The site uses cookies to work. Please confirm acceptance of this information
OKVulnerability analysis according to OUD 4 is a mandatory service performed to assess the level of security of information systems (IS) classified as the fourth level of security in accordance with the classification of the FSTEC of Russia. DMS 4 covers IP systems that process data of limited importance and are not considered critical resources, but they still require organizational and technical protection against information security incidents.
This category includes:
Vulnerability analysis according to OUD 4 is prescribed by the current legislation and regulations of the FSTEC of Russia. This is not a voluntary measure, but a requirement of the technical documentation applicable to organizations whose system has been classified according to the threat model and security level. Violations of the requirements may result in sanctions, suspension of activities, or rejection of IP certification.
Ignoring the procedure leads to the following risks:
The OUD 4 security analysis provides a reliable picture of the current state of the system in terms of protection against unauthorized access, helps to identify critical vulnerabilities in a timely manner and document compliance with FSTEC regulations. This is a conscious risk management measure — not a formality, but a technically and regimentally verified process.
The FSTEC of Russia imposes specific requirements for conducting vulnerability analysis at the fourth security level. They are set out in the document "Order No. 239 of the FSTEC of Russia" and related methodological recommendations. We also use up-to-date vulnerability databases, including international ones (for example, NVD) adapted to Russian realities.
The main provisions relate to the following aspects:
The form of the analysis is divided into three key approaches:
The objects of the analysis are:
The result of the analysis is recorded in a formalized report, which includes:
Thus, conducting vulnerability analysis in accordance with the requirements of the FSTEC — This is not a formal bureaucratic operation, but a precise technical procedure, strictly regulated by objects, information and assessment methods.
Vulnerability analysis according to OUD 4 is mandatory for all organizations whose information systems are classified into the fourth level of security according to the document of Order No. 239 of the FSTEC of Russia or the relevant provisions in the framework of building information security systems according to GOST and the threat assessment methodology.
These organizations include:
Indicators, indicating the need for analysis:
Even in the case of the apparent "low significance" of IP, if it formally falls under the classification according to the criteria of OUD 4, the obligation to perform vulnerability analysis remains in full and with the same reporting requirements as at higher levels.
Vulnerability analysis for OUD 4 differs from OUD levels 1-3 in the degree of depth and rigor. It focuses on the use of simplified models and methods, which allows organizations to perform verification without deep intrusion into systems or shutting down productive services.
Key differences:
However, this does not reduce the importance of the procedure. — Non-compliance with the requirements may indicate a disregard for technical protection measures, which is fraught with sanctions along with higher levels of security.
Vulnerability analysis according to OUD 4 is a set of technical and organizational measures aimed at recording the current state of IP security and identifying critical areas at risk of unauthorized exposure. The procedure is structured in stages and documented in accordance with the requirements of the FSTEC of Russia.
1. Collection and analysis of initial data
Before the start of the inspection, specialists form an idea of the structure of the system.:
This phase is critical: the quality of the security model depends on the completeness of the information system description. Errors or unreliable data here affect the reliability of the entire analysis.
2. Formation of a violator model and a list of current threats
Based on the information about the IP configuration, possible attack scenarios and the intruder model are determined. It must correspond to the security level of the DMS 4, that is, it must take into account potential threats from external intruders or unqualified internal users. The provisions of the FSTEC, threat libraries, as well as accepted practices of risk assessment in information security are taken into account.
3. Selection of tools and technical analysis
The basis consists of:
Verification can be both active and verification—based, without creating an additional burden on the productive environment. In cases where services that work with a real user base are affected, preference is given to continuous analysis outside peak hours.
4. Manual verification and vulnerability classification
The automatic result is not final — problems are checked manually:
If a highly critical vulnerability is detected, the analysis continues until it is proven to be irrelevant or measures are taken to eliminate it.
5. Preparation of accounting documentation
The final stage is the generation of a report that contains:
The report is prepared in accordance with the requirements of the FSTEC and can be used as an evidence base for certification or audit.
6. The accompanying package
In addition to the report, the customer is provided with:
The correctness of the analysis is confirmed:
The document should be logically structured, specific and ready to be presented to regulatory authorities or information security partners.
The final report is an official document formalized for subsequent use as part of ensuring compliance with information security requirements, as well as as an evidence base for certification, certification or verification of the system.
