Firewall Management Services

 

 

Description

 

DII’s Security Team maintains several layers of network firewall systems. The use of firewalls is highly encouraged and DII’s Network Security team can assist State Agencies and Departments in the assessment, design or implementation of a firewall.  The Network Security Team manages and supports a  distributed-firewall design that not only protects the State’s network resources from threats on the internet but  also protects internal network segments from unauthorized access and hostile content such as malware and  viruses that have found their way into another network segment on the State’s WAN.

Including –

  1.  Internet Perimeter (WAN) –DII’s Network Security group manages the State’s Perimeter Firewall, which sits between the Internet and the State’s Wide Area Network. The Perimeter Firewall is the first line of defense protecting the State’s network and computer resources from threats on the internet. 

The Perimeter Firewall permits the following for Outbound and Inbound Internet Traffic:

  • Outbound - Allow ALL Internet traffic to hosts and services outside of the State’s Wide area Network with the exception of known security vulnerabilities (see below). This allows anyone connected to the State’s Wide Area Network to utilize all services on the Internet with the exception of known vulnerabilities and sites that may be blocked from within the WAN by a Web Content Filter.

  • Inbound  - Only specific services which support the State’s mission will be allowed to be accessed from the Internet — such as Websites, Web Portals, Enterprise E-mail, SharePoint, Public Facing Applications, etc.

  1. Internal Edge (LAN) –Network Security manages multiple Firewall Service Modules (FWSM) that are integrated into DII’s core network switches.  Each FWSM module allows for the Network Security Team to centrally manage and provide some Agencies and Departments firewall services whose networks and subnets are directly trunked through our core switches that have integrated FWSM modules.    The FWSM is utilized to separate and secure many of the State’s network segments to isolate systems, keeping communications between internal network segments in check so that internal users and systems cannot access network and data resources that are off-limits to them. By partitioning the State’s LAN interfaces with the FWSM , Agencies and Departments within the State are offered additional defenses against unauthorized access and threats originating from other network segments within the State’s WAN.
  • This service also provides an additional level of protection against internet-based threats ("defense in depth").
  • The FWSMs can protect both server and user LANs. In either case, outbound restrictions can be applied, to detect and control unexpected connections initiating from the local LAN, in addition to any inbound access permissions that are applied.

Benefits

 

 

  • Centralized Firewall Management System
  • Centralized Firewall Monitoring and Logging
  • Network Security can provide consultation regarding service options and recommend best practices security policies
  • Notifies customer of critical events

Availability

 

Available 24 x 7

Hours of Staff Operation:

Monday –Friday  7:45 a.m. to 4:30 pm

 

Maintenance Window (if applicable)

WAN maintenance window is slated each week on Thursday from 4:45pm to 8:00pm as needed.

Contact/Order Inquiries

 

Wide Area Network support  inquiries:

 

Use the Footprints Helpdesk Ticketing System:  https://ent-footprints.state.vt.us

Or

Call 802-828-6620 Option 3

 

More Information

 

Example firewall diagram:

 

Firewall Services

 

Price Model

 

This service is fully funded by the DII Allocation.