secure gateway – firewall - verizon enterprise solutions€¦ · 3 agenda • the customer...

28
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas. © 2006 Verizon. All Rights Reserved. Secure Gateway – Firewall Secure Gateway – Firewall

Upload: truongthien

Post on 09-Apr-2018

224 views

Category:

Documents


1 download

TRANSCRIPT

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Secure Gateway – FirewallSecure Gateway – Firewall

2

The Verizon names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

PROPRIETARY STATEMENT

This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service.

This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to

any third parties without the express written permission of Verizon.

3

AgendaAgenda

• The customer environment:

– Business objectives

– Business challenges

• Verizon solution:

– Secure Gateway – Firewall

• The Verizon difference

• Summary and next steps

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Section 1Section 1

The Customer Environment

5

Business ObjectivesBusiness Objectives

• Reduce operating expenses

• Increase operational efficiency

• Establish a flexible, scalable, and robust Internet service

• Implement an integrated private and public network

• Ensure network stability and predictability

6

Business ChallengesBusiness Challenges

• Minimal technical expertise at remote locations

• Lack of standardized public network access

• Absent or minimal centralized protection against security threats

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Section 2Section 2

Verizon Solution: Secure Gateway – Firewall

8

• Minimal technical expertise at remote locations

• Lack of standardized network access

• Absent or minimal centralized protection against security threats

• Help reduce operating expenses

• Increase operational efficiency

• Establish a flexible, scalable, and robust Internet service

• Implement an integrated private and public network

• Help ensure network stability and predictability

Challenges Objectives

Verizon Secure Gateway –

Firewall

Overcoming Challenges to Meet ObjectivesOvercoming Challenges to Meet Objectives

9

InternetInternetVerizon Verizon

IP NetworkIP Network

Secure Gateway – Firewall Secure Gateway – Firewall

Customer Network 1

Customer Network 3

Trunks to UUNET

NBFW PVC

HR Routers

Protected Path Through Secure Gateway

NBFW

Secure Gateway

Customer Network 2

Verizon Frame Relay/ATM/Private IP

Verizon Frame Relay/Verizon Frame Relay/ATM/Private IPATM/Private IP

10

Secure Gateway Port: NRC/MRC

Private Network:NRC/MRC

• 64K to 3 MB standard (ICB above 3 MB)

• Dual Secure Gateway port/gateway provisioned (network service redundancy) for additional charge

Standard rates for Private IP, Frame Relay, and ATM apply

Secure Gateway – Firewall U.S. Pricing – One Component + Private Network

Secure Gateway – Firewall U.S. Pricing – One Component + Private Network

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Section 3Section 3

The Verizon Difference

12

Benefit Feature Challenge Addressed Objective Met

Provides Verizon Frame Relay, Provides Verizon Frame Relay, Private IP, and ATM customers Private IP, and ATM customers with the ability to securely with the ability to securely access the public network access the public network (Internet)(Internet)

LowLow--cost firewall optioncost firewall option

Verizon NOC provides 24x7 Verizon NOC provides 24x7 management, monitoring, and management, monitoring, and support for HWC and VPNsupport for HWC and VPN

Helps protect network from Helps protect network from common attackscommon attacks

Can help eliminate costly Can help eliminate costly redundant circuitsredundant circuits

No onNo on--site technical site technical resources neededresources needed

Secure Gateway – Firewall Overcoming Challenges to Meet Objectives

Secure Gateway – Firewall Overcoming Challenges to Meet Objectives

Centralizes networkCentralizes network--based firewall servicebased firewall service

Utilizes firewall located Utilizes firewall located in the Verizon networkin the Verizon network

Verizon monitors, Verizon monitors, maintains, and manages maintains, and manages the networkthe network--based based firewall platform (not firewall platform (not rulerule--sets)sets)

Provides protection Provides protection from many types of from many types of network threatsnetwork threats

Internet Access Internet Access for Verizon Private for Verizon Private Network customersNetwork customers

NetworkNetwork--based servicebased service

Lack of standardized network accessLack of standardized network access

Absent or minimal centralized Absent or minimal centralized protection against security threatsprotection against security threats

Minimal technical expertise Minimal technical expertise at remote locationsat remote locations

Absent or minimal centralized Absent or minimal centralized protection against security threatsprotection against security threats

Lack of standardized network accessLack of standardized network access

Minimal technical expertise Minimal technical expertise at remote locationsat remote locations

Bring stability and predictability Bring stability and predictability to the corporate network (WAN) to the corporate network (WAN) environmentenvironment

Absent or minimal centralized Absent or minimal centralized protection against security protection against security threatsthreats

Can help reduce expenses and Can help reduce expenses and ensure network stability and ensure network stability and predictabilitypredictability

Can help ensure network Can help ensure network stability and predictabilitystability and predictability

Provides an integrated solution Provides an integrated solution for private and public network for private and public network connectivity, can help reduce connectivity, can help reduce expenses, and establish a expenses, and establish a flexible, scalable, and robust flexible, scalable, and robust Internet serviceInternet service

Can help reduce expenses and Can help reduce expenses and increase operational efficiencyincrease operational efficiency

13

YesYesYesYesUDP floodingUDP flooding

YesYesYesYesFragmentation attacksFragmentation attacks

YesYesYesYesIPIP--spoofing attacksspoofing attacks

YesYesYesYesTCPTCP--based attacksbased attacks

YesYesYesYesICMP attacksICMP attacks

VariesVariesNoNoIntrusion detectionIntrusion detection

VariesVariesNoNoReportingReporting

Centralized or distributedCentralized or distributedCentralizedCentralizedManagementManagement

Firewall at central site Firewall at central site

or local firewalls at remote sitesor local firewalls at remote sitesNone RequiredNone RequiredCPECPE

Requires individual firewalls at each remote Requires individual firewalls at each remote

location or centralized firewalllocation or centralized firewallSecure Gateway portSecure Gateway port

(cost determined by bandwidth)(cost determined by bandwidth)CostCost

Verizon CPE-BasedFirewall

Verizon SecureGateway – Firewall

How Is Secure Gateway – Firewall Different From CPE-Based Firewall Service?How Is Secure Gateway – Firewall Different From CPE-Based Firewall Service?

