• No results found

Secure Gateway Firewall

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Secure Gateway Firewall"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Secure Gateway – Firewall

(2)

2

The Verizon names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

PROPRIETARY STATEMENT

This document and any attached materials are the sole property of Verizon and are not to be

used by you other than to evaluate Verizon’s service.

This document and any attached materials are not to be disseminated, distributed, or otherwise

conveyed throughout your organization to employees without a need for this information or to

any third parties without the express written permission of Verizon.

(3)

3

Agenda

Agenda

The customer environment:

Business objectives

Business challenges

Verizon solution:

Secure Gateway – Firewall

The Verizon difference

(4)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Section 1

Section 1

(5)

5

Business Objectives

Business Objectives

Reduce operating expenses

Increase operational efficiency

Establish a flexible, scalable, and robust Internet service

Implement an integrated private and public network

(6)

6

Business Challenges

Business Challenges

Minimal technical expertise at remote locations

Lack of standardized public network access

(7)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Section 2

Section 2

Verizon Solution:

(8)

8

Minimal technical expertise

at remote locations

Lack of standardized

network access

Absent or minimal

centralized protection

against security threats

Help reduce operating expenses

Increase operational efficiency

Establish a flexible, scalable,

and robust Internet service

Implement an integrated

private and public network

Help ensure network stability

and predictability

Challenges

Objectives

Verizon Secure

Gateway –

Firewall

Overcoming Challenges to Meet Objectives

Overcoming Challenges to Meet Objectives

(9)

9

Internet

Internet

Verizon

Verizon

IP Network

IP Network

Secure Gateway – Firewall

Secure Gateway – Firewall

Customer Network 1 Customer Network 3

Trunks

to UUNET

NBFW PVC

HR Routers

Protected Path Through

Secure Gateway

NBFW

Secure Gateway

Customer Network 2

Verizon Frame Relay/

ATM/Private IP

Verizon Frame Relay/

Verizon Frame Relay/

ATM/Private IP

(10)

10

Secure Gateway Port:

NRC/MRC

Private Network:

NRC/MRC

64K to 3 MB standard (ICB above 3 MB)

Dual Secure Gateway port/gateway

provisioned (network service

redundancy) for additional charge

Standard rates for Private IP,

Frame Relay, and ATM apply

Secure Gateway – Firewall

U.S. Pricing – One Component + Private Network

Secure Gateway – Firewall

(11)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Section 3

Section 3

(12)

12

Benefit

Feature

Challenge Addressed

Objective Met

Provides Verizon Frame Relay,

Provides Verizon Frame Relay,

Private IP, and ATM customers

Private IP, and ATM customers

with the ability to securely

with the ability to securely

access the public network

access the public network

(Internet)

(Internet)

Low

Low--cost firewall optioncost firewall option Verizon NOC provides 24x7

Verizon NOC provides 24x7

management, monitoring, and

management, monitoring, and

support for HWC and VPN

support for HWC and VPN

Helps protect network from

Helps protect network from

common attacks

common attacks

Can help eliminate costly

Can help eliminate costly

redundant circuits

redundant circuits

No on

No on--site technical site technical resources needed

resources needed

Secure Gateway – Firewall

Overcoming Challenges to Meet Objectives

Secure Gateway – Firewall

Overcoming Challenges to Meet Objectives

Centralizes network

Centralizes network- -based firewall service

based firewall service

Utilizes firewall located

Utilizes firewall located

in the Verizon network

in the Verizon network

Verizon monitors,

Verizon monitors,

maintains, and manages

maintains, and manages

the network

the network--based based

firewall platform (not

firewall platform (not

rule

rule--sets)sets)

Provides protection

Provides protection

from many types of

from many types of

network threats

network threats

Internet Access

Internet Access

for Verizon Private

for Verizon Private

Network customers

Network customers

Network

Network--based servicebased service

Lack of standardized network access

Lack of standardized network access

Absent or minimal centralized

Absent or minimal centralized

protection against security threats

protection against security threats

Minimal technical expertise

Minimal technical expertise

at remote locations

at remote locations

Absent or minimal centralized

Absent or minimal centralized

protection against security threats

protection against security threats

Lack of standardized network access

Lack of standardized network access

Minimal technical expertise

Minimal technical expertise

at remote locations

at remote locations

Bring stability and predictability

Bring stability and predictability

to the corporate network (WAN)

to the corporate network (WAN)

environment

environment

Absent or minimal centralized

Absent or minimal centralized

protection against security

protection against security

threats

threats

Can help reduce expenses and

Can help reduce expenses and

ensure network stability and

ensure network stability and

predictability

predictability

Can help ensure network

Can help ensure network

stability and predictability

stability and predictability

Provides an integrated solution

Provides an integrated solution

for private and public network

for private and public network

connectivity, can help reduce

connectivity, can help reduce

expenses, and establish a

expenses, and establish a

flexible, scalable, and robust

flexible, scalable, and robust

Internet service

Internet service

Can help reduce expenses and

Can help reduce expenses and

increase operational efficiency

(13)

