enterprise cloud security option · enterprise cloud security option ... waf
TRANSCRIPT
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
1
Enterprise Cloud
Security option Service Description
Ver.1.5 February 15th, 2016
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
2
Version History
Issue Date Notes
1.0 April 1st, 2014 Released
1.1 August 12th, 2014 - Added packaged menus including new packaged
menus.
- Added Frankfurt DC to available DC list.
- Added Japan local feature to IPS/IDS.
- Added restrictions or notes to each menu.
- Changed English expressions.
1.2 February 17th,
2015
- Changed availability of Frankfurt2 Data Center.
- Changed availability of each DC for packaged menus
of contents security.
- Added a restriction item to URL Filtering.
1.3 June 25th, 2015 - Changed availability of Saitama No.1 Data Center.
- Added restrictions to some menus.
- Changed Japan local feature of IPS/IDS to global
standard.
- Changed English expressions.
1.4 September 30th,
2015
- Added new service (UTM)
1.5 February 15th,
2016
- Added new service (Web Security (WAF)).
- Changed availability or each DC for UTM.
- Changed English expressions.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
3
Table of Contents
Version History .......................................................................................... 2
Table of Contents ....................................................................................... 3
1 EC Security option Service Description ..................................................... 7
1.1 Purpose ................................................................................................. 7
1.2 Definitions and Terminology ......................................................................... 7
1.3 Contractual Considerations .......................................................................... 7
1.4 Service Name and Product Owner ................................................................. 7
2 EC Security option Service Details ........................................................... 8
2.1 Overview ................................................................................................ 8
Network Diagram ................................................................................... 9 2.1.1
Network Security, Contents Security, Profiling .......................................... 9 2.1.1.1
Integrated Security Appliance ............................................................ 10 2.1.1.2
VM Security ................................................................................. 10 2.1.1.3
RTMD ........................................................................................ 11 2.1.1.4
Service Availability ............................................................................... 11 2.1.2
2.2 IPS/IDS ............................................................................................... 12
Overview ........................................................................................... 12 2.2.1
Features ........................................................................................... 13 2.2.2
IPS Mode Simulation ...................................................................................... 13
Analysis Capacity .......................................................................................... 13
Restrictions ........................................................................................ 13 2.2.3
Restrictions relating to IP addresses .................................................................... 13
Restrictions relating to network configuration .......................................................... 13
Other restrictions ........................................................................................... 14
2.3 Email Anti-Virus ..................................................................................... 14
Overview ........................................................................................... 14 2.3.1
Features ........................................................................................... 14 2.3.2
Analysis Capacity .......................................................................................... 15
Restrictions ........................................................................................ 15 2.3.3
Restrictions relating to IP addresses .................................................................... 15
Restrictions relating to network configuration .......................................................... 15
Other restrictions ........................................................................................... 15
2.4 Web Anti-Virus ....................................................................................... 16
Overview ........................................................................................... 16 2.4.1
Features ........................................................................................... 16 2.4.2
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
4
Analysis Capacity .......................................................................................... 17
Restrictions ........................................................................................ 17 2.4.3
Restrictions relating to IP addresses .................................................................... 17
Restrictions relating to network configuration .......................................................... 17
Other restrictions ........................................................................................... 17
2.5 URL Filtering ......................................................................................... 18
Overview ........................................................................................... 18 2.5.1
Features ........................................................................................... 18 2.5.2
Analysis Capacity .......................................................................................... 19
Restrictions ........................................................................................ 19 2.5.3
Restrictions relating to IP addresses .................................................................... 19
Restrictions relating to network configuration .......................................................... 19
Other restrictions ........................................................................................... 19
2.6 Application Filtering ................................................................................. 20
Overview ........................................................................................... 20 2.6.1
Features ........................................................................................... 21 2.6.2
Analysis Capacity .......................................................................................... 21
Restrictions ........................................................................................ 21 2.6.3
Restrictions relating to IP addresses .................................................................... 21
Restrictions relating to network configuration .......................................................... 21
Other restrictions ........................................................................................... 21
2.7 WAF (Web Application Firewall) .................................................................. 22
Overview ........................................................................................... 22 2.7.1
Features ........................................................................................... 22 2.7.2
Restrictions ........................................................................................ 22 2.7.3
2.8 UTM ................................................................................................... 22
Overview ........................................................................................... 22 2.8.1
Features ........................................................................................... 23 2.8.2
Analysis Capacity .......................................................................................... 23
IPS/IDS ...................................................................................... 23 2.8.2.1
Anti Virus .................................................................................... 23 2.8.2.2
Web Filter ................................................................................... 24 2.8.2.3
Spam Filter .................................................................................. 25 2.8.2.4
Restrictions ........................................................................................ 26 2.8.3
Restrictions in non-Japanese Data Centers ........................................................... 26
Restrictions relating to IP addresses .................................................................... 26
Restrictions relating to network configuration .......................................................... 26
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
5
Restrictions relating to Web Filter ....................................................................... 26
Restrictions relating to Spam Filter ...................................................................... 26
Other restrictions ........................................................................................... 26
2.9 Web Security (WAF) ................................................................................ 28
Overview ........................................................................................... 28 2.9.1
Features ........................................................................................... 28 2.9.2
Analysis Capacity .......................................................................................... 28
WAF .......................................................................................... 28 2.9.2.1
IP reputation ................................................................................ 29 2.9.2.2
Restrictions ........................................................................................ 29 2.9.3
Restrictions in non-Japanese Data Centers ........................................................... 29
Restrictions relating to IP addresses .................................................................... 29
Restrictions relating to network configuration .......................................................... 30
Other restrictions ........................................................................................... 30
2.10 VM Anti-Virus ........................................................................................ 31
Overview ........................................................................................... 31 2.10.1
Features ........................................................................................... 31 2.10.2
Real-Time Scan ............................................................................ 31 2.10.2.1
Scheduled Scan ............................................................................ 32 2.10.2.2
Actions ....................................................................................... 32 2.10.2.3
Scan Exception ............................................................................. 33 2.10.2.4
Automatic Security Update ............................................................... 33 2.10.2.5
Restrictions ........................................................................................ 33 2.10.3
Restrictions relating to OS and resources .............................................................. 33
Restrictions relating to agent installation ............................................................... 34
Restrictions relating to network configuration .......................................................... 34
Other restrictions ........................................................................................... 34
2.11 VM Virtual Patch ..................................................................................... 35
Overview ........................................................................................... 35 2.11.1
Features ........................................................................................... 35 2.11.2
VM Virtual Patch ........................................................................... 35 2.11.2.1
Recommended Scan ...................................................................... 36 2.11.2.2
Restrictions ........................................................................................ 36 2.11.3
Restrictions relating to OS and resources .............................................................. 36
Restrictions relating to agent installation ............................................................... 37
Restrictions relating to network configuration .......................................................... 37
Other restrictions ........................................................................................... 37
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
6
2.12 VM Firewall ........................................................................................... 38
Overview ........................................................................................... 38 2.12.1
Features ........................................................................................... 38 2.12.2
Restrictions ........................................................................................ 39 2.12.3
Restrictions relating to OS and resources .............................................................. 39
Restrictions relating to agent installation ............................................................... 39
Restrictions relating to network configuration .......................................................... 39
Other restrictions ........................................................................................... 40
2.13 Application Profiling ................................................................................. 40
Overview ........................................................................................... 40 2.13.1
Features ........................................................................................... 41 2.13.2
Analysis Capacity .......................................................................................... 41
Restrictions ........................................................................................ 41 2.13.3
Restrictions relating to IP addresses .................................................................... 41
Restrictions relating to network configuration .......................................................... 41
Other restrictions ........................................................................................... 41
2.14 Network Profiling .................................................................................... 42
Overview ........................................................................................... 42 2.14.1
Features ........................................................................................... 42 2.14.2
Analysis Capacity .......................................................................................... 43
Restrictions ........................................................................................ 43 2.14.3
2.15 RTMD Web ........................................................................................... 44
Overview ........................................................................................... 44 2.15.1
Features & Restrictions ......................................................................... 44 2.15.2
2.16 RTMD E-mail ......................................................................................... 44
Overview ........................................................................................... 44 2.16.1
Features & Restrictions ......................................................................... 44 2.16.2
3 Operation and Maintenance ...................................................................45
3.1 Operation Service ................................................................................... 45
Operation .......................................................................................... 45 3.1.1
3.2 Maintenance ......................................................................................... 45
4 Security Web Portal ..............................................................................46
5 Billing ...............................................................................................47
6 SLA ..................................................................................................48
7 Disclaimer ..........................................................................................49
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
7
1 EC Security option Service Description
1.1 Purpose
The purpose of this document is to provide a detailed description of Enterprise Cloud
Security options offered by NTT Com Group. It provides information about service
features, technology options and technical specifications. This document forms a part
of Enterprise Cloud Service Description.