The structure of the report includes the following mandatory sections:
The document is used for the following purposes:
The vulnerability check for ODE 4 does not end with the creation of a report. When updating components or identifying new threats for CVE, it is advisable to review the report. In the case of software updates or the introduction of new modules, it will be necessary to promptly verify compliance with the new security provisions.
Neglecting the mandatory vulnerability analysis for OUD 4 entails legal and business consequences. Articles 13.11 and 19.7 of the Administrative Code of the Russian Federation provide for administrative liability for creating threats to information security due to inadequate protection.
For organizations, this means:
In addition to sanctions, non-compliance with the procedure is considered as an indicator of the lack of proper control in the information security segment. This often affects not only the conclusion of the regulator, but also partner activities — organizations lose their reputational positions or are rejected by customers with stricter security requirements.
The last two years have been marked by an increase in the number of on-site audits and an increase in the control procedures for systems classified according to the 4th security level. Changes in the legal field, including reforms in the field of critical information infrastructure and the expansion of the powers of the FSTEC, have put the obligation to conduct vulnerability analysis into practice.
At the same time, the number of incidents related to the exploitation of vulnerabilities in insignificant but poorly protected systems has increased — these incidents prove that a relaxed attitude towards DMS 4 is not justified.
A well-organized analysis service for OUD 4 — This is a way not only to meet the requirements of the FSTEC, but also to systematically assess the security of your IT infrastructure and identify vulnerabilities before they become incidents. And the most important thing is to carry out the procedure in the right format, on time and without unnecessary costs.
Need to make a payment quickly? In your personal account, you can instantly issue an invoice for payment in any of the cryptocurrencies offered by the service for the required amount. After the customer pays the bill, the funds will be credited to your account within a few minutes.
After paying the client`s bill, the daily messages will be published on your website within a few minutes.
Thank you for your interest in our solutions. Fill out the form and we will contact you soon to discuss the right solution for your business.
You will be contacted as soon as possible.
System requirements:- Wordpress version - from 3.8- WooCommerce version - from 2.0- PHP version - from 7.0
Installation:1. The contents of the archive should be placed in the Wordpress plugins folder (by default - {site root} / wp-content / plugins /)2. Go to the site admin section (/wp-admin/) and activate the "WooCommerce - Wallex" plugin 3. Go to the section "WooCommerce" - "Settings" - "Checkout"4. At the bottom of the page, in the "Payment gateways" section, click the "Settings" button opposite "Wallex Payments"5. Enter your seller`s details.
System requirements:- OpenCart version - from 3.0- PHP version - from 7.0
Installation: 1. Copy the admin and catalog folders to the root of the site 2. Go to the admin panel of the site 3. Select the menu "Add-ons" -> "Payment"
* The CNC must be configured for each language separately 10. Add the received link (https: // my-site / response) to your Wallex account “My Store” -> “Settings" -> “Successful redirection” Received link (https: // my-site / response)
System requirements:- Joomla version - from 3.0- Virtuemart version - from 3.0- PHP version - from 7.0
Installation:1. To install the payment acceptance module, you must download the archive from your Wallex account.2. Install via the module installer in the admin panel (Extensions -> extension manager -> Download package file, etc.)3. In the module management menu, activate the plugin (Extensions -> Extension Manager -> Management)4. Then go to the Virtuemart admin page and go to: Components->Virtuemart->Payment Methods->Add a payment method)5. Fill in the first tab and click "Save"6. Go to the "Configuration" tab (Settings)7. Fill in the fields and click "Save" (for further configuration, remember the value of the cid[] parameter from the address bar)
Set up links in your Wallex account - My Store-Settings1. Successful URL - https://joomla.retailcrm.club/index.php/compomemt/com_virtuemart 2. Callback - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginnotification&tmpl=component&pm = X (insert the value from step 8 instead of X at the end)3. Unsuccessful - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginUserPaymentCancel&pm = X (insert the value from step 8 instead of X at the end)
System requirements:- Drupal version - from 7.x- Commerce version - from 1.15- PHP version - from 7.1 - 7.4
Installation:Unpack the archive “{your_site}/admin/modules/install"Log in to the admin panel and install -> “COMMERCE (PAYMENT) WALLEX". Click Save.Set up the WALLEX payment gateway.. drupal payment gateway settings: drupal commerce & ubercartEnter the data from your personal account.Drupal commerce payment Gateway SettingsThe Drupal payment gateway from WALLEX allows you to automate the process of accepting payments from electronic wallets and any bank cards.
