be3867e6088101. A.149.7.3
Make sure that the Amezit-V SSS checksum corresponds to the
checksum declared in the operating documentation for the Amezit-V SSS.
300
- the following indicators are defined: quantitative values of
- diagnostic indicators; requirements for suitability for
technical
technical diagnostics (traceability) of the sample; To
301
-RU.VATS.00177-01 13 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission network.
Program description";
-RU.BATC.00178-01 13 01 Special software
subsystems for monitoring messages of an autonomous segment of the data transmission
network. Program description";
-RU.BATC.00179-01 13 01 "Special software
subsystems for monitoring the Internet and the media. Program description";
-RU.VATS.00180-01 13 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. Program description";
-RU.VATS.00181-01 13 01 "Special software
subsystems of primary information analysis. Program description";
-RU.VATS.00182-01 13 01 "Special software
data relay subsystems using intermediate servers. Program description";
302
- models and algorithms are developed with maximum use
proven standard models, methods and algorithms.
A.150.2 To check the Amezit-V software for compliance with the
requirements of paragraphs 5.4.2.1, 5.4.2.4-5.4.3.2, you must perform the
actions described below.
A.150.2.1 Install, configure and launch the Amezit-V software in
accordance with the operational documents:
-RU.VATS.00177-01 32 01 "Special software
subsystems for the formation of an autonomous segment of the data transmission
network. System Programmer's Guide";
-RU.BATC.00178-01 32 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. System Programmer's Guide";
-RU.BATC.00179-01 32 01 "Special software
subsystems for monitoring the Internet and the media. System
Programmer's Guide";
-RU.VATS.00180-01 32 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. System Programmer's Guide";
-RU.VATS.00181-01 32 01 "Special software
subsystems of primary information analysis. System Programmer's Guide";
303
A.150.2.2 In the user interface, perform the necessary operations in
accordance with the operational documents:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
304
various hardware, information security control, display of information and
ensuring the functioning of distributed databases, regardless of what
computer technology they work on;
305
- SPO provides processing of information documents on
supported Unicode languages. This takes into account the morphology for
documents in Russian and English.
A.150.3 To check the Amezit-V software for compliance with the
requirements of paragraph 5.4.3.3, you must perform the steps described below.
A.150.3.1 Launch the PMS open source software in accordance with
the document RU.BATC.00179-01 32 01 “Special software for the Internet
and media monitoring subsystem. System Programmer's Guide.
A.150.3.2 Start ElasticSearch and run the following command in the
console:
GET amesyte/post/_search
{
"query": {
match: {
"post_text": "ISIS Syria"
}
},
size: 100
}
A.150.3.3 Verify that the command finds all posts containing the word
"Syria" or "ISIL".
A.150.3.4 Start ElasticSearch and run the following command in the
console:
GET amesyte/author/_search {
"query": {
match: {
"name_analyzed": "Vladimir"
}
}
}
A.150.3.5 Verify that the command results in finding all authors whose
full name is "Vladimir".
A.150.3.6 Start ElasticSearch and run the following command in the
console:
GET amesyte/post/_search {
size: 0
"aggs": {
hosts: {
terms: {
"field": "url_host",
size: 10
}
}
}
}
306
A.150.3.7 Verify that What V result fulfillment teams
all sources in which publications were collected were displayed, indicating
the number of posts for each source.
A.150.3.8 Start ElasticSearch and run the following command in the
console:
GET amesyte/post/_search {
"query": {
"query_string": {
"default_field": "post_text", "query": "+(Syria al-
Nusra) -(USA)"
}
}
}
"query": {
bool: {
"must": [
{
term: {
"rco_objects.original.keyword": {
"value": "ERDOGAN"
}
}
}
]
}
},
"aggs": {
"objects": {
terms: {
"field": "rco_objects.original.keyword"
}
}
}
}
What V result
A.150.3.11 Make sure fulfillment teams
all objects in whose publications the person "ERDOGAN" was found by the
semantic analyzer were displayed (case insensitive).