Please note that all features of EC Security options are subject to change.
1.2 Definitions and Terminology
Term Definition
EC Enterprise Cloud
vFW vFirewall
INA Integrated Network Appliance
IPS Intrusion Prevention (Protection) System
IDS Intrusion Detection System
Target server
segment
A server segment in which the VM targeted for protection exists
UTM Unified Threat Management
Signature An algorithm or hash (a number derived from a string of text)
that uniquely identifies a specific virus and so on.
RTMD Real-time Malware Detection
NCS NTT Com Security
GROC Global Risk Operation Center
1.3 Contractual Considerations
This document replaces all former Service Descriptions for this service.
1.4 Service Name and Product Owner
Service Name: Enterprise Cloud (ECL) Security option
Global Product Owner: NTT Communications Cloud Services
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
8
2 EC Security option Service Details
2.1 Overview
EC Security is an optional service for Enterprise Cloud customers. This service has 5
Categories with 13 single menus and 4 packaged menus.
Menu Note
Compute Please refer to Enterprise Cloud SD for
Service offering of EC itself.
-
: -
: -
: -
Security Network
Security
IPS/IDS -
Contents
Security
Email-Anti-Virus -
Web-Anti-Virus -
URL Filtering -
Application Filtering -
Unauthorized
Access Prevention
Packaged menu.
Consists of “IPS/IDS” and “Web-
Anti-Virus”. Features comply
with those of the original
menus.
Web Browsing
Security
Packaged menu.
Consists of “Web-Anti-Virus” and
“URL Filtering”. Features comply
with those of the original
menus.
Internet Gateway
Security
Packaged menu.
Consists of “IPS/IDS”, “Web-Anti-Virus” and “URL Filtering”. Features comply with those of
the original menus.
WAF -
Integrated
Security
Appliance
UTM Compact -
Large -
Web
Security
(WAF)
Entry -
Compact -
Large -
VM Security VM Anti-Virus -
VM Virtual-Patch -
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
9
VM Firewall -
VM Security
Advanced Package
Packaged menu.
Consists of “VM Anti-virus”, “VM-Virtual Patch” and “VM Firewall”. Features comply with those of
the original menus.
Profiling Application Profiling -
Network Profiling -
Real-time
Malware
Detection
(RTMD)
RTMD Web -
RTMD email -
Network Diagram 2.1.1
Network Security, Contents Security, Profiling 2.1.1.1
Network Security, Contents Security, and Profiling are connected to Enterprise Cloud
segments using two (2) Service Interconnection Gateways (SIGs). To adopt EC
Security to the customer’s network; customer traffic between Virtual Machine (VM)
and Virtual Firewall (vFW)/Integrated Network Appliance (INA) is bypassed at the
SIGs and the traffic goes through dedicated security appliance hardware.
Note: A SIG supports only 1 server segment, and 1 service supports only 2 SIGs
(one for the server segment connected to the vFW/INA, one for the target
server segment). Therefore, 1 service protects only 1 target server segment.
So, if you want to protect multiple server segments, you need to contract the
same number of services.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
10
Integrated Security Appliance 2.1.1.2
SIGs are not required for UTM and Web Security (WAF). Customer traffic between
Virtual Machine (VM) and Virtual Firewall (vFW)/Integrated Network Appliance (INA)
goes through dedicated security appliance software.
VM Security 2.1.1.3
You need to install agents to their VMs for VM Security.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
11
RTMD 2.1.1.4
Because network configuration of RTMD services can differ with each customer, this
needs to be discussed prior to the provisioning process.
Service Availability 2.1.2
The table below shows the availability of DCs for each security service.
Menu
Japan North
America Europe
JP US UK DE
Yokohama No.1
Data
Center
Kansai1 Data
Center
Saitama No.1
Data
Center
San Jose Lundy
Data
Center
Virginia Sterling
Data
Center
Hemel Hempstead
2
Data
Center
Frankfurt2 Data
Center
IPS/IDS Yes Yes Yes Yes Yes Yes Yes
Email Anti-Virus Yes Yes Yes Yes Yes Yes Yes
Web Anti-Virus Yes Yes Yes Yes Yes Yes Yes
URL Filtering Yes Yes Yes Yes Yes Yes Yes
Application Filtering Yes Yes Yes Yes Yes Yes Yes
Unauthorized Access Prevention
Yes Yes Yes Yes Yes Yes Yes
Web Browsing Security Yes Yes Yes Yes Yes Yes Yes
Internet Gateway Security
Yes Yes Yes Yes Yes Yes Yes
WAF Yes *1 Yes *1 Yes *1 Yes *1 Yes *1 Yes *1 Yes *1
UTM Yes Yes Yes Yes *2 Yes *2 Yes Yes
Web Security (WAF) Yes Yes Yes Yes *2 Yes *2 Yes Yes
VM Anti-Virus Yes Yes Yes Yes Yes Yes Yes
VM Virtual Patch Yes Yes Yes Yes Yes Yes Yes
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
12
VM Firewall Yes Yes Yes Yes Yes Yes Yes
VM Security Advanced Package
Yes Yes Yes Yes Yes Yes Yes
Application Profiling Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
Network Profiling Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
RTMD Web Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
RTMD email Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
Menu
Europe APAC
FR ES SIN HK MY TH AU
France
Paris 2
Data Center
Spain
Madrid 2
Data Center
Serangoon
Data
Center
Tai Po
Data
Center
Cyberjaya
3
Data
Center
Bangna
Data
Center
Sydney1
Data
Center
IPS/IDS No No Yes Yes Yes Yes Yes
Email Anti-Virus No No Yes Yes Yes Yes Yes
Web Anti-Virus No No Yes Yes Yes Yes Yes
URL Filtering No No Yes Yes Yes Yes Yes
Application Filtering No No Yes Yes Yes Yes Yes
Unauthorized Access Prevention
No No Yes Yes Yes Yes Yes
Web Browsing Security No No Yes Yes Yes Yes Yes
Internet Gateway Security
No No Yes Yes Yes Yes Yes
WAF No No Yes *1 Yes *1 Yes *1 Yes *1 Yes *1
UTM Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
Web Security (WAF) Yes *2 Yes *2 Yes *2 Yes *2 No No No
VM Anti-Virus No No Yes Yes Yes Yes Yes
VM Virtual Patch No No Yes Yes Yes Yes Yes
VM Firewall No No Yes Yes Yes Yes Yes
VM Security Advanced Package
No No Yes Yes Yes Yes Yes
Application Profiling No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
Network Profiling No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
RTMD Web No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
RTMD email No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2
*1 Device individually procured. Please inquire about service specification and delivery time.
*2 Device procurement and/or network design, etc. are individually required. Please inquire about service specification and delivery time.
