enterprise cloud security option · enterprise cloud security option ... waf

ntt.com

Copyright © 2013 NTT Communications Corporation. All rights reserved

1

Enterprise Cloud

Security option Service Description

Ver.1.5 February 15th, 2016

ntt.com


2

Version History

Issue Date Notes

1.0 April 1st, 2014 Released

1.1 August 12th, 2014 - Added packaged menus including new packaged

menus.

- Added Frankfurt DC to available DC list.

- Added Japan local feature to IPS/IDS.

- Added restrictions or notes to each menu.

- Changed English expressions.

1.2 February 17th,

2015

- Changed availability of Frankfurt2 Data Center.

- Changed availability of each DC for packaged menus

of contents security.

- Added a restriction item to URL Filtering.

1.3 June 25th, 2015 - Changed availability of Saitama No.1 Data Center.

- Added restrictions to some menus.

- Changed Japan local feature of IPS/IDS to global

standard.


1.4 September 30th,

2015

- Added new service (UTM)

1.5 February 15th,

2016

- Added new service (Web Security (WAF)).

- Changed availability or each DC for UTM.


ntt.com


3

Table of Contents

Version History .......................................................................................... 2

Table of Contents ....................................................................................... 3

1 EC Security option Service Description ..................................................... 7

1.1 Purpose ................................................................................................. 7

1.2 Definitions and Terminology ......................................................................... 7

1.3 Contractual Considerations .......................................................................... 7

1.4 Service Name and Product Owner ................................................................. 7

2 EC Security option Service Details ........................................................... 8

2.1 Overview ................................................................................................ 8

Network Diagram ................................................................................... 9 2.1.1

Network Security, Contents Security, Profiling .......................................... 9 2.1.1.1

Integrated Security Appliance ............................................................ 10 2.1.1.2

VM Security ................................................................................. 10 2.1.1.3

RTMD ........................................................................................ 11 2.1.1.4

Service Availability ............................................................................... 11 2.1.2

2.2 IPS/IDS ............................................................................................... 12

Overview ........................................................................................... 12 2.2.1

Features ........................................................................................... 13 2.2.2

IPS Mode Simulation ...................................................................................... 13

Analysis Capacity .......................................................................................... 13

Restrictions ........................................................................................ 13 2.2.3

Restrictions relating to IP addresses .................................................................... 13

Restrictions relating to network configuration .......................................................... 13

Other restrictions ........................................................................................... 14

2.3 Email Anti-Virus ..................................................................................... 14

Overview ........................................................................................... 14 2.3.1

Features ........................................................................................... 14 2.3.2


Restrictions ........................................................................................ 15 2.3.3




2.4 Web Anti-Virus ....................................................................................... 16

Overview ........................................................................................... 16 2.4.1

Features ........................................................................................... 16 2.4.2

ntt.com


4


Restrictions ........................................................................................ 17 2.4.3




2.5 URL Filtering ......................................................................................... 18

Overview ........................................................................................... 18 2.5.1

Features ........................................................................................... 18 2.5.2


Restrictions ........................................................................................ 19 2.5.3




2.6 Application Filtering ................................................................................. 20

Overview ........................................................................................... 20 2.6.1

Features ........................................................................................... 21 2.6.2


Restrictions ........................................................................................ 21 2.6.3




2.7 WAF (Web Application Firewall) .................................................................. 22

Overview ........................................................................................... 22 2.7.1

Features ........................................................................................... 22 2.7.2

Restrictions ........................................................................................ 22 2.7.3

2.8 UTM ................................................................................................... 22

Overview ........................................................................................... 22 2.8.1

Features ........................................................................................... 23 2.8.2


IPS/IDS ...................................................................................... 23 2.8.2.1

Anti Virus .................................................................................... 23 2.8.2.2

Web Filter ................................................................................... 24 2.8.2.3

Spam Filter .................................................................................. 25 2.8.2.4

Restrictions ........................................................................................ 26 2.8.3

Restrictions in non-Japanese Data Centers ........................................................... 26



ntt.com


5

Restrictions relating to Web Filter ....................................................................... 26

Restrictions relating to Spam Filter ...................................................................... 26


2.9 Web Security (WAF) ................................................................................ 28

Overview ........................................................................................... 28 2.9.1

Features ........................................................................................... 28 2.9.2


WAF .......................................................................................... 28 2.9.2.1

IP reputation ................................................................................ 29 2.9.2.2

Restrictions ........................................................................................ 29 2.9.3

Restrictions in non-Japanese Data Centers ........................................................... 29




2.10 VM Anti-Virus ........................................................................................ 31

Overview ........................................................................................... 31 2.10.1

Features ........................................................................................... 31 2.10.2

Real-Time Scan ............................................................................ 31 2.10.2.1

Scheduled Scan ............................................................................ 32 2.10.2.2

Actions ....................................................................................... 32 2.10.2.3

Scan Exception ............................................................................. 33 2.10.2.4

Automatic Security Update ............................................................... 33 2.10.2.5

Restrictions ........................................................................................ 33 2.10.3

Restrictions relating to OS and resources .............................................................. 33

Restrictions relating to agent installation ............................................................... 34



2.11 VM Virtual Patch ..................................................................................... 35

Overview ........................................................................................... 35 2.11.1

Features ........................................................................................... 35 2.11.2

VM Virtual Patch ........................................................................... 35 2.11.2.1

Recommended Scan ...................................................................... 36 2.11.2.2

Restrictions ........................................................................................ 36 2.11.3





ntt.com


6

2.12 VM Firewall ........................................................................................... 38

Overview ........................................................................................... 38 2.12.1

Features ........................................................................................... 38 2.12.2

Restrictions ........................................................................................ 39 2.12.3





2.13 Application Profiling ................................................................................. 40

Overview ........................................................................................... 40 2.13.1

Features ........................................................................................... 41 2.13.2


Restrictions ........................................................................................ 41 2.13.3




2.14 Network Profiling .................................................................................... 42

Overview ........................................................................................... 42 2.14.1

Features ........................................................................................... 42 2.14.2


Restrictions ........................................................................................ 43 2.14.3

2.15 RTMD Web ........................................................................................... 44

Overview ........................................................................................... 44 2.15.1

Features & Restrictions ......................................................................... 44 2.15.2

2.16 RTMD E-mail ......................................................................................... 44

Overview ........................................................................................... 44 2.16.1

Features & Restrictions ......................................................................... 44 2.16.2

3 Operation and Maintenance ...................................................................45

3.1 Operation Service ................................................................................... 45

Operation .......................................................................................... 45 3.1.1

3.2 Maintenance ......................................................................................... 45

4 Security Web Portal ..............................................................................46

5 Billing ...............................................................................................47

6 SLA ..................................................................................................48

7 Disclaimer ..........................................................................................49

ntt.com


7

1 EC Security option Service Description

1.1 Purpose

The purpose of this document is to provide a detailed description of Enterprise Cloud

Security options offered by NTT Com Group. It provides information about service

features, technology options and technical specifications. This document forms a part

of Enterprise Cloud Service Description.

Please note that all features of EC Security options are subject to change.

