Instruments of OpenUDS infrastructure protection based on "Alt" operational system
UDC: 004.056.5
DOI: -
Authors:
ZIROYAN MANYA A.
1,
TROKHACHEV STEPAN A.1
1 National University of Oil and Gas "Gubkin University", Moscow, Russia
Keywords: OpenUDS, Alt OS, data encryption, security firewall, integrity control, import substitution, virtual desktops, FSTEC standards, FEC
Annotation:
The authors of the article comprehensively studied the development of a multi-level protection scheme of OpenUDS infrastructure developed on the Russian “Alt” operational system (OS), taking into account modern cyber threats, especially relevant to the fuel and energy complex (FEC). The key security threats are analyzed, including confidential data leakage, distributed DDoS attacks, exploitation of brittleness in Application and remote access Protocol. A protection system, incorporating desk top settings of security firewall with iptables, data and communication channel encryption, using CryptoPro CSP, as well as files integrity monitoring by means of AIDE is proposed. The practical component involves modeling in a virtual environment based on the KVM hypervisor with Alt Server 10.2 OS, a detailed effectiveness analysis of the methods, system load assessment, and compliance with FSTEC of Russia standards. The results indicate high infrastructure security (threat coverage ranging 85…95 %) with moderate CPU load (2…15 %), considering limitations such as configuration complexity and the necessity of regular rules updating. Recommendations for the system further improvement are provided, including the introduction of two-factor authentication and Web Filters Applications (WFA), which makes the development applicable to government and commercial organizations in the context of import substitution, especially in the fuel and energy sector.
Bibliography:
1. OpenUDS ALT Linux Documentation. – URL: https://www.altlinux.org/VDI/OpenUDS (data obrashcheniya 02.05.2025).
2. Golushko A. Aktual'nye kiberugrozy: IV kvartal 2024 goda – I kvartal 2025 goda. – Positive Technologies, 2025. – URL: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2024/ (data obrashcheniya 02.05.2025).
3. OS Al't: produkty i resheniya. – URL: https://www.altlinux.org/Releases (data obrashcheniya 02.05.2025).
4. FSTEK Rossii. Perechen' natsional'nykh standartov, razrabotannykh TK 362 i prinyatykh Rostekhregulirovaniem (Rosstandartom). – URL: https://fstec.ru/tk-362/standarty/perechen-natsionalnykh-standartov (data obrashcheniya 02.05.2025).
5. Uymin A.G. Demonstratsionnyy ekzamen bazovogo urovnya. Setevoe i sistemnoe administrirovanie: praktikum: uchebnoe posobie dlya vuzov. – SPb.: Lan', 2024. – 116 s. – (Vysshee obrazovanie).
6. Iptables: ofitsial'naya dokumentatsiya. – URL: https://www.netfilter.org/projects/iptables/ (data obrashcheniya 02.05.2025).
7. KriptoPro CSP: dokumentatsiya. – URL: https://www.cryptopro.ru/products/csp (data obrashcheniya 02.05.2025).
8. AIDE: ofitsial'naya dokumentatsiya. – URL: https://aide.github.io/ (data obrashcheniya 02.05.2025).
9. Lazorin D.S., Pravikov D.I. Zashchishchennost' kiberfizicheskoy sistemy na osnove tsifrovogo dvoynika cherez otsenku kachestva upravleniya // Avtomatizatsiya i informatizatsiya TEK. – 2024. – № 2(607). – S. 43–47.
10. GOST R 34.12-2018. Informatsionnaya tekhnologiya. Kriptograficheskaya zashchita informatsii. Blochnye shifry. – Vved. 2019–06–01. – M.: Standartinform, 2018. – IV, 12 s. – URL: https://docs.cntd.ru/document/1200161708 (data obrashcheniya 02.05.2025).
11. Openvas Scan with GOS 24.10 – User Manual. – URL: https://docs.greenbone.net/GSM-Manual/gos-24.10/en/ (data obrashcheniya 02.05.2025).
Back to issue