13

Yes

Yes

Yes

Yes

UDP flooding

UDP flooding

Yes

Yes

Yes

Yes

Fragmentation attacks

Fragmentation attacks

Yes

Yes

Yes

Yes

IP

IP

-

-

spoofing attacks

spoofing attacks

Yes

Yes

Yes

Yes

TCP

TCP

-

-

based attacks

based attacks

Yes

Yes

Yes

Yes

ICMP attacks

ICMP attacks

Varies

Varies

No

No

Intrusion detection

Intrusion detection

Varies

Varies

No

No

Reporting

Reporting

Centralized or distributed

Centralized or distributed

Centralized

Centralized

Management

Management

Firewall at central site

Firewall at central site

or local firewalls at remote sites

or local firewalls at remote sites

None Required

None Required

CPE

CPE

Requires individual firewalls at each remote

Requires individual firewalls at each remote

location or centralized firewall

location or centralized firewall

Secure Gateway port

Secure Gateway port

(cost determined by bandwidth)

(cost determined by bandwidth)

Cost

Cost

Verizon CPE-Based

Firewall

Verizon Secure

Gateway – Firewall

How Is Secure Gateway – Firewall Different

From CPE-Based Firewall Service?

How Is Secure Gateway – Firewall Different

From CPE-Based Firewall Service?

(14)

14

Secure Gateway – Firewall

Case Study: Seafood Processor/Distributor

Secure Gateway – Firewall

Case Study: Seafood Processor/Distributor

Customer requirements:

Network standardization

Prioritize traffic for a future implementation of VoIP

Obtain secure centralized Internet access to a specified

subset of their end-users

Eliminate circuit and service redundancy

Verizon solution:

Private IP network

(15)

Summary: Secure Gateway – Firewall

Solves Business Challenges

Summary: Secure Gateway – Firewall

Solves Business Challenges

Secure access to the Internet

Centralized protection against security

threats

(16)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Section 4

Section 4

(17)

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved.

Section 5

Section 5

Appendix

Pricing

Details on NAT Functionality With SIG

Firewall Configurations

Details on DDoS Policy

(18)

18

$1,300.00

$1,300.00

$200.00

$200.00

3,072

3,072

NA

NA

NA

NA

2,048

2,048

$650.00

$650.00

$200.00

$200.00

1,536

1,536

$450.00

$450.00

$100.00

$100.00

1,024

1,024

$420.00

$420.00

$100.00

$100.00

768

768

$360.00

$360.00

$100.00

$100.00

512

512

$310.00

$310.00

$100.00

$100.00

384

384

$250.00

$250.00

$100.00

$100.00

256

256

$170.00

$170.00

$100.00

$100.00

128

128

$150.00

$150.00

$100.00

$100.00

64

64

MRC

NRC

Secure Gateway port

Secure Gateway port

Port Speed (KB)

Port Speed (KB)

U.S. Secure Gateway Port Pricing (MBS II, MBS I, and Pre-MBS)

Note: 4680 Kbps to 15,360 Kbps Secure Gateway ports are available after obtaining an approval from Capacity

Planning. Minimum one-year term required.

Early termination fee applies. Please see your Verizon account manager for complete details.

Pricing was effective July 2005 and subject to change without notice. Excludes taxes and surcharges.