1.2 Definitions and Terminology

Term Definition

EC Enterprise Cloud

vFW vFirewall

INA Integrated Network Appliance

IPS Intrusion Prevention (Protection) System

IDS Intrusion Detection System

Target server

segment

A server segment in which the VM targeted for protection exists

UTM Unified Threat Management

Signature An algorithm or hash (a number derived from a string of text)

that uniquely identifies a specific virus and so on.

RTMD Real-time Malware Detection

NCS NTT Com Security

GROC Global Risk Operation Center

1.3 Contractual Considerations

This document replaces all former Service Descriptions for this service.

1.4 Service Name and Product Owner

Service Name: Enterprise Cloud (ECL) Security option

Global Product Owner: NTT Communications Cloud Services

ntt.com


8

2 EC Security option Service Details

2.1 Overview

EC Security is an optional service for Enterprise Cloud customers. This service has 5

Categories with 13 single menus and 4 packaged menus.

Menu Note

Compute Please refer to Enterprise Cloud SD for

Service offering of EC itself.

-

: -

: -

: -

Security Network

Security

IPS/IDS -

Contents

Security

Email-Anti-Virus -

Web-Anti-Virus -

URL Filtering -

Application Filtering -

Unauthorized

Access Prevention

Packaged menu.

Consists of “IPS/IDS” and “Web-

Anti-Virus”. Features comply

with those of the original

menus.

Web Browsing

Security

Packaged menu.

Consists of “Web-Anti-Virus” and

“URL Filtering”. Features comply

with those of the original

menus.

Internet Gateway

Security

Packaged menu.

Consists of “IPS/IDS”, “Web-Anti-Virus” and “URL Filtering”. Features comply with those of

the original menus.

WAF -

Integrated

Security

Appliance

UTM Compact -

Large -

Web

Security

(WAF)

Entry -

Compact -

Large -

VM Security VM Anti-Virus -

VM Virtual-Patch -

ntt.com


9

VM Firewall -

VM Security

Advanced Package

Packaged menu.

Consists of “VM Anti-virus”, “VM-Virtual Patch” and “VM Firewall”. Features comply with those of

the original menus.

Profiling Application Profiling -

Network Profiling -

Real-time

Malware

Detection

(RTMD)

RTMD Web -

RTMD email -

Network Diagram 2.1.1

Network Security, Contents Security, Profiling 2.1.1.1

Network Security, Contents Security, and Profiling are connected to Enterprise Cloud

segments using two (2) Service Interconnection Gateways (SIGs). To adopt EC

Security to the customer’s network; customer traffic between Virtual Machine (VM)

and Virtual Firewall (vFW)/Integrated Network Appliance (INA) is bypassed at the

SIGs and the traffic goes through dedicated security appliance hardware.

Note: A SIG supports only 1 server segment, and 1 service supports only 2 SIGs

(one for the server segment connected to the vFW/INA, one for the target

server segment). Therefore, 1 service protects only 1 target server segment.

So, if you want to protect multiple server segments, you need to contract the

same number of services.

ntt.com


10

Integrated Security Appliance 2.1.1.2

SIGs are not required for UTM and Web Security (WAF). Customer traffic between

Virtual Machine (VM) and Virtual Firewall (vFW)/Integrated Network Appliance (INA)

goes through dedicated security appliance software.

VM Security 2.1.1.3

You need to install agents to their VMs for VM Security.

ntt.com


11

RTMD 2.1.1.4

Because network configuration of RTMD services can differ with each customer, this

needs to be discussed prior to the provisioning process.

Service Availability 2.1.2

The table below shows the availability of DCs for each security service.

Menu

Japan North

America Europe

JP US UK DE

Yokohama No.1

Data

Center

Kansai1 Data

Center

Saitama No.1

Data

Center

San Jose Lundy

Data

Center

Virginia Sterling

Data

Center

Hemel Hempstead

2

Data

Center

Frankfurt2 Data

Center

IPS/IDS Yes Yes Yes Yes Yes Yes Yes

Email Anti-Virus Yes Yes Yes Yes Yes Yes Yes

Web Anti-Virus Yes Yes Yes Yes Yes Yes Yes

URL Filtering Yes Yes Yes Yes Yes Yes Yes

Application Filtering Yes Yes Yes Yes Yes Yes Yes

Unauthorized Access Prevention

Yes Yes Yes Yes Yes Yes Yes

Web Browsing Security Yes Yes Yes Yes Yes Yes Yes

Internet Gateway Security


WAF Yes *1 Yes *1 Yes *1 Yes *1 Yes *1 Yes *1 Yes *1

UTM Yes Yes Yes Yes *2 Yes *2 Yes Yes

Web Security (WAF) Yes Yes Yes Yes *2 Yes *2 Yes Yes

VM Anti-Virus Yes Yes Yes Yes Yes Yes Yes

VM Virtual Patch Yes Yes Yes Yes Yes Yes Yes

ntt.com


12

VM Firewall Yes Yes Yes Yes Yes Yes Yes

VM Security Advanced Package


Application Profiling Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

Network Profiling Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

RTMD Web Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

RTMD email Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

Menu

Europe APAC

FR ES SIN HK MY TH AU

France

Paris 2

Data Center

Spain

Madrid 2

Data Center

Serangoon

Data

Center

Tai Po

Data

Center

Cyberjaya

3

Data

Center

Bangna

Data

Center

Sydney1

Data

Center

IPS/IDS No No Yes Yes Yes Yes Yes

Email Anti-Virus No No Yes Yes Yes Yes Yes

Web Anti-Virus No No Yes Yes Yes Yes Yes

URL Filtering No No Yes Yes Yes Yes Yes

Application Filtering No No Yes Yes Yes Yes Yes

Unauthorized Access Prevention

No No Yes Yes Yes Yes Yes

Web Browsing Security No No Yes Yes Yes Yes Yes

Internet Gateway Security


WAF No No Yes *1 Yes *1 Yes *1 Yes *1 Yes *1

UTM Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

Web Security (WAF) Yes *2 Yes *2 Yes *2 Yes *2 No No No

VM Anti-Virus No No Yes Yes Yes Yes Yes

VM Virtual Patch No No Yes Yes Yes Yes Yes

VM Firewall No No Yes Yes Yes Yes Yes

VM Security Advanced Package


Application Profiling No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

Network Profiling No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

RTMD Web No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

RTMD email No No Yes *2 Yes *2 Yes *2 Yes *2 Yes *2

*1 Device individually procured. Please inquire about service specification and delivery time.

*2 Device procurement and/or network design, etc. are individually required. Please inquire about service specification and delivery time.

Note: Even though the service is available, it may take time to deliver the service depending on DC. Please inquire about delivery time.

2.2 IPS/IDS

Overview 2.2.1

IPS/IDS is a service that detects or/and blocks unauthorized access and cyber-attacks.

ntt.com


13

This service is used via the SIGs. You need to apply separately for Service

Interconnectivity.

Features 2.2.2

The following features are available for IPS/IDS.

Feature Overview

IPS/IDS A feature that detects or/and blocks unauthorized access and

cyber-attacks on the VM.

You can select one of the following modes.

Mode Overview

IPS Unauthorized access and cyber-attacks are detected. When they

are detected, traffic is blocked.

IDS Unauthorized access and cyber-attacks are detected. However,

traffic is not blocked even though unauthorized access and cyber-

attacks are detected.

