Managed Firewall Service Definition. SD007v1.1



Similar documents
Systems Support - Extended

Symantec User Authentication Service Level Agreement

Information Services Hosting Arrangements

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Customer no.: enter customer no. Contract no.: enter contract no.

Cyber Security: Simulation Platform

Zimbra Professional Services Portfolio, Purchasing Guide & Price List

SaaS Listing CA Cloud Service Management

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

CSC IT practix Recommendations

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

DisplayNote Technologies Limited Data Protection Policy July 2014

Nuance Healthcare Services Project Delivery Methodology

Software and Hardware Change Management Policy for CDes Computer Labs

Support Services. v1.19 /

service description Colocation of Equipment Infrastructure as a Service

Implementing SQL Manage Quick Guide

expertise hp services valupack consulting description security review service for Linux

System Business Continuity Classification

Oracle Cloud Enterprise Hosting and Delivery Policies

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

FINRA Regulation Filing Application Batch Submissions

Service Level Agreement

Wireless Light-Level Monitoring

GUIDANCE FOR BUSINESS ASSOCIATES

Personal Data Security Breach Management Policy

State of Wisconsin. File Server Service Service Offering Definition

Cloud Services Frequently Asked Questions FAQ

2. When logging is used, which severity level indicates that a device is unusable?

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

Schedule 2b. additional terms for Managed Video Service 1. SERVICE DESCRIPTION

System Business Continuity Classification

VCU Payment Card Policy

BME Smart-Colo. Smart-Colo is a solution optimized for colocating trading applications, built and managed by BME.

Restricted Document. Pulsant Technical Specification

BridgeValley Community and Technical College Financial Aid Office Maximum Hour Financial Aid Suspension Appeal Process

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Serv-U Distributed Architecture Guide

Description of Colocation Centre, Scope of Services

Integrating With incontact dbprovider & Screen Pops

Monthly All IFS files, all Libraries, security and configuration data

Chorus UFB Services Agreement Bitstream Services: Service Description for UFB Handover Connection

Managed Archiving Service Definition. SD005 v1.4 Issue Date 01 May 10

Customer Support & Software Enhancements Policy

Junos Pulse Instructions for Windows and Mac OS X

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3

1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.

Christchurch Polytechnic Institute of Technology Access Control Security Standard

TaskCentre v4.5 File Transfer (FTP) Tool White Paper

Using PayPal Website Payments Pro UK with ProductCart

Gateway Agent - First Amendment to the High Level Design Document

Intrado Technical Support and Maintenance Terms for 911 Enable (Enterprise) 911 Products and Services Version

Client Website Proposal, Quotation and Agreement (as dated)

BT Applications Assured Infrastructure (AAI) Application Optimisation Service (AOS) Optimising business performance

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Data Protection Act Data security breach management

The Relativity Appliance Installation Guide

WEB APPLICATION SECURITY TESTING

WEBSITE MAINTENANCE CONTRACT

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Installation Guide Marshal Reporting Console

IT Help Desk Service Level Expectations Revised: 01/09/2012

In addition to assisting with the disaster planning process, it is hoped this document will also::

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

Managed Services. Request for Proposal. February 19, Version 1.1

Credit Report Reissue Recommendation TABLE OF CONTENTS

Lumesse TalentLink pricing guide for G-Cloud 5

Mobile Deployment Guide For Apple ios

Customers FAQs for Webroot SecureAnywhere Identity Shield

Release Notes. Dell SonicWALL Security 8.0 firmware is supported on the following appliances: Dell SonicWALL Security 200

Implementing an electronic document and records management system using SharePoint 7

Symantec Security.cloud

COE: Hybrid Course Request for Proposals. The goals of the College of Education Hybrid Course Funding Program are:

Data Protection Policy & Procedure

ABELMed Platform Setup Conventions

Organisational self-migration guide an overview V1-5 April 2014

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

Optimal Payments Extension. Supporting Documentation for the Extension Package v1.1

Transcription:

Managed Firewall Service Definitin SD007v1.1

Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als called brder prtectin) based upn pre-determined criteria. N firewall can prtect against all prtcl r applicatin weaknesses and new sftware vulnerabilities are discvered all the time. All servers prtected by a firewall shuld be administered with the same level f vigilance as if the firewall were nt present. Service Outline The InTechnlgy Managed Firewall Service prvides custmers with a firewall cnfigured t their requirements t prvide cntrl f access t servers and netwrks. The Managed Firewall Service is designed fr passive defense. The Service will prvide restrictins n the surce and destinatin TCP/IP addresses and service prts that are allwed t pass thrugh the firewall. The service ffers: Market leading firewall technlgies. Single device r full failver dual device slutins are available. Site-t-site VPNs between multi firewall vendrs. Remte client VPN (fr hme wrkers) Netwrk address translatin t hide the Custmer's netwrk addresses frm the Internet. Fully cnfigurable rule base managed by InTechnlgy's trained prfessinals. Advice and guidance n effectiveness f implemented security. Includes 10 change requests per mnth; each change request can have up t 5 rulebase changes. InTechnlgy s Managed Firewall Service can wrk in cnjunctin with a custmer prvided WebSense server t prvide web cntent filtering. Firewall Optins Cisc Systems ASA devices are mst cmmnly deplyed as part f the InTechnlgy Managed Firewall Service. Cisc prduce a number f chassis t meet the needs f Custmers wishing t deply firewall devices at SOHO sites thrugh t very large crprate head ffices. These are E3 apprved enterprise firewall slutins frm the wrldwide leader in netwrking fr the Internet. Generic Firewall Cnfiguratin

