2. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 2
Hosted Security
• A network-based security solution.
• Fully managed, cloud Security-as-a-Service offering.
• Integrates a complete suite of security solutions.
– Helps shield your network and data applications from being
compromised or disrupted by security threats.
• Allows you to gain security protection without making capital
expenses or having to increase staff.
3. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 3
WHAT DO WE MEAN BY “IN THE CLOUD”
• Security can be classified in one of two ways:
– Cloud Based.
– Premises Based.
• The cloud refers to the Internet and the millions of servers that connect
to it.
• A cloud based solution means that you are getting an application or a
service through a server you are accessing through the Internet.
• Hosted Security is a public cloud solution, meaning that it is an open,
multi-tenant solution where customers can have service capabilities that
are not located on their premise.
• XO is able to support hundreds of customers on a common Unified
Threat Management (UTM) platform.
4. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 4
Elements
Hosted Security encompasses:
• Next-generation Network Firewall security - helps you protect your XO MPLS
VPN data network.
• Intrusion Detection and Prevention System service - safeguards your network
from targeted attacks and other known threats.
• Web and Content Filtering - prevents users from going to prohibited web sites
and sites with known malware threats.
• Secure Remote Access - for mobile workforces to connect back to your private
XO MPLS WAN.
• Secure VPN - allows connections from off-net locations.
• An online customer portal – allows your organization’s security professionals to:
– Custom design firewall and security policies.
– Implement rule changes and configuration requests quickly.
– Get online reporting.
- Open trouble tickets and view ticket status.
5. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 5
Architecture
• Provides high-availability and failover among geographically diverse
physical gateways with network redundancy to ensure business
continuity.
– Single firewall solution available for customer’s who don’t require geo-
redundancy.
• Provides aggregated Internet bandwidth, which can be shared by all
MPLS VPN locations and allows you to save on Internet access costs.
• Gives you the flexibility to add the security options you need, as you
need them, to meet ever-changing requirements of end users.
• Allows you to modify the Internet bandwidth to the MPLS network
without requiring physical changes to any location.
• Integrates XO’s MPLS VPN with Hosted Security into an end-to-end
networking and security management solution—from one service
provider on one invoice.
6. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 6
Key Benefits
• No need to add staff, deploy new hardware, or undergo extensive
development.
• Supports you 24 x 7 x 365 through a certified security partner.
• Can be implemented with minimal lead time.
• Delivers a high level of network security.
• Does not degrade network availability or uptime.
• Scalable—easily add locations or users, including off-net
locations with Internet Protocol Security (IP Sec) integration to
Internet-based locations.
• Allows you to implement security policies consistently across your
network.
• Services are sold individually, so that you can select the services
that best meet your needs.
7. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 7
Features
Feature Benefit
Network Firewall Stateful packet inspection at the edge of the MPLS cloud.
Allows/denies traffic based on IP headers and port addresses.
Policy rules can be modified on a per customer basis.
De-Militarized Zone (DMZ) Allows for firewall segmentation for customer who want to
partition Internet from private WAN traffic.
Intrusion Detection & Prevention Identifies and stops pre-determined attacks and malicious
activity before they can enter your VPN.
Web and Content Filtering Allows you to set up filtering rules to prevent users from
downloading content that may be harmful to their computers
or to the corporate network, or may be inappropriate based on
company policies.
Secure Remote Access
Option 1 – XO authenticates users
Option 2 – Customer self-authenticates users
Allows your mobile workforce to connect to your corporate VPN
through secure, encrypted, on-demand sessions.
Secure Remote Access (Off –Net Connectivity) Allows off-net locations (fixed addresses) to connect to your
corporate IP-VPN through an IPsec Tunnel.