A.150.3.12 Start PostgreSQL (web interface database) and run the following
command in the console:
307
select * from login_user
A.150.3.15 Make sure that as a result of the command execution, a list of all
topics of all users of the SPO PMS subsystem is displayed.
A.150.3.16Start PostgreSQL (web interface database) and run the following
command in the console:
select * from notifications where viewed=false
308
- a list of all users of the subsystem was displayed; a list of all topics
- of all users was displayed; a list of all unviewed notifications of all
-
users;
- a list of all collector sources was displayed;
- a list of all collector data sampling templates for
each of the sources.
A.151 Practice No. 151
A.151.1 In this methodology, the Amezit-V open source software is checked for compliance
with the requirements of clauses 8, 8.1-8.7 of the TOR for the Amezit-V R&D SC.
A.151.2 During the audit, the composition of the training equipment of the SPO
"Amezit-V" is evaluated.
A.151.3 Verification is performed by comparing the composition of the
submitted sketches of training aids with the approved list of training aids.
The completeness and quality of educational and training aids are also
evaluated in accordance with the approved sketches (ref. 120/292-9578
FSUE "RNIIRS" dated October 24, 2017).
A.151.4 SPO "Amezit-V" is considered to have passed the tests according to clause
A.151.3 of the test program and methodology and fulfill clauses 8, 8.1-8.7 of the TOR for the
R&D midrange, if:
- training aids developed in the SC ROC include
in your composition:
- the list and sketches of educational and technical means are developed in
in accordance with the requirements of GOST 2.605-68, agreed with the main
contractor within the time specified in GOST RV 2.902-2005;
309
- the composition and content of educational and technical means are sufficient for
study of the design, principle of operation, methods of use and
maintenance of the product;
- Training of the Consumer's personnel was carried out (as agreed) according to
device and operating rules of SPO "Amezit-V" at the stage of preliminary
tests.
A.152 Practice No. 152
A.152.1 In this methodology, the Amezit-V open source software is checked for compliance
with the requirements of clauses 9, 9.2 of the TOR for the Amezit-V R&D SC.
A.152.2 The patent research report is checked for compliance with
GOST 15.011-96 “System for developing and putting products into
production. Patent research. Content and procedure.
A.152.3 Open a report on patent research and compare the contents
of the report with the requirements of GOST 15.011-96 “System for the
development and production of products. Patent research. Content and
procedure.
A.152.4 SPO "Amezit-V" is considered to have passed the tests according
to clause A.152.3 of the program and test methods and fulfill clauses 9, 9.2 of
the TOR for the SC R & D, if the submitted patent research report is developed
in accordance with GOST 15.011-96 "Development system and putting products
into production. Patent Research. Content and procedure” contains:
- title page;
- list of performers;
- content;
- abstract;
- list of abbreviations, symbols; general data
- about the object of study; the main part
- (analytical);
- conclusion;
- applications:
- task to conduct patent research; search
- regulations;
- search report.
310
A.153 Practice No. 153
A.153.1 In this methodology, the Amezit-V SPO is checked for compliance
9.7
with the requirements of clauses 9, TOR for the Amezit-V R&D SC.
A.153.2 To carry out the check, hardware is required that is part of the
Amezit HSC.
A.153.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
311
A.153.4 Check the SSW POT in accordance with the document
RU.VATS.00180-01 51 01 “Special software for the analysis subsystem of
information and technical objects of telecommunication systems. Program
and test methods”.
A.153.4.1 Scan open source software "Amezit-V" for vulnerabilities
using open source software in accordance with document RU.VATS.00180
-01 92 01 "Special software for the analysis subsystem of information and
technical objects of telecommunication systems. User guide".
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
312
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
313
- Missing error messages.