InTechnlgy prvides, cnfigures and maintains all managed firewall hardware and prvides a standardised sftware installatin with bespke rules cnfigured t meet the Custmer's peratinal requirements. It is recmmended that prir t implementing any firewall slutin the Custmer undertakes a full security review. One cmpnent f this security review shuld be the creatin f a netwrk security plicy, which will frm the basis f the firewall rulebase. Default Security plicy (applied by InTechnlgy) All utbund traffic is permitted All inbund traffic is denied Installatin/Cnfiguratin Cnsultancy The Service includes a basic level f security plicy develpment frm InTechnlgy's technical specialists, the aim f which is t understand the required netwrk traffic restrictins, identify and dcument netwrk bjects and applicatins, and t agree apprpriate access cntrls. The standard cnsultancy time required fr this installatin will be under half a day. Shuld the installatin have special requirements e.g. prprietary equipment requiring access thrugh the firewall additinal cnsultancy may be required and charged accrdingly. Sftware Licenses License ptins vary with the chsen platfrm and are dependent n the number f hsts t be prtected, the number f interfaces t be enabled and the rle f the firewall in a high availability cnfiguratin. All licensing csts are included in the mnthly service charge. Virtual Private Netwrks InTechnlgy supprts IP-sec VPN cnnectins t PIX, ASA and ther firewall devices where cmpatibility exists. InTechnlgy cannt guarantee the cmpatibility f the VPN service with firewalls. Where cmpatibility des exist then the fllwing VPN cnnectins will be available t each custmer: IPSEC authenticatin based upn shared secret passwrds IPSEC encryptin using 56-bit DES (3DES may be available subject t cnditins being met). InTechnlgy manages all firewall slutins via a dedicated interface r sub-interface n the firewall. Within an InTechnlgy data-centre, the 'management' vlan cnnects directly t the firewall. Were a firewall is installed n a custmer site, it is imperative that the site is cnnected t the InTechnlgy netwrk using the LANnet Service. The LANnet cnnectin hsts the management link fr the firewall.

NAT and PAT The firewalls are cnfigured t translate addresses as part f the standard security implementatin. Depending upn the number f addresses available and the required functinality, NAT, PAT r a cmbinatin f the tw may be deplyed. It is nt always necessary t translate the addresses f traffic n VPN tunnels. Mnitring InTechnlgy will mnitr the firewall n a 24/7 basis fr availability and critical events (these include hardware failures, envirnmental alarms etc) Faulty units hsted in an InTechnlgy data centre will be replaced within 4 hurs, units n custmer sites will rdinarily be replaced the next wrking day. Custmer Respnsibilities Custmer must prvide his wn DNS server fr reslving internal addresses. Changes t the firewall will nly be actined frm pre-agreed authrised technical cntacts. It is the Custmers' respnsibility t ensure that InTechnlgy have an up-t-date list f autrised technical cntacts at all times. The Custmer is respnsible fr defining the security plicy fr their rganisatin. The custmer shuld be administered servers and ther devices with the same level f vigilance as if the firewall were nt present. Limit f Liability It shuld be recgnised that it is nt pssible t create a secure system that guarantees abslute security when that system is expsed t netwrk and physical access. Security vulnerabilities can arise thrugh many causes. A firewall cannt prtect against applicatin r web server sftware faults n an applicatin that is published t the Internet. Fr example, "Cde Red" which is an HTTP embedded wrm / virus wuld pass thrugh a firewall unimpeded unless prt 80 is blcked. InTechnlgy recmmends that the Custmer makes regular use f security scanning services and applicatins t mnitr netwrk and applicatin security. InTechnlgy must be ntified in writing f any such scans and prir agreement must be btained. InTechnlgy can nt take respnsibility fr netwrk weakness resulting frm pr rulebase implementatin instigated by the Custmer by way f a change request. InTechnlgy will ffer gd advice at the implementatin stage but it is extremely easy t weaken security by submitting an ill thught ut change request. If InTechnlgy s supprt staff believe that a rule-base change request cmprmises the security f the Custmer s netwrk, InTechnlgy may ask the Custmer t sign a disclaimer stating that they wish t g ahead regardless f the advice ffered; in extreme cases staff may refuse t implement the change.

Service Delivery InTechnlgy service delivery staff will review the prpsed rule base with the custmer and prvide feedback and recmmendatins as required. During the implementatin phase the custmer will be prvided with a Firewall Change Request frm. This frm shuld be used t submit rulebase changes requests thrughut the duratin f the cntract.