IPS Mode Simulation

Simulation is a process for improving the accuracy of IPS mode for detecting and

blocking unauthorized access and attack traffic. You can choose whether to implement

a simulation at the time of application for IPS/IDS. You need to check whether or not

the detected communication is normal via Security Web Portal after the simulation.

The IPS/IDS setting will be adjusted based on the check result.

Analysis Capacity

Maximum traffic volume: 200 Mbps in total of both directions/service

Maximum simultaneous connections: 40,000 sessions/service

Note 1: The above values are best-effort.

Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5

services are used) by applying additional services. When you need the

additional service, please contact us in advance.

Restrictions 2.2.3

Restrictions relating to IP addresses

In order to connect the SIGs with IPS/IDS, you must have two IP address blocks

available. If the IP address block is already being used, NTT Com Group might ask

you to change it.

NTT Com Group will manage the assigned IP address blocks, and assign IP

addresses to the devices that require them.

Restrictions relating to network configuration

If you perform Ping monitoring on the VM, you will require an additional Server

Segment for direct connection between vFW/INA and the VM.

Do not connect the target server segments directly to the vFW/INA.

ntt.com


14

Other restrictions

When the actual traffic volume exceeds the contracted traffic volume, the excess

traffic might be discarded.

Encrypted communications are not targeted for detection and blocking.

Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded

as a standard function regardless of customer’s configuration.

(Examples)

- When the IP header is cut off in the middle

- When the Port number is 0 (zero)

- When the TCP flag combination is abnormal and others

If devices making up this feature are replaced due to malfunction etc., you will not

be able to check device logs or event reports from prior to the replacement via

Security Web Portal. In addition, if the active server and the standby server are

switched for a redundantly configured device and they are restored without

replacing the device, you cannot check the log or the event reports of the period

during which the switching occurred from Security Web Portal.

IPS/IDS does not guarantee that the IPS/IDS feature has integrity or accuracy, or

is suitable for your use. Furthermore, the suitability of the unauthorized/attack

traffic detection algorithms provided by the developers or distributors of the

devices making up the IPS/IDS feature is not guaranteed.

The following information might be provided to the developers or distributors of the

devices making up the IPS/IDS feature.

- Configuration information obtained from providing IPS/IDS

- Information concerning controls etc. for IPS/IDS

NTT Com group cannot guarantee recovery from failures that might occur due to

incompatibility between IPS/IDS and your environment, or failures that occur due

to your operations other than those specified by NTT Com group.

2.3 Email Anti-Virus

Overview 2.3.1

Email Anti-Virus is a service that detects and/or blocks viruses that invade via E-mail

(SMTP communication).


Interconnectivity.

Features 2.3.2

The following features are available for Email-Anti-Virus.

Feature Overview

Virus Scan A feature that monitors E-mail (SMTP communication), and

executes specified action when viruses are detected.

The target protocol of this service is SMTP.

ntt.com


15

You can select one of the following actions.

Items Overview

Allow Allows communications without logging.

Alert Monitors email (SMTP), and detects viruses.

However, traffic is not blocked even though viruses are

detected. Logs detection status.

Block Monitors email (SMTP), and detects viruses.

Note that communication is blocked when viruses are detected,

and the SMTP Reply Code: 541 is returned to the sender. Logs

blocking status.

Analysis Capacity




Note 2: you can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5

services used) by applying additional services. When you need the additional

service, please contact us in advance.

Restrictions 2.3.3


In order to connect the SIGs with Email-Anti-Virus, you must have two IP address

blocks available. If the IP address block is already being used, NTT Com Group

might ask you to change it.







Other restrictions



The following files are not targeted for Virus Scan.

- Encrypted files

- Password-protected files

- Files compressed by compression algorism other than zip/gzip

- Files compressed three (3) times or more



(Examples)

ntt.com


16










Email-Anti-Virus does not guarantee that the Email-Anti-Virus feature has integrity

or accuracy, or is suitable for your use. Furthermore, the suitability of the virus

identification algorithms provided by the developers or distributors of the devices

making up the Email-Anti-Virus feature is not guaranteed.


devices making up the Email-Anti-Virus feature.

- Configuration information obtained from providing Email-Anti-Virus

- Information concerning inspections etc., for Email-Anti-Virus

We cannot guarantee recovery from failures that might occur due to incompatibility

between Email-Anti-Virus and your environment, or failures that occur due to your

operations other than those specified by NTT Com group.

2.4 Web Anti-Virus

Overview 2.4.1

Web Anti-Virus is a service that detects or/and blocks viruses that invade via Web

access (HTTP communication) and FTP communication.


Interconnectivity.

Features 2.4.2

The following features are available for Web Anti-Virus.

Feature Overview

Virus Scan A feature that monitors Web access (HTTP communication) and

FTP communication, and executes specified actions when viruses

are detected.

The target protocols of this service are HTTP and FTP.

You can select one of the following actions per protocol.

Items Overview

Allow Allows communication without logging.

Alert Monitors Web access (HTTP communication) and FTP

communication and detects viruses without blocking. Logs

detection status.

ntt.com


17

Block Monitors Web access (HTTP communication) and FTP

communication, detects and blocks viruses. Displays blocked

screen to the user. Logs blocking status.

Analysis Capacity







Restrictions 2.4.3


In order to connect the SIGs with Web Anti-Virus, you must have two IP address









Other restrictions



The following communications are not targeted for Virus Scan.

- Encrypted communication (e.g. HTTPS, SFTP)


- Files compressed by compression algorism other than zip/gzip

- Files compressed three (3) times or more



(Examples)







ntt.com


18




Web Anti-Virus does not guarantee that the Web Anti-Virus feature has integrity or

accuracy, or is suitable for your use. Furthermore, the suitability of the virus


making up the Web Anti-Virus feature is not guaranteed.


devices making up the Web Anti-Virus feature.

- Configuration information obtained from providing Web Anti-Virus

- Information concerning detection etc., for Web Anti-Virus


between Web Anti-Virus and your environment, or failures that occur due to your


2.5 URL Filtering

Overview 2.5.1

URL Filtering is a service that controls website access according to the customer’s

policies.


Interconnectivity.

Features 2.5.2

The following features are available for URL Filtering.

Feature Overview

URL Filtering A feature that controls website access per website category

by executing actions according to customer’s policies. URL

Filtering filters communication from client (VPN) to the target

server segment.

The target protocols of this service are HTTP and HTTPS.

HTTPS communication is determined based on the URL in the Common Name of the

server certificate.

You can select one of the following actions, per web site category.

Items Overview

Allow Allows website access without logging.

Alert Allows website access and logs URL of access-restricted website.

Continue If users access websites that are registered in those categories, a

warning screen indicating that they have accessed a restricted

website is displayed.

If users click the "Continue" button on the displayed warning

screen, they can access the website in question. Logs URL of

access-restricted website.

ntt.com


19

Block If users access websites that are registered in those categories, a

screen indicating that they have accessed a restricted website is

displayed and the website is blocked. The user cannot access the

relevant website.

Logs URL of access-restricted website.

You can add allowed URLs and blocked URLs as required

Items Overview

Allowed URL

(White List)

From the group of websites that are registered to categories that

are set as “Continue” or “Block”, you can specify URLs as

exception and allow access.

