Customer Premise Network Security Services Technical Details

Technical Details

 Service implementation and support includes

  • Consultation regarding service options and security configurations
  • All required activities to complete service installation
  • Fully Managed Service
  • Our configured and supported firewall/VPN installed at the customer premise
  • 24 x 7 centralized monitoring and management via our Network-Security Operations and Service Desk

 Service components include

  • All hardware and software components required to deliver the security service

Service features include

Firewall & VPN Service

Standard

Standard Plus

Premium

Premium Plus

Features and Options

 

 

 

 

Throughput

150 Mb (FW)          100 Mb (VPN)

600 Mb (FW)          250 Mb (VPN)

1 GB (FW)         300 Mb (VPN)

1.5 GB (FW)          400 Mb (VPN)

Site-to-Site VPN

Included

Included

Included

Included

Interfaces

2 FE

6 GE*

8 GE*

8 GE*

SSL VPN Add-on

25 users

250 users

750 users

2,500 users

IPS Add-on

N/A

Optional

100 Mb (IPS)

Optional

255 Mb (IPS)

Optional

360 Mb (IPS)

High-Availability (HA)

N/A

Optional

Optional

Optional

Vendor Access

Optional

Optional

Optional

Optional

Service

 

 

 

 

24x7 device monitoring

Yes

Yes

Yes

Yes

24x7 support

Yes

Yes

Yes

Yes

Design and planning

Yes

Yes

Yes

Yes

Policy customization

Yes

Yes

Yes

Yes

Configuration backup

Yes

Yes

Yes

Yes

Maintenance -

Patches and upgrades

Yes

Yes

Yes

Yes

Real-time view of security policy

Optional

Optional

Optional

Optional

Log Retention

At DIT

At Customer

 

1 month

Available

 

1 month

Available

 

1 month

Available

 

1 month

Available

 

Firewall & VPN Service

High Performance

High Throughput

High Throughput Plus

Features and Options

 

 

 

Throughput

2 Gb (FW)

700 Mb (VPN)

5 GB (FW)

2 GB (VPN)

10 GB (FW)         
3 GB (VPN)

Site-to-Site VPN

Included

Included

Included

Interfaces

8 GE*

8 GE

2 10GE*

6 GE

4 10GE*

SSL VPN Add-on

5,000 users

10,000 users

10,000 users

IPS Add-on

Optional

450 Mb (IPS)

Optional

1.2 GB (IPS)

Optional

2.1 GB (IPS)

High-Availability (HA)

Included

Optional

Optional

Vendor Access

Optional

Optional

Optional

Service

 

 

 

24x7 device monitoring

Yes

Yes

Yes

24x7 support

Yes

Yes

Yes

Design and planning

Yes

Yes

Yes

Policy customization

Yes

Yes

Yes

Configuration backup

Yes

Yes

Yes

Maintenance -

Patches and upgrades

Yes

Yes

Yes

Real-time view of security policy

Optional

Optional

Optional

Log Retention

At DIT

At Customer

 

1 month

Available

 

1 month

Available

 

1 month

Available

* High availability uses one of the Gig interfaces on the firewall.

Customer Responsibilities

  • Perform a security vulnerability assessment and a risk analysis of own environment, prior to the initial consulting meeting
  • Provide current diagram of customer’s network, including traffic flow, as input to the joint development of the initial security policy by us and the customer
  • Provide a secure physical facility with access control restrictions for the placement of the Firewall and VPN Service components, preferably co-located with our provided WAN Service router. The secure facility requires customer coordinated 24 x 7 accessibility for authorized DIT staff
  • Provide a 24 x 7 point of contact (POC) for us to contact for reporting and coordinating outages or emergency maintenance. This POC list will include the only authorized contacts for security related issues, including the approval of the initial security policy and requesting policy changes
  • Contact our Service Desk to report problems or request assistance
  • Work with us on a mutually agreed schedule to allow required maintenance services to be performed in a timely manner

Service options

1. SSL VPN service option

The SSL VPN service option is a fully managed solution for customers requiring secure remote access for their remote or travelling users and business partners. This service provides standards based encryption technology, while performing authentication and authorization of users according to their profiles, allowing them access to a pre-authorized list of agency/enterprise resources. This service can manage all phases of a Virtual Private Network security solution, including architectural validation, implementation, operations, and ongoing configuration management.