Note: Even though the service is available, it may take time to deliver the service depending on DC. Please inquire about delivery time.
2.2 IPS/IDS
Overview 2.2.1
IPS/IDS is a service that detects or/and blocks unauthorized access and cyber-attacks.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
13
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.2.2
The following features are available for IPS/IDS.
Feature Overview
IPS/IDS A feature that detects or/and blocks unauthorized access and
cyber-attacks on the VM.
You can select one of the following modes.
Mode Overview
IPS Unauthorized access and cyber-attacks are detected. When they
are detected, traffic is blocked.
IDS Unauthorized access and cyber-attacks are detected. However,
traffic is not blocked even though unauthorized access and cyber-
attacks are detected.
IPS Mode Simulation
Simulation is a process for improving the accuracy of IPS mode for detecting and
blocking unauthorized access and attack traffic. You can choose whether to implement
a simulation at the time of application for IPS/IDS. You need to check whether or not
the detected communication is normal via Security Web Portal after the simulation.
The IPS/IDS setting will be adjusted based on the check result.
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services are used) by applying additional services. When you need the
additional service, please contact us in advance.
Restrictions 2.2.3
Restrictions relating to IP addresses
In order to connect the SIGs with IPS/IDS, you must have two IP address blocks
available. If the IP address block is already being used, NTT Com Group might ask
you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
14
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
Encrypted communications are not targeted for detection and blocking.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
IPS/IDS does not guarantee that the IPS/IDS feature has integrity or accuracy, or
is suitable for your use. Furthermore, the suitability of the unauthorized/attack
traffic detection algorithms provided by the developers or distributors of the
devices making up the IPS/IDS feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the IPS/IDS feature.
- Configuration information obtained from providing IPS/IDS
- Information concerning controls etc. for IPS/IDS
NTT Com group cannot guarantee recovery from failures that might occur due to
incompatibility between IPS/IDS and your environment, or failures that occur due
to your operations other than those specified by NTT Com group.
2.3 Email Anti-Virus
Overview 2.3.1
Email Anti-Virus is a service that detects and/or blocks viruses that invade via E-mail
(SMTP communication).
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.3.2
The following features are available for Email-Anti-Virus.
Feature Overview
Virus Scan A feature that monitors E-mail (SMTP communication), and
executes specified action when viruses are detected.
The target protocol of this service is SMTP.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
15
You can select one of the following actions.
Items Overview
Allow Allows communications without logging.
Alert Monitors email (SMTP), and detects viruses.
However, traffic is not blocked even though viruses are
detected. Logs detection status.
Block Monitors email (SMTP), and detects viruses.
Note that communication is blocked when viruses are detected,
and the SMTP Reply Code: 541 is returned to the sender. Logs
blocking status.
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: you can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.3.3
Restrictions relating to IP addresses
In order to connect the SIGs with Email-Anti-Virus, you must have two IP address
blocks available. If the IP address block is already being used, NTT Com Group
might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
The following files are not targeted for Virus Scan.
- Encrypted files
- Password-protected files
- Files compressed by compression algorism other than zip/gzip
- Files compressed three (3) times or more
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
16
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
Email-Anti-Virus does not guarantee that the Email-Anti-Virus feature has integrity
or accuracy, or is suitable for your use. Furthermore, the suitability of the virus
identification algorithms provided by the developers or distributors of the devices
making up the Email-Anti-Virus feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the Email-Anti-Virus feature.
- Configuration information obtained from providing Email-Anti-Virus
- Information concerning inspections etc., for Email-Anti-Virus
We cannot guarantee recovery from failures that might occur due to incompatibility
between Email-Anti-Virus and your environment, or failures that occur due to your
operations other than those specified by NTT Com group.
2.4 Web Anti-Virus
Overview 2.4.1
Web Anti-Virus is a service that detects or/and blocks viruses that invade via Web
access (HTTP communication) and FTP communication.
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.4.2
The following features are available for Web Anti-Virus.
Feature Overview
Virus Scan A feature that monitors Web access (HTTP communication) and
FTP communication, and executes specified actions when viruses
are detected.
The target protocols of this service are HTTP and FTP.
You can select one of the following actions per protocol.
Items Overview
Allow Allows communication without logging.
Alert Monitors Web access (HTTP communication) and FTP
communication and detects viruses without blocking. Logs
detection status.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
17
Block Monitors Web access (HTTP communication) and FTP
communication, detects and blocks viruses. Displays blocked
screen to the user. Logs blocking status.
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.4.3
Restrictions relating to IP addresses
In order to connect the SIGs with Web Anti-Virus, you must have two IP address
blocks available. If the IP address block is already being used, NTT Com Group
might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
The following communications are not targeted for Virus Scan.
- Encrypted communication (e.g. HTTPS, SFTP)
- Password-protected files
- Files compressed by compression algorism other than zip/gzip
- Files compressed three (3) times or more
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
18
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
Web Anti-Virus does not guarantee that the Web Anti-Virus feature has integrity or
accuracy, or is suitable for your use. Furthermore, the suitability of the virus
identification algorithms provided by the developers or distributors of the devices
making up the Web Anti-Virus feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the Web Anti-Virus feature.
- Configuration information obtained from providing Web Anti-Virus
- Information concerning detection etc., for Web Anti-Virus
We cannot guarantee recovery from failures that might occur due to incompatibility
between Web Anti-Virus and your environment, or failures that occur due to your
operations other than those specified by NTT Com group.
2.5 URL Filtering
Overview 2.5.1
URL Filtering is a service that controls website access according to the customer’s
policies.
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.5.2
The following features are available for URL Filtering.
Feature Overview
URL Filtering A feature that controls website access per website category
by executing actions according to customer’s policies. URL
Filtering filters communication from client (VPN) to the target
server segment.
The target protocols of this service are HTTP and HTTPS.
HTTPS communication is determined based on the URL in the Common Name of the
server certificate.
You can select one of the following actions, per web site category.
Items Overview
Allow Allows website access without logging.
Alert Allows website access and logs URL of access-restricted website.
Continue If users access websites that are registered in those categories, a
warning screen indicating that they have accessed a restricted
website is displayed.
If users click the "Continue" button on the displayed warning
screen, they can access the website in question. Logs URL of
access-restricted website.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
19
Block If users access websites that are registered in those categories, a
screen indicating that they have accessed a restricted website is
displayed and the website is blocked. The user cannot access the
relevant website.
Logs URL of access-restricted website.
You can add allowed URLs and blocked URLs as required
Items Overview
Allowed URL
(White List)
From the group of websites that are registered to categories that
are set as “Continue” or “Block”, you can specify URLs as
exception and allow access.
A maximum of 100 URLs can be registered as an allowed URL.
Blocked URL
(Black List)
From the group of websites that are registered to categories that
are set as “Allow” or “Alert”, you can specify URLs as exception
and block access.
A maximum of 100 URLs can be registered as a blocked URL.
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.5.3
Restrictions relating to IP addresses
In order to connect the SIGs with URL Filtering, you must have two IP address
blocks available. If the IP address block is already being used, NTT Com Group
might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
When the URL in Common Name of the server certificate matches the URL
categorized as Block/Continue, the blocking/warning screen is not displayed (it is
displayed as a browser error).
When you select “Continue” as an action for a web site categories,
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
20
- When you use a proxy server, the “Continue” action is applied only to the
communication from the client (VPN) to the proxy server. It is not applied to the
communication from the proxy server to the Internet from security standpoint.
- Please add the IP address blocks of the target server segment to the proxy
exception setting of a client browser. Otherwise, a warning screen will not be
displayed.
- Please set vFW/INA so that the communication addressed to port 6080 of the
proxy server passes through it.