A maximum of 100 URLs can be registered as an allowed URL.

Blocked URL

(Black List)

From the group of websites that are registered to categories that

are set as “Allow” or “Alert”, you can specify URLs as exception

and block access.

A maximum of 100 URLs can be registered as a blocked URL.

Analysis Capacity







Restrictions 2.5.3


In order to connect the SIGs with URL Filtering, you must have two IP address









Other restrictions



When the URL in Common Name of the server certificate matches the URL

categorized as Block/Continue, the blocking/warning screen is not displayed (it is

displayed as a browser error).

When you select “Continue” as an action for a web site categories,

ntt.com


20

- When you use a proxy server, the “Continue” action is applied only to the

communication from the client (VPN) to the proxy server. It is not applied to the

communication from the proxy server to the Internet from security standpoint.

- Please add the IP address blocks of the target server segment to the proxy

exception setting of a client browser. Otherwise, a warning screen will not be

displayed.

- Please set vFW/INA so that the communication addressed to port 6080 of the

proxy server passes through it.

- You cannot use port 6080 for service communication which goes through URL

Filtering, because port 6080 is used to display a warning screen.



(Examples)










URL Filtering does not guarantee that the URL filtering feature has integrity or

accuracy, or is suitable for your use. Furthermore, the suitability of the URL


making up the URL Filtering feature is not guaranteed.


devices making up the URL Filtering feature.

- Configuration information obtained from providing URL filtering

- Information concerning controls etc., for URL filtering


between URL Filtering and your environment, or failures that occur due to your


2.6 Application Filtering

Overview 2.6.1

Application Filtering is a service that blocks communication from applications that are

not necessary for work, according to the customer’s policies


Interconnectivity.

ntt.com


21

Features 2.6.2

The following features are available for Application Filtering.

Feature Overview

Application

Filtering

A feature that categorizes applications and blocks

communication from specified applications.

You can specify applications to be blocked from among the applications that can be

controlled by Application Filtering. Please check the following website for controllable

applications list.

http://apps.paloaltonetworks.com/applipedia/

Analysis Capacity







Restrictions 2.6.3


In order to connect the SIGs with Application Filtering, you must have two IP

address blocks available. If the IP address block is already being used, NTT Com

Group might ask you to change it.







Other restrictions





(Examples)







ntt.com


22




Application Filtering does not guarantee that the Application Filtering feature has

integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the

application identification algorithms provided by the developers or distributors of

the devices making up the Application Filtering feature is not guaranteed.


devices making up the Application Filtering feature.

- Configuration information obtained from providing application filtering

- Information concerning controls etc., for Application Filtering


between Application Filtering and your environment, or failures that occur due to

your operations other than those specified by NTT Com group.

2.7 WAF (Web Application Firewall)

Overview 2.7.1

WAF is a service which is a service that protects web applications against cyber-

attacks.


Interconnectivity.

Features 2.7.2

The following features are available for WAF.

Feature Overview

WAF A feature that detects cyber-attacks on web applications and

blocks them to ensure application availability

Configuration of WAF services can differ with each customer and needs to be

discussed prior to the provisioning process.

Restrictions 2.7.3

Restrictions of WAF services differ from each customer’s circumstance and need to be

discussed prior to provisioning.

2.8 UTM

Overview 2.8.1

UTM (Unified Threat Management) is an integrated security solution to perform a

variety of security functions, such as detecting and preventing unauthorized access to

the virtual machine in Enterprise Cloud (EC), Anti Virus securities, URL-based Web

filtering, and spam mail filtering.

ntt.com


23

Features 2.8.2

UTM offers the following features.

Feature Overview

IPS/IDS A function that detects and/or prevents illegal

communication.

Anti Virus A function that detects and/or prevents viruses from HTTP,

FTP, SMTP, POP3, and IMAP communications.

Web Filter A URL filtering function for HTTP communications.

Spam Filter A function to determine whether or not the receiving email

message is spam in POP3 and IMAP communications.

Analysis Capacity

Plan Traffic Processing

Capacity

Plan

Compact Max 200 Mbps The total value of uplink and downlink.

The values are best-effort. Large Max 400 Mbps

IPS/IDS 2.8.2.1

IPS/IDS is a feature that inspects communications based on the signature and stops

the communications deemed as harmful.

The following is the communications that will be inspected. Encrypted communications

are not targeted for detection and blocking.

Items Overview

Direction The direction specified by the customer

Protocol TCP/IP

You can specify the following items in IPS/IDS.

Items Overview

IPS/IDS functions Set up whether or not to use the IPS/IDS functions

Direction of inspected

communication

Specify the direction of the inspected communication

Actions when

detecting fraudulent

communications

Select from IPS mode and IDS mode

- IPS mode: Block

- IDS mode: Detection only (no blocking)

For IPS mode, not all communications will necessarily be blocked, detection only

communications are included as well.

Anti Virus 2.8.2.2

Anti Virus is a feature that inspects communications based on the pattern file and

prevents communications that are detected as viruses.

The following are the communications and files that will be inspected.

ntt.com


24

Items Content

Communications Direction The direction specified by the customer

Protocol The protocols specified by the customer from

HTTP, FTP, SMTP, POP3, and IMAP

Port Number The port number specified by the customer

File File Size Files that are 3MB and under

Compressed

files

Number of

times

Inspects only files that have been

compressed 12 times or less

Format arj, cab, gzip, lha, lzh, msc, rar, tar, zip

File size Inspects only files with extracted file size of

3MB or less

Files other than the above (such as encrypted files and files with passwords) are not

inspected. Files that are not subject to inspection will pass through.

You can specify the following items in Anti Virus.

Items Content

Anti Virus function Set up whether or not to use the Anti Virus

function

Communications

Direction Specify the direction of the inspected

communication

Protocol Select the protocols from HTTP, FTP, SMTP,

POP3, and IMAP

Port number Specify the port number of each protocol

Actions when detecting viruses Select from “AntiVirus_Block” and

“AntiVirus_Monitor”

- AntiVirus_Block: Blocks the

communication when viruses are

detected

- AntiVirus_Monitor: Detects viruses

only (but does not block)

The inspection port number will be a shared setting for Anti Virus, Web Filter, and

SPAM Filter functions. It will be subject to inspection if the inspected protocol for each

function is the same.

Web Filter 2.8.2.3

Web Filter is a feature that controls communications by inspecting the destination of

the Web communications.

The following are the communications that will be inspected.

Items Overview

Direction Communications from vFW/INA via UTM to the virtual

machine

Protocol HTTP

ntt.com


25

Port Number The port number specified by the customer

You can specify the following items in Web Filter.

Items Content

Web Filter Function Specify or not whether to use the Web Filter function

Port Number of the

Inspected

Communications

Specify the port number

Blocked Categories Select the website category to be blocked.

Block: Blocks the access and has log output

White List and Black

List

Set up the white list and black list. The number of

settings is up to 100 URLs for each.




Spam Filter 2.8.2.4

Spam Filter is a feature that determines spam mail by inspecting the email

communications.

The following are the communications that will be inspected.

Items Overview

Direction Direction specified by the customer

Protocol POP3 and IMAP

Port Number Port number specified by the customer

You can specify the following items in Spam Filter.