This service option includes

  • Secure encrypted remote access to information protected by the firewall
    • Protection and encryption of sensitive data (credit card, medical data, personally identifiable information, etc.)
    • Integration with NC Identity Management (NCID) for user authentication and authorization, allowing access to a pre-authorized list of agency/enterprise resources
    • Access restrictions based on VPN groups (5 VPN groups included with service - additional VPN groups for more granular authorization are priced separately)

Customer Responsibilities

  • Additional Customer POC responsibilities for this service option include providing VPN group administrator(s), who will be responsible for assigning group membership to users
    • Implement remote access security policies that enforce the use of sound security practices to keep VPN client system(s) secure against unauthorized access and other security threats and that comply with the statewide information security standards.

2. Intrusion Prevention Service (IPS) service option

IPS provides a critical defensive layer of security for the customer's network that monitors network activities for malicious behavior and can block or prevent those activities. This service option is a fully managed Internet Protocol (IP) based security solution that provides inline protection against threats from hackers, viruses, and worms that attack customer networks and computing equipment. We manage all phases of the service, including consulting for the required policies, implementation, operations, and ongoing configuration management.

This service option includes

  • All required activities to complete service installation
  • Implementation of customer-defined security posture to meet your security requirements, providing protection for all your security domains, including VPN traffic
  • Continual tuning of security policies to ensure the detection and response technologies are well adapted to customer's environment
  • Customer notification of pre-identified critical events
  • Real-time view of events
  • Visibility of customer network events for the preceding thirty (30) days
  • Monthly trend reports e-mailed to Customer

Key Features and Benefits

  • Single platform for security services, providing tight integration with other network security elements, increasing the effectiveness of security technologies
  • Enhances firewall protection by looking deeper into the packets to provide real-time protection against worms, Trojans, and exploits against application and OS vulnerabilities
  • Customized security posture, tailored to the specific requirements of the individual site, providing protection against external and internal threats
  • Selection of IPS throughput capabilities based on Customer’s needs. IPS capabilities are hardware-accelerated to provide maximum performance
  • Comprehensive and timely attack protection: real-time signature updates (every 15 minutes) provided by Global Correlation address emerging threats
  • IPS Reputation filtering technology proactively protects your network from known malicious users
  • Zero-day attack protection using anomaly detection
  • Risk rating–based policy provisioning
  • Helps Customers meet compliance mandates and secure their critical assets and networks

Customer Responsibilities

  • Additional Customer POC responsibilities for this service option include reviewing event notifications (24 hr)

3. High availability service option

This service option includes

  • Redundant firewall/VPN device
  • Switch between the WAN connection and the firewall

4. Vendor access service option

This service option includes

  • 10 Mb access from the vendor connection termination point to the State’s network
  • Private access to the Agency’s VRF and/or to Enterprise Services

Customer Responsibilities

  • Provide the WAN connectivity from the vendor site to the State’s network

Hours of Availability

This service is available to customers 24 x 7, excluding planned outages, maintenance windows and unavoidable events. Maintenance windows are used only when needed for planned changes that have gone through our Change Management Process. In addition to our Standard Maintenance Windows, site-specific and service-specific changes may be coordinated with customers at non-standard times.

Standard maintenance windows are defined as:

12:00 a.m. to 3:00 a.m. each night (standard approved changes)

4:00 a.m. to 7:00 a.m. each Thursday

4:00 a.m. to 12:00 p.m. each Sunday