- You cannot use port 6080 for service communication which goes through URL
Filtering, because port 6080 is used to display a warning screen.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
URL Filtering does not guarantee that the URL filtering feature has integrity or
accuracy, or is suitable for your use. Furthermore, the suitability of the URL
identification algorithms provided by the developers or distributors of the devices
making up the URL Filtering feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the URL Filtering feature.
- Configuration information obtained from providing URL filtering
- Information concerning controls etc., for URL filtering
We cannot guarantee recovery from failures that might occur due to incompatibility
between URL Filtering and your environment, or failures that occur due to your
operations other than those specified by NTT Com group.
2.6 Application Filtering
Overview 2.6.1
Application Filtering is a service that blocks communication from applications that are
not necessary for work, according to the customer’s policies
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
21
Features 2.6.2
The following features are available for Application Filtering.
Feature Overview
Application
Filtering
A feature that categorizes applications and blocks
communication from specified applications.
You can specify applications to be blocked from among the applications that can be
controlled by Application Filtering. Please check the following website for controllable
applications list.
http://apps.paloaltonetworks.com/applipedia/
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.6.3
Restrictions relating to IP addresses
In order to connect the SIGs with Application Filtering, you must have two IP
address blocks available. If the IP address block is already being used, NTT Com
Group might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
22
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
Application Filtering does not guarantee that the Application Filtering feature has
integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the
application identification algorithms provided by the developers or distributors of
the devices making up the Application Filtering feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the Application Filtering feature.
- Configuration information obtained from providing application filtering
- Information concerning controls etc., for Application Filtering
We cannot guarantee recovery from failures that might occur due to incompatibility
between Application Filtering and your environment, or failures that occur due to
your operations other than those specified by NTT Com group.
2.7 WAF (Web Application Firewall)
Overview 2.7.1
WAF is a service which is a service that protects web applications against cyber-
attacks.
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.7.2
The following features are available for WAF.
Feature Overview
WAF A feature that detects cyber-attacks on web applications and
blocks them to ensure application availability
Configuration of WAF services can differ with each customer and needs to be
discussed prior to the provisioning process.
Restrictions 2.7.3
Restrictions of WAF services differ from each customer’s circumstance and need to be
discussed prior to provisioning.
2.8 UTM
Overview 2.8.1
UTM (Unified Threat Management) is an integrated security solution to perform a
variety of security functions, such as detecting and preventing unauthorized access to
the virtual machine in Enterprise Cloud (EC), Anti Virus securities, URL-based Web
filtering, and spam mail filtering.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
23
Features 2.8.2
UTM offers the following features.
Feature Overview
IPS/IDS A function that detects and/or prevents illegal
communication.
Anti Virus A function that detects and/or prevents viruses from HTTP,
FTP, SMTP, POP3, and IMAP communications.
Web Filter A URL filtering function for HTTP communications.
Spam Filter A function to determine whether or not the receiving email
message is spam in POP3 and IMAP communications.
Analysis Capacity
Plan Traffic Processing
Capacity
Plan
Compact Max 200 Mbps The total value of uplink and downlink.
The values are best-effort. Large Max 400 Mbps
IPS/IDS 2.8.2.1
IPS/IDS is a feature that inspects communications based on the signature and stops
the communications deemed as harmful.
The following is the communications that will be inspected. Encrypted communications
are not targeted for detection and blocking.
Items Overview
Direction The direction specified by the customer
Protocol TCP/IP
You can specify the following items in IPS/IDS.
Items Overview
IPS/IDS functions Set up whether or not to use the IPS/IDS functions
Direction of inspected
communication
Specify the direction of the inspected communication
Actions when
detecting fraudulent
communications
Select from IPS mode and IDS mode
- IPS mode: Block
- IDS mode: Detection only (no blocking)
For IPS mode, not all communications will necessarily be blocked, detection only
communications are included as well.
Anti Virus 2.8.2.2
Anti Virus is a feature that inspects communications based on the pattern file and
prevents communications that are detected as viruses.
The following are the communications and files that will be inspected.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
24
Items Content
Communications Direction The direction specified by the customer
Protocol The protocols specified by the customer from
HTTP, FTP, SMTP, POP3, and IMAP
Port Number The port number specified by the customer
File File Size Files that are 3MB and under
Compressed
files
Number of
times
Inspects only files that have been
compressed 12 times or less
Format arj, cab, gzip, lha, lzh, msc, rar, tar, zip
File size Inspects only files with extracted file size of
3MB or less
Files other than the above (such as encrypted files and files with passwords) are not
inspected. Files that are not subject to inspection will pass through.
You can specify the following items in Anti Virus.
Items Content
Anti Virus function Set up whether or not to use the Anti Virus
function
Communications
Direction Specify the direction of the inspected
communication
Protocol Select the protocols from HTTP, FTP, SMTP,
POP3, and IMAP
Port number Specify the port number of each protocol
Actions when detecting viruses Select from “AntiVirus_Block” and
“AntiVirus_Monitor”
- AntiVirus_Block: Blocks the
communication when viruses are
detected
- AntiVirus_Monitor: Detects viruses
only (but does not block)
The inspection port number will be a shared setting for Anti Virus, Web Filter, and
SPAM Filter functions. It will be subject to inspection if the inspected protocol for each
function is the same.
Web Filter 2.8.2.3
Web Filter is a feature that controls communications by inspecting the destination of
the Web communications.
The following are the communications that will be inspected.
Items Overview
Direction Communications from vFW/INA via UTM to the virtual
machine
Protocol HTTP
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
25
Port Number The port number specified by the customer
You can specify the following items in Web Filter.
Items Content
Web Filter Function Specify or not whether to use the Web Filter function
Port Number of the
Inspected
Communications
Specify the port number
Blocked Categories Select the website category to be blocked.
Block: Blocks the access and has log output
White List and Black
List
Set up the white list and black list. The number of
settings is up to 100 URLs for each.
The inspection port number will be a shared setting for Anti Virus, Web Filter, and
SPAM Filter functions. It will be subject to inspection if the inspected protocol for each
function is the same.
Spam Filter 2.8.2.4
Spam Filter is a feature that determines spam mail by inspecting the email
communications.
The following are the communications that will be inspected.
Items Overview
Direction Direction specified by the customer
Protocol POP3 and IMAP
Port Number Port number specified by the customer
You can specify the following items in Spam Filter.
Items Content
Spam Filter function Set up whether or not to use the Spam Filter
function
Communications Direction Specify the direction of the inspected
communications
Port
Number
Specify the port number for each protocol
White List and Black List Set up the white list and black list. The number of
settings is up to 100 URLs for each
The inspection port number will be a shared setting for Anti Virus, Web Filter, and
SPAM Filter functions. It will be subject to inspection if the inspected protocol for each
function is the same.
When the message is determined as spam, ‘Spam’ will be added in the email subject.
The customer, who receives an email message with the subject title ‘Spam’, will need
to deal with the message as nothing will be done by Spam Filter after the message is
determined as spam.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
26
Restrictions 2.8.3
Restrictions in non-Japanese Data Centers
One global IP address per one UTM service is necessarily assigned to monitoring
use for UTM server. When you order 2 UTM services, two global IP address is
assigned by NTT operator. Therefore please make sure that you prepare the
required quantity of global IP addresses when ordering.
Do not change NAT rules for UTM service configured to vFW/INA by NTT Com
Group.
Restrictions relating to IP addresses
IP address set as Default gateway in Server Segment setting cannot be assigned
on UTM interface.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Do not change default gateway setting of UTM via Security Web Portal. It can be
changed by service order form for changing.
Restrictions relating to Web Filter
It is necessary to construct a proxy server on the EC service when applying the
Web Filter to the communications connected to the internet from VPN of the EC
service.
To display the block screen and the like, service communication using TCP 8008,
8010, and 8020 ports cannot be used for communications that go through the Web
Filter.
For HTTP communications, the block screen will not be displayed if the domain
stated in the Common Name in the server certificate on the accessed site is a
domain belonging to the blocked category. (It will be displayed as a browser error.)