Items Content

Spam Filter function Set up whether or not to use the Spam Filter

function

Communications Direction Specify the direction of the inspected

communications

Port

Number

Specify the port number for each protocol

White List and Black List Set up the white list and black list. The number of

settings is up to 100 URLs for each




When the message is determined as spam, ‘Spam’ will be added in the email subject.

The customer, who receives an email message with the subject title ‘Spam’, will need

to deal with the message as nothing will be done by Spam Filter after the message is

determined as spam.

ntt.com


26

Restrictions 2.8.3

Restrictions in non-Japanese Data Centers

One global IP address per one UTM service is necessarily assigned to monitoring

use for UTM server. When you order 2 UTM services, two global IP address is

assigned by NTT operator. Therefore please make sure that you prepare the

required quantity of global IP addresses when ordering.

Do not change NAT rules for UTM service configured to vFW/INA by NTT Com

Group.


IP address set as Default gateway in Server Segment setting cannot be assigned

on UTM interface.





Do not change default gateway setting of UTM via Security Web Portal. It can be

changed by service order form for changing.

Restrictions relating to Web Filter

It is necessary to construct a proxy server on the EC service when applying the

Web Filter to the communications connected to the internet from VPN of the EC

service.

To display the block screen and the like, service communication using TCP 8008,

8010, and 8020 ports cannot be used for communications that go through the Web

Filter.

For HTTP communications, the block screen will not be displayed if the domain

stated in the Common Name in the server certificate on the accessed site is a

domain belonging to the blocked category. (It will be displayed as a browser error.)

Restrictions relating to Spam Filter

For IMAP, there are times when ‘Spam’ cannot be added in the email subject title.

This is not caused by UTM specification but a restriction by IMAP action. For IMAP,

an email subject title is downloaded on the client first and a message body is

downloaded next. So when it is determined as spam due to an URL in the message

body, ‘Spam’ cannot be added in the email subject title. With IMAP, it is possible to

add ‘Spam’ on the email subject title when the email address is determined to be

spam.

Other restrictions

It is absolutely necessary to have a contract for either vFirewall or Integrated

Network Appliance.

You cannot switch plan from Compact to Large or the other way after the service

begin.

ntt.com


27

The appliance that runs this service operates on a single structure. The platform is

a dual configuration where it will switch in five to ten minutes after rebooting on

the backup platform during failures.

This service needs a dedicated compute resource pool. (The pool will be designed

when applying for UTM.) This service cannot be configured on an existing compute

resource pool.

Customers cannot configure a virtual machine on the compute resource pool

operating this service.

The dedicated compute resource pool for this service cannot be extended or

reduced.

Changes in resource allocations for the virtual machine that operates this service

cannot be done from the customer portal. (Only we can change it as it is virtual

machine controlled by us.)

It will switch to a conserve (Protect) mode when the usage rate of the UTM

memory exceeds 80 percent. It will pass without inspecting new sessions when it is

in conserve mode (for Anti Virus, Web Filter, and Spam Filter functions). Also

conserve mode will automatically be released when the memory usage rate is 80

percent and under.

The virtual machine operating the UTM cannot use private catalogues, backup and

VM security services.



(examples)


- When the port number is 0 (zero)


- Illegal packets due to encapsulation and others

UTM does not guarantee that the UTM feature has integrity or accuracy, or is

suitable for your use. Furthermore, the suitability of the algorithms that detect

unauthorized/cyber-attack communications provided by the developers or

distributors of the devices making up the UTM feature is not guaranteed.

The following information might be provided to the developers or the distributors of

the devices making up UTM features.

- Configuration information obtained through providing UTM

- Information on UTM control


between UTM and your environment, or failures that occur due to your operations

other than those specified by NTT Com Group.

ntt.com


28

2.9 Web Security (WAF)

Overview 2.9.1

Web Security (WAF) is the service that detects and protects security threats including

unauthorized access and attack traffic on the Web application server in the virtual

server on Enterprise Cloud.

Features 2.9.2

UTM offers the following features.

Feature Overview

WAF A function that inspects Web communication specified by

customer and detects/protects unauthorized access and

attack traffic.

IP reputation A function that blocks attacks from the source identified as

threat.

Analysis Capacity

Plan Traffic Processing

Capacity

Plan

Entry Max 50 Mbps

Compact Max 200 Mbps The total value of uplink and downlink.

The values are best-effort. Large Max 400 Mbps

WAF 2.9.2.1

Communications to be inspected are as follows

Item Details

Protocol HTTP/HTTPS

Detailed functions are as follows.

Function Details

WAF This function inspects Web communications based on the

signature.

This function protects the Web server from various attacks

from the application layer including cross-site scripting,

SQL injection and buffer overflow.

Trust/Black IP

control

It is possible to control communications of the IP address

specified by customer.

It is possible to specify Trust IP (IP address that is allowed

unconditionally) and Black IP (IP address that is blocked

unconditionally). A maximum of 100 addresses can be

registered for Trust IP and Black IP in total.

Decoding It is possible to inspect communications by decoding SSL

communications.

ntt.com


29

X-Forwarded-For It is possible to forward information on the source IP

address.

It is possible to forward information on the X-Forwarded-

For address to the Web server (real server).

Initial Tuning Report

Customer can change the policy setting (setting can be changed to detection

only/disabled for each signature ID) from Security Web Portal. We can report advices

on policy tuning.

Initial tuning report is available only for once. Initial tuning report application sheet is

available on Security Web Portal. Input necessary items and request the report by

using the security ticket.

IP reputation 2.9.2.2

Details are as follows.

Function Details

IP reputation This is the function for controlling connection from the host

based on information on the source of threat.

Classification of threats is as follows.

- DDoS: Source identified as part of DDoS attack

- Phishing: Source identified as part of phishing attack

or as a host of the Web site for phishing attack

- Anonymous proxy: Traffic that is sent via anonymous

proxy for disguising the original identity of the client

and the source is hidden

- Malicious source: Host that infection by harmful

software is identified

- Spammer: Host identified as the source of spam

IP reputation function works as the standard function so that this

function cannot be enabled or disabled.

Restrictions 2.9.3

Restrictions in non-Japanese Data Centers

One global IP address per one Web Security (WAF) service is necessarily assigned

to monitoring use for Web Security (WAF) server. When you order 2 Web Security

(WAF) services, two global IP address is assigned by NTT operator. Therefore

please make sure that you prepare the required quantity of global IP addresses

when ordering.

Do not change NAT rules for Web Security (WAF) service configured to vFW/INA by

NTT Com Group.


IP address set as Default gateway in Server Segment setting cannot be assigned to

this service.

ntt.com


30


You require an additional Server Segment for direct connection between vFW/INA

and Web Security (WAF) for monitoring and management.

Other restrictions

Please indicate the Web Security (WAF) plan when sending in your application. No

changes can be made among Entry, Compact and Large after the service begins.

When using the decoding function, customer needs to prepare a certificate.

Customer has the responsibility to acquire, update and manage a certificate. It is

possible to set and update a certificate from Security Web portal.

You must first register the Virtual Server IP address as Reserved IP. Reserved IP

addresses are set by the Customer Portal.

You are responsible for IP address design in Server Segment. NTT Communications

assumes no responsibility for any failures that may occur due to IP design

problems.