Managed Firewall Service Level Agreement This Service Level Agreement defines the terms and scpe f ur cmmitment t prvide yu with prfessinal tp-quality end-user managed security services. Three distinct areas f the Managed Firewall Service are cvered by InTechnlgy's Service Level Agreement guarantees as fllws: Service availability Respnse t request fr change InTechnlgy custmer service management centre respnse t firewall events (see the mnitring sectin f the service descriptin) InTechnlgy manage firewalls lcated either n the custmer site r in an InTechnlgy Data Centre. Service Availability In calculating firewall availability and time t restre service the fllwing circumstances are excluded: Service unavailability as a result f cntractual service suspensin. Service unavailability due t faults n the Custmer's side f the Managed Firewall Service including pwer r netwrk failure. Faults that d nt affect delivery f the Managed Firewall Service. Service unavailability due t planned maintenance r rebts as a result f plicy changes. Custmers are prvided with a cmmitted average availability as listed belw: Availability Service Cmpnent Equivalent Dwntime per mnth 99.5% Single Managed Firewall hsted at an InTechnlgy data centre 99.0% Single Managed Firewall hsted at a custmer site 100% Dual Firewall in failver mde hsted at an InTechnlgy data centre 100% Dual Firewall in failver mde hsted at a custmer site 3 hurs 39 minutes 7 hurs 18 minutes 0 minutes 0 minutes

In the dual firewall set up with failver, shuld ne f the firewalls fail, InTechnlgy will repair r replace the failed firewall as sn as pssible. The failure f ne firewall that des nt affect the verall service will nt cnstitute a service failure. Althugh the table details average dwntime per mnth, it may nt be pssible fr InTechnlgy t replace a faulty firewall n a custmer s site within this mnthly average; therefre a single managed firewall n a custmer site will be replaced next wrking day. Fr purpses f measuring availability perfrmance against SLA, availability is calculated each mnth. Service Credits are available where the service at a site fails t achieve the cmmitted average availability fr that mnth (as utlined belw). Services are unavailable at a site when a qualifying fault has ccurred and the qualifying fault is still cntinuing at the time f reprting by the Custmer r ntifying by InTechnlgy. Fr sites with failver, service is unavailable during the perid when qualifying fault exists simultaneusly n bth primary and failver devices at the site. The perid f unavailability is the time t restre (TTR) fr the qualifying fault. The TTR fr each qualifying fault is the time frm custmer ntificatin t the time when the fault is rectified and the service is restred. At all ther times the service is deemed t be available. The availability f the Service is measured ver a mnth and is defined as: Availability (%) = (Ttal Hurs in Mnth - Ttal perid f unavailability x 100% ) / ttal hurs in mnth Nte: fr the purpses f this calculatin 1 mnth = 1/12th f 365 days. Mnth perids will be measured frm the 1st day f the cmmencement date f the cntract. Respnse t Request fr Change InTechnlgy include 10 change requests per mnth where each can have up t 5 individual rule-based changes r the cnfiguratin f a VPN cnnectin. All change requests will be analysed by an InTechnlgy engineer t ensure that the change is nt likely t adversely impact the level f security prvided. The validatin and cnsequential implementatin r rejectin f change requests will be perfrmed Mnday t Friday between 8 am and 6 pm, ccurring within 24 hurs f receiving the request. Requests utside these times must be planned with prir agreement frm the InTechnlgy netwrk peratins centre, and may be subject t additinal charges. All change requests must be submitted by a valid Custmer technical cntact in accrdance with the InTechnlgy change request submissin prcedure. If an InTechnlgy security engineer cannt validate a request, the request will be put n hld and the Custmer will be cntacted within 24 business hurs. InTechnlgy will wait fr the request t be ratified by a knwn superir cntact. The Custmer is slely respnsible fr prviding accurate and current cntact infrmatin f designated cntacts. Planned Maintenance Planned Maintenance can invlve a temprary suspensin f part r all services, in rder t enable InTechnlgy t undertake vital remedial/maintenance r upgrade wrk. Cntrlled utages will always be ntified t custmers at least 7 days in advance and be

planned in such a way t have minimum impact n custmer peratins. Cntrlled utages will nt be classified as qualifying faults. InTechnlgy reserves the right t carry ut emergency planned wrks t maintain the integrity f the netwrk and prevent the ccurrence f a mre prlnged failure. This may result in a shrter ntificatin perid. Definitin f Out f SLA The Service will be deemed t be utside f the SLA if any f the Service cmpnents defined in this SLA are less than the stated availability. Availability is expressed as a percentage and defined in this SLA dcument. Service Credits The Service credits set ut in this Service Level Agreement are the nly remedy available t the Custmer fr a breach f the perfrmance levels, except where the Custmer is entitled t terminate the Agreement inline with the agreed terms and cnditins. InTechnlgy shall pay t the Custmer by way f service credits, a sum equal t ne hur's Service Charge (exclusive f VAT) fr each full-cmpleted hur in excess f the SLA based n the fllwing calculatin. Hurs in Excess f SLA x (Mnthly Firewall Charge / 720) = Service Credit

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information