Restrictions relating to Spam Filter
For IMAP, there are times when ‘Spam’ cannot be added in the email subject title.
This is not caused by UTM specification but a restriction by IMAP action. For IMAP,
an email subject title is downloaded on the client first and a message body is
downloaded next. So when it is determined as spam due to an URL in the message
body, ‘Spam’ cannot be added in the email subject title. With IMAP, it is possible to
add ‘Spam’ on the email subject title when the email address is determined to be
spam.
Other restrictions
It is absolutely necessary to have a contract for either vFirewall or Integrated
Network Appliance.
You cannot switch plan from Compact to Large or the other way after the service
begin.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
27
The appliance that runs this service operates on a single structure. The platform is
a dual configuration where it will switch in five to ten minutes after rebooting on
the backup platform during failures.
This service needs a dedicated compute resource pool. (The pool will be designed
when applying for UTM.) This service cannot be configured on an existing compute
resource pool.
Customers cannot configure a virtual machine on the compute resource pool
operating this service.
The dedicated compute resource pool for this service cannot be extended or
reduced.
Changes in resource allocations for the virtual machine that operates this service
cannot be done from the customer portal. (Only we can change it as it is virtual
machine controlled by us.)
It will switch to a conserve (Protect) mode when the usage rate of the UTM
memory exceeds 80 percent. It will pass without inspecting new sessions when it is
in conserve mode (for Anti Virus, Web Filter, and Spam Filter functions). Also
conserve mode will automatically be released when the memory usage rate is 80
percent and under.
The virtual machine operating the UTM cannot use private catalogues, backup and
VM security services.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(examples)
- When the IP header is cut off in the middle
- When the port number is 0 (zero)
- When the TCP flag combination is abnormal and others
- Illegal packets due to encapsulation and others
UTM does not guarantee that the UTM feature has integrity or accuracy, or is
suitable for your use. Furthermore, the suitability of the algorithms that detect
unauthorized/cyber-attack communications provided by the developers or
distributors of the devices making up the UTM feature is not guaranteed.
The following information might be provided to the developers or the distributors of
the devices making up UTM features.
- Configuration information obtained through providing UTM
- Information on UTM control
We cannot guarantee recovery from failures that might occur due to incompatibility
between UTM and your environment, or failures that occur due to your operations
other than those specified by NTT Com Group.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
28
2.9 Web Security (WAF)
Overview 2.9.1
Web Security (WAF) is the service that detects and protects security threats including
unauthorized access and attack traffic on the Web application server in the virtual
server on Enterprise Cloud.
Features 2.9.2
UTM offers the following features.
Feature Overview
WAF A function that inspects Web communication specified by
customer and detects/protects unauthorized access and
attack traffic.
IP reputation A function that blocks attacks from the source identified as
threat.
Analysis Capacity
Plan Traffic Processing
Capacity
Plan
Entry Max 50 Mbps
Compact Max 200 Mbps The total value of uplink and downlink.
The values are best-effort. Large Max 400 Mbps
WAF 2.9.2.1
Communications to be inspected are as follows
Item Details
Protocol HTTP/HTTPS
Detailed functions are as follows.
Function Details
WAF This function inspects Web communications based on the
signature.
This function protects the Web server from various attacks
from the application layer including cross-site scripting,
SQL injection and buffer overflow.
Trust/Black IP
control
It is possible to control communications of the IP address
specified by customer.
It is possible to specify Trust IP (IP address that is allowed
unconditionally) and Black IP (IP address that is blocked
unconditionally). A maximum of 100 addresses can be
registered for Trust IP and Black IP in total.
Decoding It is possible to inspect communications by decoding SSL
communications.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
29
X-Forwarded-For It is possible to forward information on the source IP
address.
It is possible to forward information on the X-Forwarded-
For address to the Web server (real server).
Initial Tuning Report
Customer can change the policy setting (setting can be changed to detection
only/disabled for each signature ID) from Security Web Portal. We can report advices
on policy tuning.
Initial tuning report is available only for once. Initial tuning report application sheet is
available on Security Web Portal. Input necessary items and request the report by
using the security ticket.
IP reputation 2.9.2.2
Details are as follows.
Function Details
IP reputation This is the function for controlling connection from the host
based on information on the source of threat.
Classification of threats is as follows.
- DDoS: Source identified as part of DDoS attack
- Phishing: Source identified as part of phishing attack
or as a host of the Web site for phishing attack
- Anonymous proxy: Traffic that is sent via anonymous
proxy for disguising the original identity of the client
and the source is hidden
- Malicious source: Host that infection by harmful
software is identified
- Spammer: Host identified as the source of spam
IP reputation function works as the standard function so that this
function cannot be enabled or disabled.
Restrictions 2.9.3
Restrictions in non-Japanese Data Centers
One global IP address per one Web Security (WAF) service is necessarily assigned
to monitoring use for Web Security (WAF) server. When you order 2 Web Security
(WAF) services, two global IP address is assigned by NTT operator. Therefore
please make sure that you prepare the required quantity of global IP addresses
when ordering.
Do not change NAT rules for Web Security (WAF) service configured to vFW/INA by
NTT Com Group.
Restrictions relating to IP addresses
IP address set as Default gateway in Server Segment setting cannot be assigned to
this service.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
30
Restrictions relating to network configuration
You require an additional Server Segment for direct connection between vFW/INA
and Web Security (WAF) for monitoring and management.
Other restrictions
Please indicate the Web Security (WAF) plan when sending in your application. No
changes can be made among Entry, Compact and Large after the service begins.
When using the decoding function, customer needs to prepare a certificate.
Customer has the responsibility to acquire, update and manage a certificate. It is
possible to set and update a certificate from Security Web portal.
You must first register the Virtual Server IP address as Reserved IP. Reserved IP
addresses are set by the Customer Portal.
You are responsible for IP address design in Server Segment. NTT Communications
assumes no responsibility for any failures that may occur due to IP design
problems.
Communication that can be handled with this service is Web communication only.
Communications other than HTTP, including FTP and SSH, cannot be handled.
If the protocol that complies with RFC or encapsulation is used, communications
cannot be processed with this service.
The appliance that runs this service operates on a single structure. The platform is
a dual configuration where it will switch in five to ten minutes after rebooting on
the backup platform during failures.
This service needs a dedicated compute resource pool. (The pool will be created
when applying for Web Security (WAF).) This service cannot be configured on an
existing compute resource pool.
Customers cannot configure a virtual machine on the compute resource pool
operating this service.
The dedicated compute resource pool for this service cannot be extended or
reduced.
Changes in resource allocations for the virtual machine that operates this service
cannot be done from the customer portal. (Only we can operate it as it is virtual
server controlled by us.)
The virtual machine operating the Web Security (WAF) cannot use private
catalogues, backup and VM security services.
We do not guarantee that features provided by Web Security (WAF) have integrity
or accuracy, or they are suitable for your use. Furthermore, the suitability of the
algorithms that detect unauthorized/cyber-attack communications provided by the
developers or distributors of the devices making up the Web Security (WAF)
feature is not guaranteed.
The following information might be provided to the developers or the distributors of
the devices making up Web Security (WAF) features.
- Configuration information obtained through providing Web Security (WAF)
- Information on control of Web Security (WAF)
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
31
We cannot guarantee recovery from failures that might occur due to incompatibility
between the Web Security (WAF) feature and your environment, or failures that
occur due to your operations other than those specified by NTT Communications.
There may be times when the customer’s environment is affected by maintenance
services. An advance notice will be sent when there are possible effects to the
customer’s communication. This is not applied when we judge the maintenance
work urgent to provide the service.
2.10 VM Anti-Virus
Overview 2.10.1
VM Anti-Virus is a service that protects VMs against virus contagion and threats.