A.154.4 Amezit-V software is considered to have passed the tests according to
clauses A.154.3.1-A.154.3.5 of the test program and methodology and fulfill clauses 9,
9.8 of the TOR for the R&D SC, if the inventory of resources of the Amezit HSC is
ensured.
314
- Missing error messages.
A.155.4 Amezit-V software is considered to have passed the tests in accordance
with clauses A.155.3.1-A.155.3.6 of the test program and methodology and fulfill clauses
9, 9.9 of the ToR for the R&D MF, if monitoring of changes in the infrastructure of the
Amezit APK is provided .
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
315
-RU.BATC.00184-01 92 01 "Special software
subsystems for testing telecommunication equipment. User guide";
316
A.157.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
317
- names of modules, classes, generated data, etc. Not
disclose nationality, information about the developer and the Customer.
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
318
-RU.VATS.00186-01 92 01 "Special software
subsystems for processing results and visualizing them on an interactive
screen. User guide".
A.159.3.2 Perform tests of the PPA SSS in accordance with the
document RU.VATS.00181-01 51 01 “Special software for the subsystem of
primary information analysis. Program and test methods”.
A.159.3.3 Configure the module “Monitoring of the SPO POR
infrastructure” in accordance with the document RU.VATS.00181-01 32 01
“Special software for the subsystem of primary information analysis. System
Programmer's Guide.
A.159.3.4 Connect the "Scat traffic analyzer" device, which is part of the
PPA, to the data transmission channel. Connect in accordance with the
document RU.VATS.00181-01 34 01 “Special software for the subsystem of
primary information analysis. Operator's Manual".
A.159.3.6 Repeat the analysis for each data link. A.159.3.7 Verify
that, when performing checks:
- As a result of the analysis of the STR, the PPA did not issue any messages about
traffic anomalies and the possibility of protocol compromise;
- when performing the above actions of this technique
there were no error messages.
A.159.4 Amezit-V SSS is considered to have passed the tests in accordance
with clauses A.159.3.1-A.159.3.7 of the test program and methodology and fulfill
clauses 9, 9.15 of the TOR for the R&D MF, if Amezit-V SSS transmits data about its
current state using protocols that are resistant to detection and compromise.
319
A.160.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
320
software for the results processing subsystem and their visualization on an
interactive screen. System Programmer's Guide.
A.160.3.4 Connect the “Scat traffic analyzer” device, which is part of the
PPA subsystem, to the data transmission channel in accordance with the
document RU.VATS.00186-01 34 01 “Special software for the subsystem for
processing results and visualizing them on an interactive screen. Operator's
Manual".
A.160.3.5 Perform a MiTM attack on the data transmission channel
according to the document RU.VATS.00186-01 92 01 “Special software for
the subsystem for processing results and visualizing them on an interactive
screen. User guide".
A.160.3.6 Repeat the analysis for each data link. A.160.3.7 Verify
that, when performing checks:
- none of the MiTM attacks carried out by PPA open source software were
- successful; there were no error messages.
A.160.4 The Amezit-V software system is considered to have passed the tests
according to paragraphs A.160.3.1-A.160.3.7 of the test program and methodology and fulfill
clauses 9, 9.16 of the TOR for the R&D midrange, if the Amezit-V software system is organized
information exchange provides protection against MiTM attacks.
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
321
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
322
A.162.2 To carry out the check, the hardware that is part of the Amezit
HSC is required.
A.162.3 To check the Amezit-V software for compliance with the
requirements, you must perform the steps described below.
operational documentation:
-RU.VATS.00177-01 92 01 "Special software
subsystems for the formation of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00178-01 92 01 "Special software
subsystems for monitoring messages of an autonomous segment of the data
transmission network. User guide";
-RU.BATC.00179-01 92 01 "Special software
subsystems for monitoring the Internet and the media. User guide";
-RU.VATS.00180-01 92 01 "Special software
subsystems for the analysis of information and technical objects of
telecommunication systems. User guide";
-RU.VATS.00181-01 92 01 "Special software
subsystems of primary information analysis. User guide";
-RU.VATS.00182-01 92 01 "Special software
data relay subsystems using intermediate servers. User guide";
323
A.162.3.4 Repeat the analysis for each data link. A.162.3.5 Verify
that, when performing checks:
- was blocked from logging in to an arbitrary address on the network
Internet from open source workstations of PKS, PMS, PCB, PTT subsystems;
- logging in to an arbitrary address on the Internet from working
places of the SPO of the RRP and RRP subsystems was interrupted by a message about the
danger of the actions taken;
- Missing error messages.
