From idea to project
It was 2003: a dollar - 30 each, the Internet - by cards, outside the window - July, and on MTV they were playing Numb and In the shadows. Several students and graduates from the Department of Informatics of YarSU named after Demidova decided to jointly create something really cool, and most importantly necessary. At that time I worked for a local Internet provider, and I didn't have to think long about what to code.
Clients of this and all other providers paid then for the volume of traffic consumed, and at the end of the month, when the provider rolled out the bill to clients, there were many conflict situations, such as: "we did not download this" , "this is probably a neighboring office hanging on the same switch! "... As it seemed to us then, the prospect of software that would allow customers to check the provider's data was great. This is what we did.
At the same time, a second thought arose: when the data on consumption in the office converged with the data of the provider, the director began to thirst for blood and look for someone to blame. To please the director, we expanded the product with the ability to see statistics for each specific user in the organization, and then off we go ...
IKS takes shape. We gain an office
Initially, the development team consisted of only three people, one of whom also performed technical support functions. Found ourselves an office in a former Soviet institute. We had a room with a beautiful view of Yaroslavl from the 11th floor.
They brought computers there. At first there were no funds, I didn't want to borrow, so the computers were our own. Even one i486 computer was our server for some time.
It was decided to take the FreeBSD system as the basis for the new product, which at the beginning of the 21st century confidently demonstrated stability and reliability of operation.
While the product itself was damp, each of us could easily sit late into the night with one of the new customers, integrating the program into the network, at the same time building bridges with admins, discussing IT in general and their wishes for the product in particular. By the way, we are still guided by the latter, trying to make ICS as user friendly as possible and implementing the wishes of our customers.
At the beginning of the 21st century, it was generally interesting, I remember how I came to sell Internet Control Server to one of the first clients on the recommendation of my friends, I go into the office, a man sits at a table, and there are two big boys. When he moved to the sofa, and they moved with him and sat plump on both sides, I no longer knew what to think. Then a friend explained that they were bodyguards, because the client's business is, well, very highly competitive. Maybe bodyguards are true, but this all kind of motivated to improve the quality of the product!
The functionality of the product has increased, and the number of employees involved in the project has also grown. Moving in 2008 to a new spacious office became an important stage in the formation of A-Real Consulting.
Not a single code
Despite the mathematical mindset, creativity was in full swing, therefore, in addition to the common name "Internet Control Server" , we decided to come up with a kind of mascot for each new version, a fictional talisman whose name will start with a letter corresponding to the serial number of the program version.
IKS debuted under the codename "Arthur the Alien Astrologer" . First customers (of course, from local companies), first bugs and first features.
Gradually, it became clear that customers want more features and we want more customers. With each new version, Internet Control Server became more and more multifunctional solution.
Arthur was replaced by "Bender the Bald Balalaiker" , and IKS learned to support a RAID-array like mirror and DHCP- provider, to filter sites by category, it became possible to install from a flash-disk.
The mascot for the next version was "Cheburashka the Charming Cannibal" . Weekly reports have been integrated into the Internet Control Server statistics module; support for providers' priorities and load balancing between them has been implemented ; added PHP and MySQL support for web server and jabber server with conferencing function.
Among the innovations of the version of "Drumba the Disaster Droid" were: support for L2TP and Wi-Fi providers, OpenVPN tunnels ; extended mail statistics; the ability to set multiple time ranges and days of the week for rules and profiles.
In the version of "Eric the Epic Elephant" IKS acquired several new powerful modules at once: an IP telephony module with support for SIP and IAX protocols , a DLP module , Layer7 filtering , Kaspersky Anti- Spam, fail2ban service , and SkyDNS traffic categories .
By coincidence, the next version of Internet Control Server was left without a special symbol, but the program itself has implemented support for central management of several servers from one interface, added statistics by traffic categories and the Kaspersky Web-Filtering module . Internet Control Server was transferred to a new technological platform and a new update system.
They couldn't live long without a mascot, and that's why he appeared - "Funny Fennec Fox", the hero of version 6 of the program. It has improved the performance of the traffic processing module, changed the logic of the rights of the user authorized on the ICS, optimized the work with the ZFS file system , added support for video calls to the telephony module .
At the end of 2019, we released a new version, IKS 7: Galactic Guardian Goose . In it, we expanded the functionality of the xauth utility , added an application firewall , implemented a web softphone that allows making calls through a web browser, as well as organizing video conferences .
At the moment version 8 Internet Control Server - Harvey the Heavy metal Hedgehog is actual . It has added its own Garnet traffic categories , improved the security of remote connections via OpenVPN , and added logging to SSTP.
Modern ICS
Now we have more than 17 years of continuous development and support of IKS. During this time, the product, created by a small regional IT company, has found its place in the corporate networks of many companies throughout Russia.
Internet Control Server in its current state is a multifunctional solution capable of covering most of the urgent IT tasks:
1. Universal gateway
- support for various types of connection: Internet, Wi-Fi, 3G, PPTP, PPPoE, L2TP
- work with multiple providers
- VLAN and DMZ
- IPSec / OpenVPN / GRE / IPIP tunnels
- DHCP, DNS, NAT
2. Access control
- synchronization with Active Directory
- user authorization by name / password, ip, MAC, SMS, call, Xauth
- application control via Xauth and nDPI
- prohibiting and permissive rules
- L7 filtering
3. Content filter
- filtering by lists of the Ministry of Justice, Gosnarkokontrol
- ready-made set of rules for schools, RBOS
- blocking by URL, keywords, patterns, regular expressions
- blocking intrusive ads in AdBlock categories
- additional traffic categories SkyDNS and KWF
- flexible configuration of user access
4. Network protection
- firewall and IDS / IPS Suricata
- Kaspersky Anti-Virus and Anti-Spam, ClamAV
- proxy server
- https filtering
- tunnel encryption
- NAT protection
5. Remote access
- secure connection via built-in VPN (SSTP, OpenVPN, L2TP / IPSec)
- different access rules
- collecting statistics on user actions on the network
- protection of the corporate network when working remotely
- built-in ip-telephony module
6. Traffic counter
- traffic counter by users, address groups, interfaces, sites, files, domains, time
- collection from Cisco Systems by netflow
- reports on users, protocols, mime-types, assignments, ip
- syslog + report designer
- export reports
7. Network services
- proxy server with kerberos authentication
- built-in VPN server
- mail - encryption, filters, relay, antispam
- file, FTP, web, jabber servers
- IP telephony: audio and video conferencing, web softphone
8. Centralized management
- consolidation of geographically remote servers
- secure configuration of remote servers
- management of multiple servers through one interface
You can test Internet Control Server by downloading the distribution kit from the official website . The trial is available for 35 days and does not bind you to anything;)
Conclusion
We wrote this article as a small greeting so that you would learn a little more about how the history of the development of our product began, how its functionality has changed over time, about what ICS is today.
In the future, we plan to publish a series of articles concerning freebsd and the integration of this system with various functional modules.
Sharing experience - pumping skills!
Igor Alekseev,
Founder of A-Real Consulting
Ideological inspirer of IKS