Features 2.10.2
The following features are available for VM Anti-Virus.
Feature Overview
Real-Time Scan Monitors the types of file access, such as write or read,
generated inside the VM and scans viruses.
Scheduled Scan Scans for viruses on schedule in files existing on the VM
(including files that are not in use).
Actions Executes the specified processes when viruses are
detected.
Scan Exception Specifies exceptions to virus scan.
Automatic
Security Update
Periodically checks pattern file updates and performs
updates.
Real-Time Scan 2.10.2.1
This feature is only for Windows.
You can specify the following items in Real-Time Scan.
Item Overview
Directories
and Files to
scan
Selects directories and files for file access scan.
Directories Selectable from “All directories” or “Directory list”
Files Selectable from “All files”, “File Types Recommended
by TrendMicro”, or “File extension list“
Schedule Selectable from “24 hours a day, every day” or
“Custom Schedule”.
If "Custom Schedule" is selected, the weekly
scheduled time is specified.
Actions Please refer to section 2.10.2.3 Actions.
Scan Exceptions Please refer to section 2.10.2.4 Scan Exception.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
32
Scheduled Scan 2.10.2.2
You can specify the following items in Scheduled Scan.
Item Overview
Directories
and Files to
scan
You can select directories and files for file access
scan.
Directories Selectable from “All directories” or “Directory list”
Files Selectable from “All files”, “File Types Recommended
by TrendMicro”, or “File extension list“
Schedule You can specify the interval the scheduled scan runs
from “Daily” “Weekly” or “Monthly”, and time.
Daily: Specifies either "Every Day," "Weekdays," or
"Every X Days."
Weekly: Specifies either "Every Yday of the week" or
"Yday of every X Weeks."
Monthly: Specifies either "The Xth of each month" or
"The Xth Yday of each month."
You can select the time slot except for 0:01-0:59 in
your local time, which you can specify in
application.
Actions Please refer to section 2.10.2.3 Actions.
Scan Exceptions Please refer to section 2.10.2.4 Scan Exception.
Notes: Xs represent numbers and Ydays represent days of the week in the table above.
Actions 2.10.2.3
You can set the processing method for the case where files that are infected by
viruses are detected.
You can select from “Recommended Setting” or “Custom Setting.”
Item Overview
Recommended
Setting
The virus processing method recommended by the
developers and distributors of the devices making up the
VM Anti-Virus feature.
Custom Setting The first process (primary process) when viruses are
detected is specified from “Delete,” “Clean,” “Pass,” “Deny
access” and “Quarantine.”
Recommended Setting
The “Recommended Setting” processing method might be modified based on day-to-
day operation and the information concerning the handling method is not disclosed.
Custom Setting
You can select one of the following actions as the first process of virus scan in Custom
setting.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
33
Action The first process
Delete Windows: Moves the backup data of the infected file to a
quarantined directory on a VM, and DELETEs the
original file.
Linux : DELETEs the infected file.
Clean CLEANs virus from the infected file and restores the file.
Pass Only logs virus detection and PASSes the infected file as it is.
Deny
access
This action is available only in Real-Time Scan.
Windows: Immediately blocks file access such as write or read
when the access to the infected file is detected.
Linux : Not applicable to Linux because Linux OS doesn’t
support Real-time scan.
Quarantine Windows: Performs the same action as “Delete”.
Linux : Moves the backup data of the infected file to a
quarantined directory on a VM, and DELETEs the
original file.
Scan Exception 2.10.2.4
You can specify directories, files and extensions. You can specify files that will not be
scanned for viruses.
Automatic Security Update 2.10.2.5
Automatic Security Update checks for pattern file update information on NTT Com
Group’s administration server and update pattern files automatically when necessary.
You can specify schedule by one of the following parameters.
Items Overview
Hourly You can specify “X minutes after the hour” every hour.
Daily You can specify “Every day”, “Weekdays” or “Every X days”, and
time.
Weekly You can specify “Every Yday of the week” or “Yday of every X
weeks”, and time.
Monthly You can specify “The Xth of each month” or “The Xth Yday of
each month”, and time.
Note: Xs represent numbers and Ydays represent days of the week in the table above.
Restrictions 2.10.3
Restrictions relating to OS and resources
The following table shows the system requirements of software agent. Availability
of service provisioning also depends on supported OS of Enterprise Cloud itself and
kernel version of Linux OS. You should ask NTT Com Group regarding availability.
Items Requirements
Memory size Minimum Value: 512 MB
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
34
Items Requirements
Disk size Minimum Value: 1GB
OS Windows Windows 8 (64bit)
Windows server 2012 (64bit)
Windows 7 (64bit)
Windows server 2008 R2 (64bit)
Windows Server 2008 (64bit)
Windows Vista (64bit)
Windows Server 2003 SP1 (64bit) with patch
"Windows Server 2003 Scalable Networking Pack“
Windows XP (64bit)
Linux Red Hat 5 (64bit)
Red Hat 6 (64bit)
CentOS 5 (64bit)
CentOS 6 (64bit)
SuSE 10 (64bit)
SuSE 11 (64bit)
Restrictions relating to agent installation
You are responsible for the installation of agents to their VMs.
You cannot use other antivirus software together with this service. Make sure to
uninstall other antivirus software before using this service.
Do not upload agents by mounting ISO image files or CD/DVD drives, when
uploading it to the VMs.
Restrictions relating to network configuration
When the target VM is in a segment which is not directly connected to the vFW/INA,
an additional server segment is required to directly connect the vFW/INA and the
VM.
Other restrictions
You are responsible for activation confirmation (constant monitoring) of agents.
Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
Please use a VM without this service installed for Create Template feature of
Private Catalog menu. If a template is created from a VM where the agent is
installed or installation and activation is completed, when a VM is replicated from
that template, this service will no longer be available for the newly replicated VM
and the VM used for creating that template. The same applies when used for image
backup.
The following files are not targeted for Virus Scan.
- Password-protected files
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
35
- Files compressed with unsupported format
- Corrupted files
- Encrypted files
- Files compressed six (6) times or more
- Decompressed file size is 10MB or greater (Real-time scan default value)
- Decompressed file size is 30MB or greater (Scheduled/Manual scan default value)
Directory and file inside network drive cannot be set as the targets of virus scans.
We recommend that you do not target directories or files for virus scan that have a
high write frequency, such as databases and Active Directories. If you target them
for virus scan, the server performance will be reduced.
VM Anti-Virus does not guarantee that the provided VM Anti-Virus feature has
integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the
pattern files provided by the developers or distributors of the software that makes
up the VM Anti-Virus feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the VM Anti-Virus feature.
- Configuration information obtained from providing VM Anti-Virus
- Information obtained from VM Anti-Virus
We cannot guarantee recovery from failures that might occur due to incompatibility
between VM Anti-Virus and your environment, or failures that occur due to your
operations other than those specified by NTT Com group.
2.11 VM Virtual Patch
Overview 2.11.1
VM-Virtual Patch is a service that detects and/or protects the VM from attacks on
vulnerabilities. For OS and application vulnerabilities, it is a service that provides
signatures that provide solutions equivalent to the security patches provided by
application vendors.
Features 2.11.2
The following features are available for VM Virtual Patch.
Feature Overview
VM Virtual Patch A feature that detects or protects against (blocks) attack
traffic directed against vulnerabilities.
Recommended Scan A feature that scans VM system information, checks
whether there are vulnerabilities, and automatically
applies VM Virtual Patch corresponding to those
vulnerabilities.
VM Virtual Patch 2.11.2.1
You can select “Detection” mode or “Prevention” mode.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
36
Mode Overview
Detection Attack traffic is detected.
However, traffic is not blocked even though attack traffic
is detected.
Prevention Attack traffic is detected.
Traffic is blocked when attack traffic is detected.