Communication that can be handled with this service is Web communication only.

Communications other than HTTP, including FTP and SSH, cannot be handled.

If the protocol that complies with RFC or encapsulation is used, communications

cannot be processed with this service.

The appliance that runs this service operates on a single structure. The platform is

a dual configuration where it will switch in five to ten minutes after rebooting on

the backup platform during failures.

This service needs a dedicated compute resource pool. (The pool will be created

when applying for Web Security (WAF).) This service cannot be configured on an

existing compute resource pool.

Customers cannot configure a virtual machine on the compute resource pool

operating this service.

The dedicated compute resource pool for this service cannot be extended or

reduced.

Changes in resource allocations for the virtual machine that operates this service

cannot be done from the customer portal. (Only we can operate it as it is virtual

server controlled by us.)

The virtual machine operating the Web Security (WAF) cannot use private

catalogues, backup and VM security services.

We do not guarantee that features provided by Web Security (WAF) have integrity

or accuracy, or they are suitable for your use. Furthermore, the suitability of the

algorithms that detect unauthorized/cyber-attack communications provided by the

developers or distributors of the devices making up the Web Security (WAF)

feature is not guaranteed.

The following information might be provided to the developers or the distributors of

the devices making up Web Security (WAF) features.

- Configuration information obtained through providing Web Security (WAF)

- Information on control of Web Security (WAF)

ntt.com


31


between the Web Security (WAF) feature and your environment, or failures that

occur due to your operations other than those specified by NTT Communications.

There may be times when the customer’s environment is affected by maintenance

services. An advance notice will be sent when there are possible effects to the

customer’s communication. This is not applied when we judge the maintenance

work urgent to provide the service.

2.10 VM Anti-Virus

Overview 2.10.1

VM Anti-Virus is a service that protects VMs against virus contagion and threats.

Features 2.10.2

The following features are available for VM Anti-Virus.

Feature Overview

Real-Time Scan Monitors the types of file access, such as write or read,

generated inside the VM and scans viruses.

Scheduled Scan Scans for viruses on schedule in files existing on the VM

(including files that are not in use).

Actions Executes the specified processes when viruses are

detected.

Scan Exception Specifies exceptions to virus scan.

Automatic

Security Update

Periodically checks pattern file updates and performs

updates.

Real-Time Scan 2.10.2.1

This feature is only for Windows.

You can specify the following items in Real-Time Scan.

Item Overview

Directories

and Files to

scan

Selects directories and files for file access scan.

Directories Selectable from “All directories” or “Directory list”

Files Selectable from “All files”, “File Types Recommended

by TrendMicro”, or “File extension list“

Schedule Selectable from “24 hours a day, every day” or

“Custom Schedule”.

If "Custom Schedule" is selected, the weekly

scheduled time is specified.

Actions Please refer to section 2.10.2.3 Actions.

Scan Exceptions Please refer to section 2.10.2.4 Scan Exception.

ntt.com


32

Scheduled Scan 2.10.2.2

You can specify the following items in Scheduled Scan.

Item Overview

Directories

and Files to

scan

You can select directories and files for file access

scan.

Directories Selectable from “All directories” or “Directory list”

Files Selectable from “All files”, “File Types Recommended

by TrendMicro”, or “File extension list“

Schedule You can specify the interval the scheduled scan runs

from “Daily” “Weekly” or “Monthly”, and time.

Daily: Specifies either "Every Day," "Weekdays," or

"Every X Days."

Weekly: Specifies either "Every Yday of the week" or

"Yday of every X Weeks."

Monthly: Specifies either "The Xth of each month" or

"The Xth Yday of each month."

You can select the time slot except for 0:01-0:59 in

your local time, which you can specify in

application.

Actions Please refer to section 2.10.2.3 Actions.

Scan Exceptions Please refer to section 2.10.2.4 Scan Exception.

Notes: Xs represent numbers and Ydays represent days of the week in the table above.

Actions 2.10.2.3

You can set the processing method for the case where files that are infected by

viruses are detected.

You can select from “Recommended Setting” or “Custom Setting.”

Item Overview

Recommended

Setting

The virus processing method recommended by the

developers and distributors of the devices making up the

VM Anti-Virus feature.

Custom Setting The first process (primary process) when viruses are

detected is specified from “Delete,” “Clean,” “Pass,” “Deny

access” and “Quarantine.”

Recommended Setting

The “Recommended Setting” processing method might be modified based on day-to-

day operation and the information concerning the handling method is not disclosed.

Custom Setting

You can select one of the following actions as the first process of virus scan in Custom

setting.

ntt.com


33

Action The first process

Delete Windows: Moves the backup data of the infected file to a

quarantined directory on a VM, and DELETEs the

original file.

Linux : DELETEs the infected file.

Clean CLEANs virus from the infected file and restores the file.

Pass Only logs virus detection and PASSes the infected file as it is.

Deny

access

This action is available only in Real-Time Scan.

Windows: Immediately blocks file access such as write or read

when the access to the infected file is detected.

Linux : Not applicable to Linux because Linux OS doesn’t

support Real-time scan.

Quarantine Windows: Performs the same action as “Delete”.

Linux : Moves the backup data of the infected file to a

quarantined directory on a VM, and DELETEs the

original file.

Scan Exception 2.10.2.4

You can specify directories, files and extensions. You can specify files that will not be

scanned for viruses.

Automatic Security Update 2.10.2.5

Automatic Security Update checks for pattern file update information on NTT Com

Group’s administration server and update pattern files automatically when necessary.

You can specify schedule by one of the following parameters.

Items Overview

Hourly You can specify “X minutes after the hour” every hour.

Daily You can specify “Every day”, “Weekdays” or “Every X days”, and

time.

Weekly You can specify “Every Yday of the week” or “Yday of every X

weeks”, and time.

Monthly You can specify “The Xth of each month” or “The Xth Yday of

each month”, and time.

Note: Xs represent numbers and Ydays represent days of the week in the table above.

Restrictions 2.10.3

Restrictions relating to OS and resources

The following table shows the system requirements of software agent. Availability

of service provisioning also depends on supported OS of Enterprise Cloud itself and

kernel version of Linux OS. You should ask NTT Com Group regarding availability.

Items Requirements

Memory size Minimum Value: 512 MB

ntt.com


34

Items Requirements

Disk size Minimum Value: 1GB

OS Windows Windows 8 (64bit)

Windows server 2012 (64bit)

Windows 7 (64bit)

Windows server 2008 R2 (64bit)

Windows Server 2008 (64bit)

Windows Vista (64bit)

Windows Server 2003 SP1 (64bit) with patch

"Windows Server 2003 Scalable Networking Pack“

Windows XP (64bit)

Linux Red Hat 5 (64bit)

Red Hat 6 (64bit)

CentOS 5 (64bit)

CentOS 6 (64bit)

SuSE 10 (64bit)

SuSE 11 (64bit)

Restrictions relating to agent installation

You are responsible for the installation of agents to their VMs.

You cannot use other antivirus software together with this service. Make sure to

uninstall other antivirus software before using this service.

Do not upload agents by mounting ISO image files or CD/DVD drives, when

uploading it to the VMs.


When the target VM is in a segment which is not directly connected to the vFW/INA,

an additional server segment is required to directly connect the vFW/INA and the

VM.