14

Secure Gateway – Firewall Case Study: Seafood Processor/Distributor

Secure Gateway – Firewall Case Study: Seafood Processor/Distributor

• Customer requirements:

– Network standardization

– Prioritize traffic for a future implementation of VoIP

– Obtain secure centralized Internet access to a specified subset of their end-users

– Eliminate circuit and service redundancy

• Verizon solution:

– Private IP network

– Secure Gateway – Firewall

Summary: Secure Gateway – Firewall Solves Business ChallengesSummary: Secure Gateway – Firewall Solves Business Challenges

• Secure access to the Internet

• Centralized protection against security threats

• Reduced network costs

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Section 4Section 4

The Verizon Difference

Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.

© 2006 Verizon. All Rights Reserved.

Section 5Section 5

Appendix• Pricing • Details on NAT Functionality With SIG

• Firewall Configurations • Details on DDoS Policy

• Details on Firewall Rules

18

$1,300.00$1,300.00$200.00$200.003,072 3,072 NANANANA2,048 2,048

$650.00$650.00$200.00$200.001,536 1,536

$450.00$450.00$100.00$100.001,024 1,024

$420.00$420.00$100.00$100.00768 768

$360.00$360.00$100.00$100.00512 512

$310.00$310.00$100.00$100.00384 384

$250.00$250.00$100.00$100.00256 256

$170.00$170.00$100.00$100.00128 128

$150.00$150.00$100.00$100.0064 64

MRCNRC

Secure Gateway portSecure Gateway portPort Speed (KB)Port Speed (KB)

U.S. Secure Gateway Port Pricing (MBS II, MBS I, and Pre-MBS)

Note: 4680 Kbps to 15,360 Kbps Secure Gateway ports are available after obtaining an approval from Capacity Planning. Minimum one-year term required.

Early termination fee applies. Please see your Verizon account manager for complete details.

Pricing was effective July 2005 and subject to change without notice. Excludes taxes and surcharges.

Secure Gateway – Firewall Secure Gateway Port Pricing

Secure Gateway – Firewall Secure Gateway Port Pricing

19

InternetInternet

Customer Network

Secure Gateway – Firewall Standard Configuration

Secure Gateway – Firewall Standard Configuration

Frame Relay or ATM Link

NBFW PVCTrunks to

UUNET

HR Routers

NBFW

Verizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

InternetInternet

Customer Network

Trunks to UUNET

HR Routers

NBFW

Customer’sPVC to Private IP

Link to Private IP

Verizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

Verizon Verizon

IP NetworkIP Network

Verizon Verizon

IP NetworkIP Network

20

Customer Network

Customer Network

Secure Gateway – Firewall Redundancy Configuration

Secure Gateway – Firewall Redundancy Configuration

NBFW 1

NBFW 2

NBFW 2

NBFW 1

InternetInternet

InternetInternetVerizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

Verizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

Verizon Verizon

IP NetworkIP Network

Verizon Verizon

IP NetworkIP Network

21

Verizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

Verizon Frame Relay/

ATM/Private IP

Verizon Verizon Frame Relay/Frame Relay/

ATM/Private IPATM/Private IP

Customer Network

Customer Network

Secure Gateway – Firewall Redundancy Configuration (cont’d)

Secure Gateway – Firewall Redundancy Configuration (cont’d)

NBFW 2

NBFW 1

Trunks to UUNET

Frame Relay or ATM Link

NBFW 1

NBFW 2

Trunks to UUNET

HR Routers

HR Routers

Verizon Verizon

IP NetworkIP Network

Verizon Verizon

IP NetworkIP Network

InternetInternet

InternetInternet

22

Details on Basic Stateful Firewall RulesDetails on Basic Stateful Firewall Rules

23

Details on Anti-Spoofing RulesDetails on Anti-Spoofing Rules

24

Details on Ingress Anti-Spoofing RulesDetails on Ingress Anti-Spoofing Rules

25

Details on Network Address Translation (NAT) ServicesDetails on Network Address Translation (NAT) Services

26

Details on NAT/PAT Translations and Mapping FeaturesDetails on NAT/PAT Translations and Mapping Features

PC 10.10.10.1.80

PC 10.10.10.2.8080

PC with any 10.10.10.x.23

SMTP Server10.10.10.43.25

orPublic Address

Assigned to Customer Previously

PrivateAddresses

NBFW/NAT

66.200.243.146

66.200.243.146

10.10.10.1.8translated to

66.200.243.145.105

10.10.10.2.8080translated to

66.200.243.145.9189

10.10.10.x.2343.25mapped to

66.200.243.146.25

10.10.10.x.23translated to

66.200.243.145.245

InternetInternetVerizon

Frame Relay/ATM

Verizon Verizon Frame Relay/Frame Relay/

ATMATM

WWW

FTP

SMTP Servers

27

Details on DDoS PolicyDetails on DDoS Policy

28

For More InformationFor More Information

• To speak to a Verizon Representative about whether Secure Gateway -Firewall is right for your business:

– Fill out a consultation form at: http://mediumbusiness.verizon.com/products/access/secure_gateway.aspx

Or

– Call 1-800-201-1452, press 2