A.162.3.6 Amezit-V SPO is considered to have passed the tests in accordance
with clause A.162.3.1-A.162.3.5 of the test program and methodology and fulfills
clauses 9, 9.18 of the TOR for the R&D midrange, if Amezit-V SPO excludes the
possibility of using the functionality of the complex by the operator for personal
purposes.
A.163 Practice No. 163
A.163.1 In this methodology, the Amezit-V SPO is checked for compliance with the
requirements of paragraphs 13.1-13.5.1, 13.7-13.10, 13.14-13.16 of the TOR for the
Amezit-V R&D SC.
A.163.2 During the audit, the procedure for the implementation and acceptance of the stages of the
Amezit-V SSS is evaluated.
A.163.3 Verification of compliance with the analysis of the submitted reporting
documentation.
A.163.4 SPO "Amezit-V" is considered to have passed the tests according to
clause A.163.3 of the test program and methodology and fulfill clauses 13.1-13.5.1,
13.7-13.10, 13.14-13.16 of the TOR for the R&D MF, if:
- the procedure for the implementation and acceptance of the stages of the SC R & D was carried out in
324
325
Annex B
General scheme for connecting hardware SPO "Amezit-V"
326
Hardware connection diagrams SPO POT, PAS, PPA,
PCS
327
Figure 3 - Scheme of the test bench SPO PAS
328
Figure 5 - Scheme of the test bench SPO PPA
The composition of the SPO POT test bench is shown in the table below.
Authentic
Services and
No. Name Purpose OS IP address ation
utilities
information
Scanner
Kali vulnerabilities
linux POT, ssh,
Operator workstation ssh{root:O90
1 ARM POT 2.0 generator 10.0.6.57
SWEAT 52p}
(2018.1) traffic
x64 APCS
trafficGenerator
2 APK emulator ssh{root:Kn2
APK SKAT CentOS ftp, ssh, apache 018eeDeep}
10.0.6.167
SKAT "Generator 6x64 2, php ftp{ftpu:Pass
traffic" Wd6231}
3 DD-WRT emulator
switching
http{admin:a
th
CentOS ssh, apache dmin}
equipment 10.0.6.207
6x32 2, dhcp server ssh{root:ad-
(services
min}
administrators
ania)
4 brute force emulator CentOS ssh, bfd 10.0.6.31 ssh{root:Gw
329
detector systems
detection
invasions
(system
detection
attempts 7x64 1547!}
enumeration
passwords to
services
administrators
ania)
5 APCS emulator
Windows rdp{admin:A
Server components WinCC 10.0.6.168
7x32 sutP}
APCS
6 APCS Simulator
ARM emulator
Client Windows processes rdp{admin:A
operator 10.0.6.215
10x32 sutP}
APCS
process control system, step7,
OPC
7 GNS emulator
network Debian 8 ssh{root:Gw
ssh, gns 10.0.6.204
infrastructures x64 1547}
s
8 DVL Node emulator
linux c
set
DVL 1.5 ssh{root:toor
vulnerabilities ssh 10.0.6.148
x64 }
(damn
Vulnerable
linux)
330
Translated from Russian to English - www.onlinedoctranslator.com
Switch
GSM modem SPO DRP Management Server
SPO DRP
331
Annex E
List of abbreviations
332
Approval sheet
by customer: from the Artist:
333