The network of branches of state enterprises with sensitive data

0 like 0 dislike
Lord, I Want to connect a network of branches gastrectomy to simplify database synchronization.
To them I a third party organization that they operate with Personal data of the WHOLE region.

All the data sinhroniziruete or open channels of the Internet or a specially trained person with a stick that will not fit in the framework of the Law "On personal data".

Management sees this problem, and wishes I helped them solve it, local admin against this motivates the absence of the necessary licenses for this type of work.

The question is, what licenses you need (and whether at all) to me for the organization of the OpenVPN network to the state structure.

Do I have encryption on GOST as I understand it, OpenSSL is not suitable, or rather may come version 1.0.0 which is not yet, but it's the details.

who knows what I would be very grateful.
by | 24 views

4 Answers

0 like 0 dislike
GOST for public institutions is necessary, as far as I know.
State. admin is probably right. And you generally who such that is public enterprises asks you to solve their problems with cryptography? -) Even more interesting. Tag "rollback" for a reason?
0 like 0 dislike
Personally, I would do it on cats with modules it from Krypton.
To make such decisions "on the knee" and open the software — do not waste your time. At least to bring all the decision required, and this will need certificates constituent parts. Including cryptography.
Believe me, in such systems, the principle of "reasonable sufficiency" does not work by definition. Only the presence of all documents and certificates.
0 like 0 dislike
You are either new checkpointusa UTM-Ki with support of GOST we need to take, or to support domestic producers such as Amicon with their FPSU-ip. Well, or modules RVPN for 38/28's cisoc.
0 like 0 dislike
Important thing in this case — a piece of paper (certificate). If money is tight then just buy the cheapest solution, that is, with the FSTEC and the FSB. By the way the formal "man with a stick" is a normal solution that allows you to skip encryption channel, and thus really to save.

Related questions

0 like 0 dislike
2 answers
asked Mar 25, 2019 by Seter17
0 like 0 dislike
6 answers
0 like 0 dislike
1 answer
asked Mar 22, 2019 by ncix
110,608 questions
257,187 answers
40,796 users