Secure Gateway Firewall

Transcription

1 Secure Gateway Firewall Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

2 PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. 2 The Verizon names and logos and all other names, logos, and slogans identifying Verizon s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

3 Agenda The customer environment: Business objectives Business challenges Verizon solution: Secure Gateway Firewall The Verizon difference Summary and next steps 3

4 Section 1 The Customer Environment Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

5 Business Objectives Reduce operating expenses Increase operational efficiency Establish a flexible, scalable, and robust Internet service Implement an integrated private and public network Ensure network stability and predictability 5

6 Business Challenges Minimal technical expertise at remote locations Lack of standardized public network access Absent or minimal centralized protection against security threats 6

7 Section 2 Verizon Solution: Secure Gateway Firewall Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

8 Overcoming Challenges to Meet Objectives Challenges Minimal technical expertise at remote locations Lack of standardized network access Absent or minimal centralized protection against security threats Verizon Secure Gateway Firewall Objectives Help reduce operating expenses Increase operational efficiency Establish a flexible, scalable, and robust Internet service Implement an integrated private and public network Help ensure network stability and predictability 8

9 Secure Gateway Firewall NBFW PVC Protected Path Through Secure Gateway Trunks to UUNET Customer Network 1 Verizon Frame Relay/ ATM/Private IP NBFW Verizon IP Network Internet Secure Gateway HR Routers Customer Network 2 9 Customer Network 3

10 Secure Gateway Firewall U.S. Pricing One Component + Private Network Secure Gateway Port: NRC/MRC 64K to 3 MB standard (ICB above 3 MB) Dual Secure Gateway port/gateway provisioned (network service redundancy) for additional charge Private Network: NRC/MRC Standard rates for Private IP, Frame Relay, and ATM apply 10

11 Section 3 The Verizon Difference Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

12 Secure Gateway Firewall Overcoming Challenges to Meet Objectives Benefit Feature Challenge Addressed Objective Met Centralizes network- based firewall service Provides Verizon Frame Relay, Private IP, and ATM customers with the ability to securely access the public network (Internet) Lack of standardized network access Bring stability and predictability to the corporate network (WAN) environment Utilizes firewall located in the Verizon network Low-cost firewall option Absent or minimal centralized protection against security threats Absent or minimal centralized protection against security threats Verizon monitors, maintains, and manages the network-based firewall platform (not rule-sets) Verizon NOC provides 24x7 management, monitoring, and support for HWC and VPN Minimal technical expertise at remote locations Can help reduce expenses and ensure network stability and predictability Provides protection from many types of network threats Helps protect network from common attacks Absent or minimal centralized protection against security threats Can help ensure network stability and predictability Internet Access for Verizon Private Network customers Can help eliminate costly redundant circuits Lack of standardized network access Provides an integrated solution for private and public network connectivity, can help reduce expenses, and establish a flexible, scalable, and robust Internet service Network-based service No on-site technical resources needed Minimal technical expertise at remote locations Can help reduce expenses and increase operational efficiency 12

13 How Is Secure Gateway Firewall Different From CPE-Based Firewall Service? Cost CPE Management Reporting Intrusion detection ICMP attacks IP-spoofing attacks Fragmentation attacks UDP flooding TCP-based attacks Verizon Secure Gateway Firewall Secure Gateway port (cost determined by bandwidth) None Required Centralized No No Yes Yes Yes Yes Yes Verizon CPE-Based Firewall Requires individual firewalls at each remote location or centralized firewall Firewall at central site or local firewalls at remote sites Centralized or distributed Varies Varies Yes Yes Yes Yes Yes 13

14 Secure Gateway Firewall Case Study: Seafood Processor/Distributor Customer requirements: Network standardization Prioritize traffic for a future implementation of VoIP Obtain secure centralized Internet access to a specified subset of their end-users Eliminate circuit and service redundancy Verizon solution: Private IP network Secure Gateway Firewall 14

15 Summary: Secure Gateway Firewall Solves Business Challenges Secure access to the Internet Centralized protection against security threats Reduced network costs

16 Section 4 The Verizon Difference Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

17 Section 5 Appendix Pricing Firewall Configurations Details on Firewall Rules Details on NAT Functionality With SIG Details on DDoS Policy Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas Verizon. All Rights Reserved.

18 Secure Gateway Firewall Secure Gateway Port Pricing U.S. Secure Gateway Port Pricing (MBS II, MBS I, and Pre-MBS) Port Speed (KB) ,024 1,536 2,048 3,072 Secure Gateway port NRC MRC $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ NA NA $ $1, Note: 4680 Kbps to 15,360 Kbps Secure Gateway ports are available after obtaining an approval from Capacity Planning. Minimum one-year term required. Early termination fee applies. Please see your Verizon account manager for complete details. Pricing was effective July 2005 and subject to change without notice. Excludes taxes and surcharges. 18

19 Secure Gateway Firewall Standard Configuration NBFW PVC Trunks to UUNET Verizon Frame Relay/ ATM/Private IP NBFW Verizon IP Network Internet Customer Network Frame Relay or ATM Link HR Routers Customer s PVC to Private IP Trunks to UUNET Verizon Frame Relay/ ATM/Private IP NBFW Verizon IP Network Internet Customer Network Link to Private IP HR Routers 19

20 Secure Gateway Firewall Redundancy Configuration Verizon Frame Relay/ ATM/Private IP NBFW 1 Verizon IP Network Internet NBFW 2 Customer Network Verizon Frame Relay/ ATM/Private IP NBFW 1 Verizon IP Network Internet NBFW 2 Customer Network 20

21 Secure Gateway Firewall Redundancy Configuration (cont d) Trunks to UUNET Verizon Frame Relay/ ATM/Private IP NBFW 1 Verizon IP Network Internet NBFW 2 Customer Network Frame Relay or ATM Link HR Routers Trunks to UUNET Verizon Frame Relay/ ATM/Private IP NBFW 1 Verizon IP Network Internet Customer Network NBFW 2 HR Routers 21

22 22 Details on Basic Stateful Firewall Rules

23 23 Details on Anti-Spoofing Rules

24 24 Details on Ingress Anti-Spoofing Rules

25 Details on Network Address Translation (NAT) Services 25

26 Details on NAT/PAT Translations and Mapping Features NBFW/NAT PC translated to WWW PC PC with any x.23 SMTP Server or Public Address Assigned to Customer Previously Verizon Frame Relay/ ATM Private Addresses translated to x.23 translated to x mapped to Internet FTP SMTP Servers 26

27 27 Details on DDoS Policy

28 For More Information To speak to a Verizon Representative about whether Secure Gateway - Firewall is right for your business: Fill out a consultation form at: Or Call , press 2 28