Secure Gateway – Firewall

Secure Gateway Port Pricing

Secure Gateway – Firewall

(19)

19

Internet

Internet

Customer Network

Secure Gateway – Firewall

Standard Configuration

Secure Gateway – Firewall

Standard Configuration

Frame Relay or ATM Link

NBFW PVC

Trunks to

UUNET

HR Routers

NBFW

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Internet

Internet

Customer Network

Trunks to

UUNET

HR Routers

NBFW

Customer’s

PVC to Private IP

Link to Private IP

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Verizon

Verizon

IP Network

IP Network

Verizon

Verizon

IP Network

IP Network

(20)

20

Customer Network

Customer Network

Secure Gateway – Firewall

Redundancy Configuration

Secure Gateway – Firewall

Redundancy Configuration

NBFW 1 NBFW 2 NBFW 2 NBFW 1

Internet

Internet

Internet

Internet

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Verizon

Verizon

IP Network

IP Network

Verizon

Verizon

IP Network

IP Network

(21)

21

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Verizon

Frame Relay/

ATM/Private IP

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM/Private IP

ATM/Private IP

Customer Network Customer Network

Secure Gateway – Firewall

Redundancy Configuration

(cont’d)

Secure Gateway – Firewall

Redundancy Configuration

(cont’d)

NBFW 2 NBFW 1

Trunks to

UUNET

Frame Relay or ATM Link

NBFW 1 NBFW 2

Trunks to

UUNET

HR Routers

HR Routers

Verizon

Verizon

IP Network

IP Network

Verizon

Verizon

IP Network

IP Network

Internet

Internet

Internet

Internet

(22)

22

Details on Basic Stateful Firewall Rules

Details on Basic Stateful Firewall Rules

(23)

23

Details on Anti-Spoofing Rules

Details on Anti-Spoofing Rules

(24)

24

Details on Ingress Anti-Spoofing Rules

Details on Ingress Anti-Spoofing Rules

(25)

25

Details on Network Address

Translation (NAT) Services

Details on Network Address

Translation (NAT) Services

(26)

26

Details on NAT/PAT Translations

and Mapping Features

Details on NAT/PAT Translations

and Mapping Features

PC 10.10.10.1.80 PC 10.10.10.2.8080 PC with any 10.10.10.x.23 SMTP Server 10.10.10.43.25 or Public Address Assigned to Customer Previously

Private

Addresses

NBFW/NAT

66.200.243.146

66.200.243.146

10.10.10.1.8 translated to 66.200.243.145.105 10.10.10.2.8080 translated to 66.200.243.145.9189 10.10.10.x.2343.25 mapped to 66.200.243.146.25 10.10.10.x.23 translated to 66.200.243.145.245

Internet

Internet

Verizon

Frame Relay/

ATM

Verizon

Verizon

Frame Relay/

Frame Relay/

ATM

ATM

WWW FTP SMTP Servers

(27)

27

Details on DDoS Policy

Details on DDoS Policy

(28)

28

For More Information

For More Information

To speak to a Verizon Representative about whether Secure Gateway

-Firewall is right for your business:

Fill out a consultation form at:

http://mediumbusiness.verizon.com/products/access/secure_gateway.aspx

Or

References

Download now ( PDF - 28 Page - 1.05 MB )

Related documents

Study on the civil rule of buildings going beyond boundary limits

So standing on the civil rule of buildings going beyond boundary limits, this dissertation takes the influence imposed on the protection of private rights by efficiency principle

Synthesizing framework models for symbolic execution

As a running example, we show how Pasket synthesizes a Java Swing framework model from the tutorial program in Figure 2, which is a simplified extract from one of the tutorials for

Supply Standards: Electricity Supply Standard July JULY 2011 ISSUE 6 UNCLASSIFIED UNCONTROLLED COPY IF PRINTED

Essential Energy’s objective is to observe good electricity industry practice in the design of the distribution system to minimise the impact of lightning strikes and protect

Remote Disaster Recovery Concepts for Microsoft SharePoint Server 2010 with Storage Based Replication

Because only the content and some service application databases are to be replicated to the DR site, there is the opportunity to maintain a search service application instance in the

Impatience, Incentives, and Obesity

Matching the NLSY to local price data from the Council for Community and Economic Research (C2ER), we show that the interaction of time preference and food price is a

MRI of the posterolateral corner of the knee, please have a look

Fat Sat., fat saturation; FCL, fibular collateral ligament; FFL, fabellofibular ligament; Fig., figure; LCL, lateral collateral ligament; MCL, medial collateral ligament; PACS,

Measuring change readiness: How to successfully quantify readiness for change

In addition, a significant difference was found when using the calculated index score and comparing positive readiness measured by the Open system quadrant to negative

Corporate governance effect on financial distress: evidence from Indonesian public listed companies

The result shows that corporate governance structure as institutional ownership, size of board of commissioners and directors can reduce the probability of