Texas
Corporate HomeNational CustomerNewsAbout UsContact
Change Location
x
Please select a region from the list below:
Or
Enter your five digit ZIP code:

VPN (Managed Security Service) Product Overview

Description      |

Firewall         |

  VPN        |

VPN/Firewall Solution          |

Expectations

 

Description

The Managed Security Service (MSS) Virtual Private Network (VPN) offers small businesses and national (inter-regional) companies a low cost, reliable solution for all their offices. These offices include small home offices, telecommuters, and branch offices through semi-centralized regional offices. In addition, the advanced security (often comprised of data and user authentication, encryption and firewalls) permits them to feel secure as mission critical data resides on their network or travels over the Internet.

 

Firewall

The Managed Firewall service is a hardware-based platform, which includes vulnerability scanning performed reactively (when a malicious attack is detected by standard firewall signatures) and proactively (on a scheduled, once a week basis). This scanning is used to protect customers from malicious attacks through vulnerability assessments which updates the system to be aware of authorized services and ensure that no unauthorized services are available that may result in exposure to attack. Notifications are provided via e-mail and online reporting.

 

The Managed Firewall service also includes weekly web-based firewall reporting, which includes firewall activity and firewall vulnerability.

 


VPN

VPNs use encryption, authentication, tunneling and other security mechanisms to ensure that only authorized users can access the network and that data cannot be intercepted. VPNs permit similar levels of privacy, security, QoS, and manageability to networks built entirely on dedicated/privately owned or leased facilities.

 

Tunneling, also called encapsulation, works by packaging a network protocol within packets carried by the second network. When tunneling, data is repackaged from one network language into another. What is seen is a header that says where to deliver the data. At the end of the transmission, the wrapper is stripped-off and the package is delivered. With VPNs, even when tunneling occurs, data must still be encrypted.

 

Many small businesses and national (inter-regional) companies desire the primary features offered in VPNs, including security, low cost, and inter-connectivity for all their offices. These offices include small home offices, telecommuters, branch offices, through semi-centralized regional offices. In addition, the advanced security (often comprised of data and user authentication, encryption and firewalls) has permitted them to feel secure as mission critical data resides on their network or travels over the Internet.


The VPN/FW solution incorporates a security appliance (hardware-based VPN/firewall appliances). No PC software is required for the initial offering of the service. The features in the product allow for each location to be provided with 254 private addresses for workstations and servers behind the firewall. The upper half of these addresses will be reserved for dynamic assignment (DHCP) while the lower half will be reserved for static assignment. Also, the hub locations support IP subnet for public inbound services with fixed firewall mapping to inside servers (i.e., WWW, mail, FTP).

 

The VPN/Firewall service allows the following features:

  • Diagnostic and configuration tools
  • Security monitoring
  • Periodic vulnerability assessments
  • Reporting (statistics and trends on attacks and resolutions)

VPN/Firewall Solution

 

Benefits

The VPN service allows Time Warner Cable Business Class customers to transport their data on a secure means while on the cable Broadband network.

 

Service Feature Summary:

  • Single hub site with up to 10 remote sites
  • VPNs are hub and spoke topology (no meshing)
  • Pre-configured VPN appliances provided by your local cable provider for each customer location
  • VPN Tunnels via IPSEC protocols from remote sites to central site
  • 168-bit encryption (Triple-DES)
  • Each site will have public Internet access in addition to their VPN tunnel (split tunneling)
  • Up to 254 private IP addresses allocated for each customer site
  • Network Port Address Translation for Internet-bound connections

Caveats & Product Recommendations

  • The upstream rate from the host or hub site will be the limiting factor in the size and performance of the MSS, as most traffic typically flows from the hub site to remote sites.
  • It is recommended that this MSS be provisioned using the Tiered Access Service and provisioning a higher than standard upstream rate.
  • A bandwidth bottleneck can result if the sum of the remote access rates greatly exceeds the hub access rate.
  • The solution may require a Static IP cable router at the hub site.

Assumptions

  • MSS Initialization & Termination sites will be directly connected to the Time Warner Cable Business Class network via the cable plant.
  • Initial VPN/FW product offering is intended for companies wishing to connect remote sites to a centralized corporate site.
  • Tunnels will be unidirectional to the corporate hub site (VPN tunnels must originate from the remote sites).
  • VPN Standard Product Offering is limited to a maximum of ten tunnels to the Corporate (Host) site.

Expectations

The product is designed for the low-end SMB that requires a secure transport from their remote sites back to their centralized corporate (Host) site and provides protection from malicious attacks or unauthorized access. The product offering includes a range of hardware-based customer premise devices. Commercial customers can expect Time Warner Cable Business Class to provide the Point-to-Point devices and connectivity to establish a secure transport of their data to and from their corporate locations. The devices included are: VPN initialization/termination hardware CPE, standard cable modem, or Static IP cable router. All other equipment connected beyond the VPN initialization/termination CPE will be the responsibility of the commercial customer to install, support, and maintain. In addition, the managed service provider will provide a standard configuration file that will enable the service to coincide with other Time Warner Cable Business Class products and services without conflicting or compromising the functionality of existing approved applications on the Time Warner Cable Business Class network.

 

Commercial customers subscribing to MSS can expect the following to be included as part of the standard functionality of this service:

  • Up to ten dedicated tunnels
  • Diagnostic and configuration tools
  • Security monitoring
  • Periodic vulnerability assessments
  • Reporting (statistics and trends on attacks and resolutions)

Search Customer Service
Manage My Account

Manage My Services
Contact Us
New to TWCBC?
View the Welcome Kit »
Feedback
Thank you for your feedback.
Do you find this page useful?
YesNo
Send us your feedback
Email address (optional)