8. Secure, Online Customer Portal
Incidence Response Tracking
• Event and incident details
• Action taken
• Date and time data
• Attack header and payload
Transaction Audit Details
Captures all security-related activities
including:
• Device log-ins
• Rules updates
• Configuration changes
• Actions taken
• Alerts issued
On-Demand Reporting
Presents data on the health and security
configuration of your network that faces
the Internet:
• Attack attempts, including attack
source and destination
• Attack severity
• Targeted systems
• Actions taken to address threats
On-Demand Support
• Submit support requests online
• View status/history of submitted
requests
9. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 9
Network Firewall
• Unified Threat Management platform is deployed in XO network points
of presence (POPs) between the MPLS VPN cloud and the Internet.
• XO provisions a dedicated unique virtual firewall (Virtual DOMain or
VDOM) on a per customer basis:
– Default policy rules allow/deny traffic based on stateful packet inspection
• You can modify policy rules through a secure online web portal.
– DeMilitarized Zone (DMZ) allows you to have an isolated segment within the
VDOM for any servers or services that are facing the Internet.
• You can have unique security policies and specific rules defined independently
from the IP-VPN for the DMZ network.
• You have the optional choice of a VDOM presence on two or three
geographically diverse physical platforms for geographic, as well as
local blade-level redundancy.
10. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 10
Intrusion Detection and Prevention
• Captures and inspects traffic, (even traffic allowed by the firewall).
• Identifies signatures (known attack patterns).
• Looks for anomalous data.
• Blocks known threat sites and traffic from invalid source IP addresses.
• Generates an alert when it finds unauthorized traffic, and takes action to:
– Block/substitute.
– Warn/permit.
– Allow/track.
• Updates signature database dynamically as threats are identified.
• Subscribes to Fortinet’s proprietary signature database.
• Supports multiple threat levels from low to high, and takes action
appropriately.
• In-house Security Analysts provide internal rules development and
customization.
– Service is proactively managed.
11. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 11
Web and Content Filtering
• Allows you to set up filtering rules and content policies to prevent users
from downloading content that may be harmful to their computers or to
the corporate network, or inappropriate based on company policies and
best use practices.
– Permits you to translate corporate web usage policies to default rule set on the
firewall.
• Filers at multiple levels:
– By content rating (can filter known URLs, or allow corporate policies to be
enforced on content that has not been seen before).
– To block a category (for example: pornography or gambling).
– By white-lists (allow) and black-lists (deny) for specific URLs.
– User security rating: automatically blocks sites known for malware with
warnings before proceeding.
– By blocking anonymizers–which enable proxies to hide a user’s real IP
address.
12. Secure Remote Access
• Gives roaming users the ability to connect to your corporate MPLS
VPN using IP Sec tunnels.
– You use a pre-installed VPN client for authorization and access.
• Gives roaming users the ability to connect to the corporate MPLS VPN
using Secure Sockets Layer (SSL) sessions.
– Users log in through a secure on-line portal, or
– Can use a proprietary Fortinet SSL VPN client, which would need to be
installed on each user’s PC.
• Users are authenticated and authorized before they can access
the corporate network.
• You have the choice of having BAE authenticate users, or self-
authenticating users.
• SRA uses Security Policy Server (SPS) to authenticate identification
and grant access for an incoming connection.
13. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 13
Off-Net Connectivity / VPN
• Allows off-net sites to connect to the MPLS VPN using IP Sec
tunnels.
– The IP Sec protocol allows authentication between a host and the
security gateway at the beginning of a session.
– Maintains an encrypted IP Sec connection between your location
and the network firewall for as long as traffic exists.
– Each IP packet in the data stream is encrypted to ensure security.
14. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 14
Conceptual Illustration
15. Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO Communications. 15
Summary
Hosted Security services use high-speed,
multi-threat security gateways,
24 x 7 monitoring and management,
and advanced technology to help you better protect
the data traffic that runs over your XO
MPLS VPN service.
Notes de l'éditeur
04/4/16 - Version 22
06/20/13 –SilverSky is XO’s technology partner, formerly known as StillSecure.