General information about Server Protection service

Last update: May 05 2025

General information about Server Protection service

The Server Protection service provides software and hardware-software tools that are designed to protect information on the server. The tools are installed on the server or connected to it.

You should use server protection tools if your system has higher requirements for the level of information protection. Such requirements are set:

• to protect government systems (GIS up to and including K1);
• personal data protection (ISPDN up to and including UZ-1);
• fulfillment of the requirements of FSTEC Orders No. 17 and No. 21;
• compliance with international information system standards.

Depending on the specifics of your infrastructure and the list of requirements you need to fulfill, you can order:

• Kaspersky Endpoint Security — A comprehensive solution to protect against threats;
• Secret Net LSP — unauthorized access tool for Linux;
• Secret Net Studio — unauthorized access protection for Windows operating systems;
• Dallas Lock trusted boot tool — trusted boot tool for dedicated servers in the Attested data center segment (A-DC).

You can see the features of each product and select the right one using the tables below Brief description of information protection tools and Implementation of security measures with the help of provided server information protection tools.

For additional infrastructure protection, you can configure cloud firewall, basic firewall and connect a hardware or virtual machine. firewall.

Description of information protection means⁠

	Kaspersky Endpoint Security	Secret Net LSP	Secret Net Studio	Dallas Lock SDZ
What it's used for	Protect virtual and physical servers from various threats, network and fraudulent attacks, protect virtualization environment and service virtual machines	Protection of Linux OS of virtual and physical servers from unauthorized access	Protection of Windows OS virtual and physical servers from unauthorized access, antivirus	Blocking unauthorized OS boot attempts and OS authentication
Type of protective equipment	Software	Software	Software	Hardware and software module for installation in a dedicated server
What services can be connected to	All Selectel products	All Selectel products	All Selectel products	Dedicated servers hosted in A data centers

Implementation of security measures with the help of provided server information protection tools⁠

	Content of information security measures	Realize in the client's area of responsibility
IAF.1.	Identification and authentication of users who are employees of the operator	Dallas Lock SDZ (before the operating system (hereinafter referred to as "OS") starts booting) Secret Net Studio, Secret Net LSP (in OS)
IAF.2.	Identification and authentication of devices, including fixed, mobile and portable devices	Secret Net Studio, Secret Net LSP
IAF.3.	Identifier management, including creation, assignment, destruction of identifiers	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
IAF.4.	Management of authentication means, including storage, issuance, initialization, blocking of authentication means and taking measures in case of loss and/or compromise of authentication means	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
IAF.5.	Protecting feedback when authentication information is entered	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
IAF.7.	Identification and authentication of file system objects, running and executable modules, database management system objects, objects created by application and special software, and other access objects	Secret Net Studio (in OS)
UPD.1.	Management (creation, activation, blocking and destruction) of user accounts, including external users	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
UPD.2.	Implementation of the necessary methods (discretionary, mandate, role or other method), types (read, write, execute or other type) and rules for access differentiation	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
UPD.3.	Management (filtering, routing, connection control, unidirectional transmission and other control methods) of information flows between devices, segments of the information system, as well as between information systems	Secret Net Studio, Secret Net LSP (local DOE)
UPD.4.	Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
UPD.6.	Limitation of unsuccessful attempts to enter the information system (access to the information system)	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
UPD.10.	Blocking the access session to the information system after the set time of inactivity or upon the user's request	Secret Net Studio, Secret Net LSP
UPD.11.	Allow (prohibit) user actions allowed before identification and authentication	Secret Net Studio, Secret Net LSP
UPD.17.	Ensuring trusted booting of computing equipment	Dallas Lock SDZ
OPS.1	Managing the launch (invocations) of software components, including defining the components to be launched, configuring component launch parameters, controlling the launch of software components	Secret Net Studio, Secret Net LSP
ZNI.1.	Accounting for machine-readable data carriers	Secret Net Studio, Secret Net LSP
ZNI.5.	Control over the use of information input (output) interfaces to machine data carriers	Secret Net Studio, Secret Net LSP
ZNI.8.	Destruction (erasure) of information on machine media during their transfer between users, to third-party organizations for repair or disposal, as well as destruction (erasure) control	Secret Net Studio, Secret Net LSP
RSB.1	Determination of security events to be recorded and their retention periods	Secret Net Studio, Secret Net LSP
RSB.2	Determination of the composition and content of information on security events to be recorded	Secret Net Studio, Secret Net LSP
RSB.3	Collecting, recording and storing security event information for a specified retention time	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS) Kaspersky Endpoint Security
RSB.4	Responding to security event logging failures, including hardware and software errors, failures in information acquisition mechanisms, and reaching memory limit or overflow (capacity) limits	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
RSB.5	Monitoring (viewing, analyzing) the results of security event registration and responding to them	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
RSB.7	Protecting security event information	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
AVZ.1.	Implementation of anti-virus protection	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
AVZ.2.	Updating the database of signs of malicious computer programs (viruses)	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
PSB.1	Intrusion detection	Secret Net Studio (local PSB)
PSB.2	Updating the base of decisive rules	Secret Net Studio (local PSB)
ANZ.3.	Control of operability, configuration parameters and correct functioning of software and information protection means	Secret Net Studio, Secret Net LSP
ANZ.4	Control over the composition of technical means, software and information protection means	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
ANZ.5	Control of rules of generation and change of user passwords, creation and deletion of user accounts, implementation of access differentiation rules, user authorizations in the information system	Secret Net Studio, Secret Net LSP
OCL.1.	Software integrity control, including software of information protection tools	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
DCL.6.	Restriction of users' rights to enter information into the information system	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
HEA.9.	Implementation and management of antivirus protection in virtual infrastructure	Secret Net Studio (AVZ module) Kaspersky Endpoint Security
VMS.1	Separation in the information system of the functions of management (administration) of the information system, management (administration) of the information protection system, information processing functions and other functions of the information system	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
VMS.15.	Protection of archive files, settings of information protection tools and software, and other data that cannot be changed in the course of information processing	Dallas Lock SDZ (before OS boot) Secret Net Studio, Secret Net LSP (in OS)
VMS.17.	Partitioning the information system into segments (information system segmentation) and ensuring protection of perimeters of information system segments	Secret Net Studio, Secret Net LSP (local DOE)
VMS.21.	Exclusion of user access to information resulting from the actions of the previous user through registers, RAM, external storage devices and other resources of the information system common to users	Secret Net Studio, Secret Net LSP
VMS.22.	Protection of the information system from information security threats aimed at denial of service of the information system	Secret Net Studio (local PSB)
ZIS.24.	Termination of network connections when they are terminated or when the operator-specified time interval of inactivity of the network connection expires	Secret Net Studio, Secret Net LSP (local DOE)