Other restrictions

You are responsible for activation confirmation (constant monitoring) of agents.

Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.

Please use a VM without this service installed for Create Template feature of

Private Catalog menu. If a template is created from a VM where the agent is

installed or installation and activation is completed, when a VM is replicated from

that template, this service will no longer be available for the newly replicated VM

and the VM used for creating that template. The same applies when used for image

backup.

The following files are not targeted for Virus Scan.


ntt.com


35

- Files compressed with unsupported format

- Corrupted files

- Encrypted files

- Files compressed six (6) times or more

- Decompressed file size is 10MB or greater (Real-time scan default value)

- Decompressed file size is 30MB or greater (Scheduled/Manual scan default value)

Directory and file inside network drive cannot be set as the targets of virus scans.

We recommend that you do not target directories or files for virus scan that have a

high write frequency, such as databases and Active Directories. If you target them

for virus scan, the server performance will be reduced.

VM Anti-Virus does not guarantee that the provided VM Anti-Virus feature has


pattern files provided by the developers or distributors of the software that makes

up the VM Anti-Virus feature is not guaranteed.


devices making up the VM Anti-Virus feature.

- Configuration information obtained from providing VM Anti-Virus

- Information obtained from VM Anti-Virus


between VM Anti-Virus and your environment, or failures that occur due to your


2.11 VM Virtual Patch

Overview 2.11.1

VM-Virtual Patch is a service that detects and/or protects the VM from attacks on

vulnerabilities. For OS and application vulnerabilities, it is a service that provides

signatures that provide solutions equivalent to the security patches provided by

application vendors.

Features 2.11.2

The following features are available for VM Virtual Patch.

Feature Overview

VM Virtual Patch A feature that detects or protects against (blocks) attack

traffic directed against vulnerabilities.

Recommended Scan A feature that scans VM system information, checks

whether there are vulnerabilities, and automatically

applies VM Virtual Patch corresponding to those

vulnerabilities.

VM Virtual Patch 2.11.2.1

You can select “Detection” mode or “Prevention” mode.

ntt.com


36

Mode Overview

Detection Attack traffic is detected.

However, traffic is not blocked even though attack traffic

is detected.

Prevention Attack traffic is detected.

Traffic is blocked when attack traffic is detected.

Virtual Patching is a feature to verify packets contents by using kernel mode driver

bound to Layer 2 (data link layer) and matches them to the patterns of protocol

violation and signature. It identifies and/or prevents the packets matching the pattern

as packets attacking vulnerabilities.

Recommended Scan 2.11.2.2

Recommended scan scans system information of a VM periodically and checks

vulnerability existence. It can also automatically apply virtual patches which

corresponding to those vulnerability.

The Virtual Patches are effective against vulnerability in OS and installed general

applications (e.g. apache).

You can specify the schedule by one of the following parameters.

Items Overview

Hourly You can specify “X minutes after the hour” every hour.

Daily You can specify “Every day”, “Weekdays” or “Every X days” and

time.

Weekly You can specify “Every Yday of the week” or “Yday of every X

weeks” and time.

Monthly You can specify “The Xth of each month” or “The Xth Yday of each

month” and time.

Note: Xs represent numbers and Ydays represent days of the week in the table above.

The Virtual Patch is applied to the detected vulnerabilities. If you have applied a

legitimate patch, the virtual patch will be removed during the recommendation

scanning.

Restrictions 2.11.3



of service providing also depends on supported OS of Enterprise Cloud itself and

kernel version of Linux OS. You should ask the availability of them to NTT Com

Group.

Items Requirements



OS Windows Windows 8 (32bit/64bit)

ntt.com


37


Windows 7 (32bit/64bit)


Windows Server 2008 (32bit/64bit)

Windows Vista (32bit/64bit)

Windows Server 2003 SP1 (32bit/64bit) with patch


Windows XP (32bit/64bit)

Linux Red Hat 5 (32bit/64bit)

Red Hat 6 (32bit/64bit)

CentOS 5 (32bit/64bit)


SuSE 10 (32bit/64bit)


Ubuntu 10.04 LTS (64bit)




You cannot use other antivirus software than VM Anti-Virus together with this

service. Make sure to uninstall other antivirus software before using this service.

Do not upload agents by mounting ISO image files or CD/DVD drives when





VM.

Other restrictions

You need to apply the legitimate security patches provided by each application

vendor for the fundamental solutions because virtual patches are not software code

corrections, but temporary measures.








backup.

ntt.com


38

VM Virtual Patch does not guarantee that the provided VM Virtual Patch feature has


signatures (algorithms that judge the degree of danger and attack traffic) provided

by the developers or distributors of the devices making up the VM Virtual Patch

feature is not guaranteed.


devices making up the VM Virtual Patch feature.

- Configuration information obtained from providing VM Virtual Patch

- Information obtained from controlling VM Virtual Patch, etc.


between the VM Virtual Patch feature and your environment, or failures that occur

due to your operations other than those specified by NTT Com group.

2.12 VM Firewall

Overview 2.12.1

VM Firewall is a service that controls communication among VMs.

Features 2.12.2

The following features are available for VM Firewall.

Feature Overview

VM Firewall A feature that controls communication among the target VMs.

You can specify following conditions per each rule.

Items Content

Action Type Selectable from “Allow” or “Deny”

Direction Selectable from “Outgoing” or “Incoming“

Frame Type Selectable from “IP”, “ARP” or “Other”

Protocol Selectable from “ICMP”, “TCP” or “UDP”

Source IP address You can specify Source IP address and subnet mask.

Multiple IP addresses or an IP address range is possible

for IP address.

Source Port number You can specify source Port number.

Destination IP

address

You can specify Destination IP address and subnet

mask. Multiple IP addresses or an IP address range is

possible for IP address.

Destination Port

number

You can specify Destination Port number can be

specified.

ntt.com


39

Restrictions 2.12.3



of service providing also depends on supported OS of Enterprise Cloud itself and

kernel version of Linux OS. You should ask NTT Com Group about availability.

Items Requirements



OS Windows Windows 8 (32bit/64bit)


Windows 7 (32bit/64bit)


Windows Server 2008 (32bit/64bit)

Windows Vista (32bit/64bit)

Windows Server 2003 SP1 (32bit/64bit) with patch


Windows XP (32bit/64bit)

Linux Red Hat 5 (32bit/64bit)

Red Hat 6 (32bit/64bit)









You cannot use other antivirus software than VM Anti-Virus together with this

service. Make sure to uninstall other antivirus software before using this service.

Do not upload agents by mounting ISO image files or CD/DVD drives, when





VM.

ntt.com


40

Other restrictions

Only NTT Com Group can specify rule names of VM Firewall; you cannot specify

them.



Traffic below is blocked in any mode settings.

- TCP connections over 100,000

- UDP connections over 100,000

- Unusual traffic which is not based on RFC or suspected to be inaccurate.

No IP header

Source IP and Destination IP are the same

Text which is not available for URI

Using character “/” over 100

Using “../../” above route

And there will be blocking resulting from the shortage of compute resource.






backup.

VM Firewall does not guarantee that the provided VM Firewall feature has integrity

or accuracy, or is suitable for your use.


devices making up the VM Firewall feature.

