Presentation is loading. Please wait.

Presentation is loading. Please wait.

Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.

Published byErnesto Pierpoint Modified over 8 years ago

Similar presentations

Presentation on theme: "Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry."— Presentation transcript:

1 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry Perspective Shawn Carroll Qwest Government Services, Inc. June 15, 2010

2 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 2 OMB’s Trusted Internet Connections (TIC) Initiative (M-08-05)  Reduce Government’s Internet connections  Improve Government’s security posture  React more effectively to cyber security threats  Improve incident response capability  Reduce malicious penetrations  Reduce theft of critical data  Secure and seamless environment TIC Initiative

3 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 3 Internet Access  Allows agencies to exchange traffic with Internet and external IP networks  Connects via Tier 1 Internet Service Providers (ISPs) EINSTEIN Enclave  Includes Einstein devices with supporting tools and data storage  Furnished, maintained, and operated by US-CERT Security Operations Center (SOC)  Monitors all information exchanged to protect agency IP traffic  Supports TIC Portal authorities/analysts  Identifies security events of interest that may negatively affect portal’s environment and Government security infrastructure MTIPS Transport  MTIPS transport collection network for TIC Portal connectivity  Insulates agency’s internal network from Internet and other external networks Managed Trusted Internet Protocol Service

4 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 4 MTIPS Security Services - Standard  Managed Firewall Service (MFS)  Anti-Virus Management Service (AVMS)  Intrusion Detection & Prevention Service (IDPS)  Email Scanning  Service Enabling Devices

5 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 5 Qwest Offering  MTIPS Gateways through two Hosting Centers  Security appliances for event generation  Access to NBIP-VPNS based on Multi-Protocol Label Switching (MPLS) to connect to agencies  Internet Access  Connectivity to US-CERT and Qwest SOCs

6 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 6 Architecture Overview

7 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 7 MTIPS Portal Architecture With Failover Between Portals Architecture With Failover Between Portals

8 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 8 Access Methods  Dedicated IP – DS0, Tiered T1, Dedicated T1, Tiered T3, T3, OC3, OC12, OC48  Ethernet – 1Mbps, 10 Mbps, 100 Mbps, 1Gbps, 10Gbps  ATM Interconnectivity – T1, T3, E1, E3  FRS – 56Kbps, Tiered T1, T1, Tiered T3, T3, E1, E3

9 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 9 Options  Encryption – ICB MRC  Policy Enforcement – ICB MRC  Forensic Analysis – ICB MRC  Custom Reports – ICB MRC  Agency NOC/SOC Console – ICB NRC  Custom Certification and Accreditation (C&A) Support – ICB NRC  External Network Connection – ICB MRC  Encrypted DMZ – ICB MRC

10 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 10 Qwest Architecture Details FG-5140 Chassis  Maximum Firewall Throughput 182 Gbps  Maximum IPSec VPN Throughput 98 Gbps  Maximum Antivirus Throughput 7 Gbps  Maximum IPS Throughput 56 Gbps  Maximum Concurrent Sessions 28 Million  Chassis Slots 14  Configured for high availability  10 Gbps capable but not currently deployed  Separation through VDOMs

11 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 11 R&E Community Discussion Items  Large volume traffic flows not specified in GSA Statement of Work  40 Gbps, 100 Gbps  IPv4 and IPv6 – Current Einstein deployment IPv4  Jumbo Frame Support  Multicast  Experimental Protocols  Lower Layer Interconnects  Policy Change Control

12 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 12 Questions / Discussion?

13 Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2008 Qwest. All Rights Reserved. Government Services 13 Shawn Carroll Director, Engineering Qwest Government Services, Inc. shawn.carroll@qwest.com (703) 363-8805

Download ppt "Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry."

Similar presentations

Identifying MPLS Applications

Identifying MPLS Applications
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1 Implementing Cisco MPLS (MPLS) v2.2.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1 Implementing Cisco MPLS (MPLS) v2.2.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.

SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Similar presentations

Ads by Google