Virtual Patching is a feature to verify packets contents by using kernel mode driver
bound to Layer 2 (data link layer) and matches them to the patterns of protocol
violation and signature. It identifies and/or prevents the packets matching the pattern
as packets attacking vulnerabilities.
Recommended Scan 2.11.2.2
Recommended scan scans system information of a VM periodically and checks
vulnerability existence. It can also automatically apply virtual patches which
corresponding to those vulnerability.
The Virtual Patches are effective against vulnerability in OS and installed general
applications (e.g. apache).
You can specify the schedule by one of the following parameters.
Items Overview
Hourly You can specify “X minutes after the hour” every hour.
Daily You can specify “Every day”, “Weekdays” or “Every X days” and
time.
Weekly You can specify “Every Yday of the week” or “Yday of every X
weeks” and time.
Monthly You can specify “The Xth of each month” or “The Xth Yday of each
month” and time.
Note: Xs represent numbers and Ydays represent days of the week in the table above.
The Virtual Patch is applied to the detected vulnerabilities. If you have applied a
legitimate patch, the virtual patch will be removed during the recommendation
scanning.
Restrictions 2.11.3
Restrictions relating to OS and resources
The following table shows the system requirements of software agent. Availability
of service providing also depends on supported OS of Enterprise Cloud itself and
kernel version of Linux OS. You should ask the availability of them to NTT Com
Group.
Items Requirements
Memory size Minimum Value: 512 MB
Disk size Minimum Value: 1GB
OS Windows Windows 8 (32bit/64bit)
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
37
Windows server 2012 (64bit)
Windows 7 (32bit/64bit)
Windows server 2008 R2 (64bit)
Windows Server 2008 (32bit/64bit)
Windows Vista (32bit/64bit)
Windows Server 2003 SP1 (32bit/64bit) with patch
"Windows Server 2003 Scalable Networking Pack“
Windows XP (32bit/64bit)
Linux Red Hat 5 (32bit/64bit)
Red Hat 6 (32bit/64bit)
CentOS 5 (32bit/64bit)
CentOS 6 (32bit/64bit)
SuSE 10 (32bit/64bit)
SuSE 11 (32bit/64bit)
Ubuntu 10.04 LTS (64bit)
Ubuntu 12.04 LTS (64bit)
Restrictions relating to agent installation
You are responsible for the installation of agents to their VMs.
You cannot use other antivirus software than VM Anti-Virus together with this
service. Make sure to uninstall other antivirus software before using this service.
Do not upload agents by mounting ISO image files or CD/DVD drives when
uploading it to the VMs.
Restrictions relating to network configuration
When the target VM is in a segment which is not directly connected to the vFW/INA,
an additional server segment is required to directly connect the vFW/INA and the
VM.
Other restrictions
You need to apply the legitimate security patches provided by each application
vendor for the fundamental solutions because virtual patches are not software code
corrections, but temporary measures.
You are responsible for activation confirmation (constant monitoring) of agents.
Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
Please use a VM without this service installed for Create Template feature of
Private Catalog menu. If a template is created from a VM where the agent is
installed or installation and activation is completed, when a VM is replicated from
that template, this service will no longer be available for the newly replicated VM
and the VM used for creating that template. The same applies when used for image
backup.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
38
VM Virtual Patch does not guarantee that the provided VM Virtual Patch feature has
integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the
signatures (algorithms that judge the degree of danger and attack traffic) provided
by the developers or distributors of the devices making up the VM Virtual Patch
feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the VM Virtual Patch feature.
- Configuration information obtained from providing VM Virtual Patch
- Information obtained from controlling VM Virtual Patch, etc.
We cannot guarantee recovery from failures that might occur due to incompatibility
between the VM Virtual Patch feature and your environment, or failures that occur
due to your operations other than those specified by NTT Com group.
2.12 VM Firewall
Overview 2.12.1
VM Firewall is a service that controls communication among VMs.
Features 2.12.2
The following features are available for VM Firewall.
Feature Overview
VM Firewall A feature that controls communication among the target VMs.
You can specify following conditions per each rule.
Items Content
Action Type Selectable from “Allow” or “Deny”
Direction Selectable from “Outgoing” or “Incoming“
Frame Type Selectable from “IP”, “ARP” or “Other”
Protocol Selectable from “ICMP”, “TCP” or “UDP”
Source IP address You can specify Source IP address and subnet mask.
Multiple IP addresses or an IP address range is possible
for IP address.
Source Port number You can specify source Port number.
Destination IP
address
You can specify Destination IP address and subnet
mask. Multiple IP addresses or an IP address range is
possible for IP address.
Destination Port
number
You can specify Destination Port number can be
specified.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
39
Restrictions 2.12.3
Restrictions relating to OS and resources
The following table shows the system requirements of software agent. Availability
of service providing also depends on supported OS of Enterprise Cloud itself and
kernel version of Linux OS. You should ask NTT Com Group about availability.
Items Requirements
Memory size Minimum Value: 512 MB
Disk size Minimum Value: 1GB
OS Windows Windows 8 (32bit/64bit)
Windows server 2012 (64bit)
Windows 7 (32bit/64bit)
Windows server 2008 R2 (64bit)
Windows Server 2008 (32bit/64bit)
Windows Vista (32bit/64bit)
Windows Server 2003 SP1 (32bit/64bit) with patch
"Windows Server 2003 Scalable Networking Pack“
Windows XP (32bit/64bit)
Linux Red Hat 5 (32bit/64bit)
Red Hat 6 (32bit/64bit)
CentOS 5 (32bit/64bit)
CentOS 6 (32bit/64bit)
SuSE 10 (32bit/64bit)
SuSE 11 (32bit/64bit)
Ubuntu 10.04 LTS (64bit)
Ubuntu 12.04 LTS (64bit)
Restrictions relating to agent installation
You are responsible for the installation of agents to their VMs.
You cannot use other antivirus software than VM Anti-Virus together with this
service. Make sure to uninstall other antivirus software before using this service.
Do not upload agents by mounting ISO image files or CD/DVD drives, when
uploading it to the VMs.
Restrictions relating to network configuration
When the target VM is in a segment which is not directly connected to the vFW/INA,
an additional server segment is required to directly connect the vFW/INA and the
VM.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
40
Other restrictions
Only NTT Com Group can specify rule names of VM Firewall; you cannot specify
them.
You are responsible for activation confirmation (constant monitoring) of agents.
Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
Traffic below is blocked in any mode settings.
- TCP connections over 100,000
- UDP connections over 100,000
- Unusual traffic which is not based on RFC or suspected to be inaccurate.
No IP header
Source IP and Destination IP are the same
Text which is not available for URI
Using character “/” over 100
Using “../../” above route
And there will be blocking resulting from the shortage of compute resource.
Please use a VM without this service installed for Create Template feature of
Private Catalog menu. If a template is created from a VM where the agent is
installed or installation and activation is completed, when a VM is replicated from
that template, this service will no longer be available for the newly replicated VM
and the VM used for creating that template. The same applies when used for image
backup.
VM Firewall does not guarantee that the provided VM Firewall feature has integrity
or accuracy, or is suitable for your use.
The following information might be provided to the developers or distributors of the
devices making up the VM Firewall feature.
- Configuration information obtained from providing VM Firewall
- Configuration information obtained from controlling VM Firewall
We cannot guarantee recovery from failures that might occur due to incompatibility
between the VM Firewall feature and your environment, or failures that occur due
to your operations other than those specified by NTT Com group.
2.13 Application Profiling
Overview 2.13.1
Application Profiling is a service that monitors the communication that applications are
using, and provides reports that make latent risks to the applications (suspected
information leaks and communication hypothesized to be unrelated to work) visible.
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
41
Features 2.13.2
The following features are available for Application Profiling.