System requirements:- PHP version - from 7.2
Installation:The contents of the repository should be placed in the root directory of the site#After that, you need to:Go to the administrative part of the online store.Go to the "Payment Systems" page ("Store" - > "Store Settings" ->; "Payment systems")Click on the "Add payment system" buttonFill in the general information about the payment system.Go to the appropriate tab ("Individuals" or "Legal entities") and fill in all the necessary informationmake the payment system active and click "Save"Enter the links from the list below in the seller`s settings.callback URLhttp://ваш домен/bitrix/tools/wallex_result.php Successful redirectionhttp://ваш domain/personal/orders/Cancel redirectionhttp://ваш домен/bitrix/tools/wallex_fail.php
After your company has passed moderation, you can start receiving funds using the payment form. The link to the payment form is available in the company information and has the format https://wallex.zone/widget /{id}, where {id} is the digital identifier of your seller. In order for the form to work correctly and open, you must send the URL to the client, specifying in the request a set of parameters described below. The best way is to format the sending parameters using a POST request. This can be done using javascript or in a hidden form, although this form will also work if the parameters are simply sent by the GET method. But this method is not considered safe
Description of payment form parameters
client - client`s email address
product - Purpose or payment or product name
price - The price for one unit multiplied by 100 (if the price is 110.55 euros, this value will be 11055)
quantity - Quantity, if greater than 1, then the final amount will be equal to quantity*price
currency - Cryptocurrency code for payment (for example, usdt)
fiat_currency - The code of the fiat currency (rub, kzt, try) for payment, by default - rub
uuid is a unique payment number in our system. If you don`t use identifiers, just set a random value in this parameter
language - Transaction language, by default - ru
message - A short message to the user will be sent by email when paying
description - A brief description of the service, will be shown in the payment form
card_number - The card number of the payee (Used only for acquiring), the field is optional
sign is a digital signature of the data, a sha1 cache string consisting of the specification of all request parameters and your SECRET KEY:
sha1(client+product+price+quantity+currency+fiat_currency+uuid+language+message+description+card_number+SecretKey)
$link = 'https://wallex.zone/widget/69?data='.base64_encode(http_build_query([ 'client'=>'test@test.ru', 'product'=>'product', 'price'=>300*100, 'quantity'=>1, 'currency'=>'usdt', 'fiat_currency'=>'rub', 'uuid' => '1234qqqq', 'language' => 'ru', 'description' => 'test', 'sign' => sha1('test@test.ru'.'product'.(300*100).'1'.'usdt'.'rub'.'1234qqqq'.'ru'.'test'.'SECRET KEY') ]));
As soon as the funds are credited to your account, our system sends a POST request to the specified URL callback link. The request contains the following set of parameters:
status - success for successful payment, fail for cancellationclient - client`s email
currency - Payment currencyamount - Amount of funds transferred
uuid - the uuid that you sent when initializing the form
commission - payment service commission
product - Purpose of payment or, product name
sign is a digital signature of the data, a shal cache string consisting of the specification of all request parameters and your SECRET KEY:.sha1(status+client+currency+amount+uuid+commission+product+SecretKey)To accept payments in cryptocurrency, the link parameters remain the same, the amount in the price parameter is transmitted in the currency specified in fiat_currency. Our system itself will recalculate the equivalent in the cryptocurrency passed in the currency parameter. At the moment, payments are accepted in ETHEREUM, BITCOIN and USDT (eth, btc, usdt).
To create a payout, you need to send a request to the URL https://wallex.zone/payout/new containing a serialized json object in the body, with the following set of parameters:
composer require sq-dev/wallex-sdkuse Wallex\Widget;
$widget = new Widget(1, "secret_key");
$url = $widget->cretePayment(
"client@mail.ru",
"Xiaomi 9T",
1000,
1,
"Hello thanks for order",
"Xiaomi 9T",
"USDT",
"rub",
"ru"
); // Returns payment url
use Wallex\Webhook;
$payment = new Webhook($_POST);
if ($payment->isVerified("secret_key") && $payment->isSuccess()) {
// Payment success logic
//F.e:
$client = $payment->getClient(); // Get client email
User::where("email", $client)
->update(["balance" => $payment->getAmount()]);
}
use Wallex\Payout;
$payout= new Payout($MerchantId, $SecretKey);
$payout->cryptoPay($address, $amount, $currency);