- Configuration information obtained from providing VM Firewall

- Configuration information obtained from controlling VM Firewall


between the VM Firewall feature and your environment, or failures that occur due

to your operations other than those specified by NTT Com group.

2.13 Application Profiling

Overview 2.13.1

Application Profiling is a service that monitors the communication that applications are

using, and provides reports that make latent risks to the applications (suspected

information leaks and communication hypothesized to be unrelated to work) visible.


Interconnectivity.

ntt.com


41

Features 2.13.2

The following features are available for Application Profiling.

Feature Overview

Application

Profiling Report

A feature that monitors the communication that

applications are using, and provides reports that make

latent risks to the applications (suspected information leaks

and communication hypothesized to be unrelated to work)

visible.

Application Profiling Report feature raises conceivable application communication that

supposedly have high risk from actual application usage, displays explanations of

hypothetical risks and advice for safely using the application.

Please check the following website for application communications that can be

monitored.

http://apps.paloaltonetworks.com/applipedia/

Reports are created once a month.

Analysis Capacity







Restrictions 2.13.3


In order to connect the SIGs with Application Profiling, you must have two IP

address blocks available. If the IP address block is already being used, NTT Com

Group might ask you to change it.







Other restrictions

There are some rules which must be set allow permission in VM Firewall. Please

refer to VM Firewall parameter sheet.





ntt.com


42

(Examples)










Application Profiling does not guarantee that the Application Profiling feature has


application identification algorithms provided by the developers or distributors of

the devices making up the Application Profiling feature is not guaranteed.


devices making up the Application Profiling feature.

- Configuration information obtained from providing application profiling

- Information relating to Application Profiling processing


between Application Profiling and your environment, or failures that occur due to

your operations other than those specified by NTT Com group.

2.14 Network Profiling

Overview 2.14.1

Network Profiling is a service which is used to provide visualized reports of unknown

threat or hidden risk by monitoring communications.


Interconnectivity.

Features 2.14.2

The following features are available for Network Profiling.

Feature Overview

Network Profiling

Report

A feature that monitors communication to the VM and

from the communication status provides reports that

make unknown threats and latent risks visible.

Network Profiling Report feature monitors communication to the VM, and provides

reports that make latent risks to the network visible, based on the correlation

analyses on traffic logs and threat logs (viruses and unauthorized access) performed

by a security analyst.

Reports are created once a month.

ntt.com


43

Analysis Capacity







Restrictions 2.14.3


In order to connect the SIGs with Network Profiling, you must have two IP address









Other restrictions





(Examples)










Network Profiling does not guarantee that the Network Profiling feature has


application, virus and URL identification algorithms provided by the developers or

distributors of the devices making up the Network Profiling feature is not

guaranteed.


devices making up the Network Profiling feature.

ntt.com


44

- Configuration information obtained from providing network profiling

- Information relating to Network Profiling processing


between Network Profiling and your environment, or failures that occur due to your


2.15 RTMD Web

Overview 2.15.1

RTMD Web is a service that detects unauthorized malware intrusions, makes unknown

threats and latent risks visible, and reports them. Principally, it provides a file analysis

feature and a communication analysis feature.

It not only performs signature-based analysis on the Customer communication that

passes through vFW/INA by mirroring it, but also it actually reproduces suspicious

communication in the RTMD Web virtual environment, and analyzes malware

dynamically.

Features & Restrictions 2.15.2

Details of RTMD Web service differs from customer’s circumstance and need to be

discussed in each case.

2.16 RTMD E-mail

Overview 2.16.1

RTMD Email is a service that detects unauthorized malware intrusions via Email,

makes unknown threats and latent risks visible, and reports them. Principally, it

provides a file analysis feature.

It not only performs signature-based analysis on the Customer communication that

passes through vFW/INA by mirroring it, but also it actually reproduces suspicious

communication in the RTMD Email virtual environment, and analyzes malware

dynamically.

Features & Restrictions 2.16.2

Details of RTMD E-mail service differ with each customer’s circumstances and need to

be discussed in each case.

ntt.com


45

3 Operation and Maintenance

3.1 Operation Service

NTT Com Group provides operation center called “GROC” for our Security service

customers for global DCs. GROC accepts inquiries and PCRs (Policy Change Requests),

sends failure notifications from and to end customers respectively.

Operation 3.1.1

Content of operation is defined for each service menu.

Menu Outline

Network Security IPS/IDS Health & Availability

Change Management

Security Incident Management (Automatic)

Service Incident Management

Contents Security

Email-Anti-Virus

Web-Anti-Virus

URL Filtering

Application Filtering

WAF

Indicated UTM

(Compact/Large)

Health & Availability

Security Incident Management (Automatic)


VM Security VM Anti-Virus Health & Availability.

Change Management.

Incident Management.


VM Virtual Patch

VM Firewall

Profiling Application Profiling

Health & Availability

Security Incident Management (Security Analyst validation)


Proactive remediation.

Network Profiling

RTMD RTMD Web

RTMD E-mail

3.2 Maintenance

A) Maintenance Window

4:00 – 8:00 (UTC) of every Sunday

Changes that require system downtime/scheduled maintenance will be done with prior

notification.

B) Emergency Maintenance

Maintenance work will be done with prior notification during non-maintenance hours

in emergency situations.

ntt.com


46

4 Security Web Portal

Security service provides its own customer portal, WideAngle Customer Portal for

non-Japanese DCs and Security Web Portal for Japan DC. It is linked to from the

Cloud tab of the Enterprise Cloud customer portal.

From the Security Web Portal, you will be able to see logs and reports.

ntt.com


47

5 Billing

Customer purchasing EC Security service will be billed according to the table below

and the service they have requested/used.

Menu Unit Billing Method

Security Network

Security

IPS/IDS Service Flat rate monthly*

Contents

Security

Email-Anti-Virus Service Flat rate monthly*

Web-Anti-Virus Service Flat rate monthly*

URL Filtering Service Flat rate monthly*

Application Filtering Service Flat rate monthly*

Unauthorized

Access Prevention

Service Flat rate monthly*

Web Browsing

Security


Internet Gateway

Security


WAF Service Flat rate monthly*

Integrated

Security

Appliance

UTM Compact Service Flat rate monthly*

Large Service Flat rate monthly*

Web

Security

(WAF)

Entry Service Flat rate monthly*

Compact Service Flat rate monthly*

Large Service Flat rate monthly*

VM Security VM Anti-Virus VM Flat rate monthly*

VM Virtual Patch VM Flat rate monthly*

VM Firewall VM Flat rate monthly*

VM Security

Advanced Package

VM Flat rate monthly*

Profiling Application Profiling Service Flat rate monthly*

Network Profiling Service Flat rate monthly*

RTMD RTMD Web Service Flat rate monthly*

RTMD E-mail Service Flat rate monthly*

* Even if the service starts or ends in the middle of the month, the monthly fee will be billed.

ntt.com


48

6 SLA

NTT Com Group does not provide a Service Level Agreement for EC Security option

services.

ntt.com


49

7 Disclaimer

NTT Com Group reserves the right to supply alternative equivalent or better services

in the event of items becoming unavailable through normal supply channels.

enterprise cloud security option · enterprise cloud security option ... waf

Documents