Feature Overview
Application
Profiling Report
A feature that monitors the communication that
applications are using, and provides reports that make
latent risks to the applications (suspected information leaks
and communication hypothesized to be unrelated to work)
visible.
Application Profiling Report feature raises conceivable application communication that
supposedly have high risk from actual application usage, displays explanations of
hypothetical risks and advice for safely using the application.
Please check the following website for application communications that can be
monitored.
http://apps.paloaltonetworks.com/applipedia/
Reports are created once a month.
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.13.3
Restrictions relating to IP addresses
In order to connect the SIGs with Application Profiling, you must have two IP
address blocks available. If the IP address block is already being used, NTT Com
Group might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
There are some rules which must be set allow permission in VM Firewall. Please
refer to VM Firewall parameter sheet.
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
42
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
Application Profiling does not guarantee that the Application Profiling feature has
integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the
application identification algorithms provided by the developers or distributors of
the devices making up the Application Profiling feature is not guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the Application Profiling feature.
- Configuration information obtained from providing application profiling
- Information relating to Application Profiling processing
We cannot guarantee recovery from failures that might occur due to incompatibility
between Application Profiling and your environment, or failures that occur due to
your operations other than those specified by NTT Com group.
2.14 Network Profiling
Overview 2.14.1
Network Profiling is a service which is used to provide visualized reports of unknown
threat or hidden risk by monitoring communications.
This service is used via the SIGs. You need to apply separately for Service
Interconnectivity.
Features 2.14.2
The following features are available for Network Profiling.
Feature Overview
Network Profiling
Report
A feature that monitors communication to the VM and
from the communication status provides reports that
make unknown threats and latent risks visible.
Network Profiling Report feature monitors communication to the VM, and provides
reports that make latent risks to the network visible, based on the correlation
analyses on traffic logs and threat logs (viruses and unauthorized access) performed
by a security analyst.
Reports are created once a month.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
43
Analysis Capacity
Maximum traffic volume: 200 Mbps in total of both directions/service
Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5
services used) by applying additional services. When you need the additional
service, please contact us in advance.
Restrictions 2.14.3
Restrictions relating to IP addresses
In order to connect the SIGs with Network Profiling, you must have two IP address
blocks available. If the IP address block is already being used, NTT Com Group
might ask you to change it.
NTT Com Group will manage the assigned IP address blocks, and assign IP
addresses to the devices that require them.
Restrictions relating to network configuration
If you perform Ping monitoring on the VM, you will require an additional Server
Segment for direct connection between vFW/INA and the VM.
Do not connect the target server segments directly to the vFW/INA.
Other restrictions
When the actual traffic volume exceeds the contracted traffic volume, the excess
traffic might be discarded.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded
as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not
be able to check device logs or event reports from prior to the replacement via
Security Web Portal. In addition, if the active server and the standby server are
switched for a redundantly configured device and they are restored without
replacing the device, you cannot check the log or the event reports of the period
during which the switching occurred from Security Web Portal.
Network Profiling does not guarantee that the Network Profiling feature has
integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the
application, virus and URL identification algorithms provided by the developers or
distributors of the devices making up the Network Profiling feature is not
guaranteed.
The following information might be provided to the developers or distributors of the
devices making up the Network Profiling feature.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
44
- Configuration information obtained from providing network profiling
- Information relating to Network Profiling processing
We cannot guarantee recovery from failures that might occur due to incompatibility
between Network Profiling and your environment, or failures that occur due to your
operations other than those specified by NTT Com group.
2.15 RTMD Web
Overview 2.15.1
RTMD Web is a service that detects unauthorized malware intrusions, makes unknown
threats and latent risks visible, and reports them. Principally, it provides a file analysis
feature and a communication analysis feature.
It not only performs signature-based analysis on the Customer communication that
passes through vFW/INA by mirroring it, but also it actually reproduces suspicious
communication in the RTMD Web virtual environment, and analyzes malware
dynamically.
Features & Restrictions 2.15.2
Details of RTMD Web service differs from customer’s circumstance and need to be
discussed in each case.
2.16 RTMD E-mail
Overview 2.16.1
RTMD Email is a service that detects unauthorized malware intrusions via Email,
makes unknown threats and latent risks visible, and reports them. Principally, it
provides a file analysis feature.
It not only performs signature-based analysis on the Customer communication that
passes through vFW/INA by mirroring it, but also it actually reproduces suspicious
communication in the RTMD Email virtual environment, and analyzes malware
dynamically.
Features & Restrictions 2.16.2
Details of RTMD E-mail service differ with each customer’s circumstances and need to
be discussed in each case.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
45
3 Operation and Maintenance
3.1 Operation Service
NTT Com Group provides operation center called “GROC” for our Security service
customers for global DCs. GROC accepts inquiries and PCRs (Policy Change Requests),
sends failure notifications from and to end customers respectively.
Operation 3.1.1
Content of operation is defined for each service menu.
Menu Outline
Network Security IPS/IDS Health & Availability
Change Management
Security Incident Management (Automatic)
Service Incident Management
Contents Security
Email-Anti-Virus
Web-Anti-Virus
URL Filtering
Application Filtering
WAF
Indicated UTM
(Compact/Large)
Health & Availability
Security Incident Management (Automatic)
Service Incident Management
VM Security VM Anti-Virus Health & Availability.
Change Management.
Incident Management.
Service Incident Management
VM Virtual Patch
VM Firewall
Profiling Application Profiling
Health & Availability
Security Incident Management (Security Analyst validation)
Service Incident Management
Proactive remediation.
Network Profiling
RTMD RTMD Web
RTMD E-mail
3.2 Maintenance
A) Maintenance Window
4:00 – 8:00 (UTC) of every Sunday
Changes that require system downtime/scheduled maintenance will be done with prior
notification.
B) Emergency Maintenance
Maintenance work will be done with prior notification during non-maintenance hours
in emergency situations.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
46
4 Security Web Portal
Security service provides its own customer portal, WideAngle Customer Portal for
non-Japanese DCs and Security Web Portal for Japan DC. It is linked to from the
Cloud tab of the Enterprise Cloud customer portal.
From the Security Web Portal, you will be able to see logs and reports.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
47
5 Billing
Customer purchasing EC Security service will be billed according to the table below
and the service they have requested/used.
Menu Unit Billing Method
Security Network
Security
IPS/IDS Service Flat rate monthly*
Contents
Security
Email-Anti-Virus Service Flat rate monthly*
Web-Anti-Virus Service Flat rate monthly*
URL Filtering Service Flat rate monthly*
Application Filtering Service Flat rate monthly*
Unauthorized
Access Prevention
Service Flat rate monthly*
Web Browsing
Security
Service Flat rate monthly*
Internet Gateway
Security
Service Flat rate monthly*
WAF Service Flat rate monthly*
Integrated
Security
Appliance
UTM Compact Service Flat rate monthly*
Large Service Flat rate monthly*
Web
Security
(WAF)
Entry Service Flat rate monthly*
Compact Service Flat rate monthly*
Large Service Flat rate monthly*
VM Security VM Anti-Virus VM Flat rate monthly*
VM Virtual Patch VM Flat rate monthly*
VM Firewall VM Flat rate monthly*
VM Security
Advanced Package
VM Flat rate monthly*
Profiling Application Profiling Service Flat rate monthly*
Network Profiling Service Flat rate monthly*
RTMD RTMD Web Service Flat rate monthly*
RTMD E-mail Service Flat rate monthly*
* Even if the service starts or ends in the middle of the month, the monthly fee will be billed.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
48
6 SLA
NTT Com Group does not provide a Service Level Agreement for EC Security option
services.
ntt.com
Copyright © 2013 NTT Communications Corporation. All rights reserved
49
7 Disclaimer
NTT Com Group reserves the right to supply alternative equivalent or better services
in the event of items becoming unavailable through normal supply channels.