Customer Premise Network Security

The N.C. Department of Information Technology’s Customer Premise Network Security service augments N.C. Identity Management’s (NCID) functionality by providing an additional layer of network security for all who can access the network, including remote users and business partners.

A fully managed solution consisting of hardware, software and support, this service provides standards-based encryption technology, authentication, authorization and inline protection against threats from hackers, viruses and worms that attack networks and computing equipment.

NCDIT’s Network Security team manages all phases of the firewall and VPN security solution, including architectural validation, implementation, operations and ongoing configuration management. Network security analysts provide consultation and recommend security best practices to assist in establishing your desired data-asset protection security policy.

Order Customer Premise Network Security

Getting Help

Support Get Technical Support
NCDIT Service Desk: 919-754-6000
Support Hours 24/7
Left Child Paragraph
Tab/Accordion Item

Features

  • Firewall and VPN are procured by NCDIT’s network security team and are installed, configured and supported at your site.
  • Protect and/or encrypt sensitive data (e.g., credit card, medical data, personally identifiable information).
  • Authenticate and authorize users according to their profiles and give them access to a pre-authorized list of agency or enterprise resources.
  • Monitor network activities for malicious behavior, and block or prevent those activities.
  • 24/7 centralized monitoring and management via NCDIT's Network Security Operations and Service Desk.
  • Security best practices and service options consulting from network security analysts.

View a matrix of Customer Premise Network Security features by performance capacity.

See the Technical Information section on this page for more information.


Benefits

  • Secure your IT environment by blocking or preventing malicious network activities.
  • Prices are below or within Gartner Group's Security Services market rates.
  • Users who access agency or enterprise resources are trusted because of the solution’s strong authentication and authorization access restrictions.
  • Cost savings and operational efficiency are achieved when authenticating and authorizing users because the solution leverages NCID’s pre-authorized list of agency and enterprise resources.

Request Process

Authorization

  • Service requests that incur a cost to the agency will typically require approval from the requesting agency’s CIO, financial officer or manager, depending upon your agency's requirements. 
  • Any staff with access to the NCDIT Service Portal may engage the team for support or information.

Requirements & Customer Responsibility

Required NCDIT Services None
Other Technical Requirements & Prerequisites
  • Transport technologies and telecommunications service provider(s) in your geographic area
  • Secure physical facility with access control restrictions
Customer Responsibility
  • Agency staff are required to submit a ticket using the NCDIT Service Portal for additional support or information regarding this service. 
  • Perform a security vulnerability assessment and a risk analysis of environment, prior to the initial consulting meeting.
  • Designate a 24/7 point of contact for reporting and coordinating outages or emergency maintenance.
  • The contact will be the only authorized contact for security-related issues, including the approval of the initial security policy and requesting policy changes.
  • The contact will provide NCDIT with VPN group administrators who are responsible for assigning group membership to users.
  • Implement remote access security policies that enforce the use of sound security practices to keep VPN client system(s) secure against unauthorized access and other security threats and that comply with the statewide information security standards.
  • Contact the NCDIT Service Desk to report problems or request assistance.
  • Allow required security updates and maintenance services to be performed in a timely manner.
  • Review firewall security policy on a quarterly basis.

Expected Delivery

Acknowledgment Time The service team should acknowledge a service request within about 24 hours.
Turnaround Time
  • The service team should be able to complete a well-defined service request within about a week.
  • Procurement and licensing steps required before the delivery of services may extend the timeline. 
  • Security service installation occurs between 45 and 60 days or longer, depending on availability from the date of the consultation meeting signoff.

Customers

Suggested For Any state or local government agency as well as educational institutions
Required For None
Spotlight Customers
  • N.C. Department of Health and Human Services 
  • N.C. Department of Transportation 
  • N.C. Department of Commerce

Support Process

Submit a ticket using the NCDIT Service Portal or contact the NCDIT Service Desk at 919-754-6000.

Service Support Hours
  • Support for the service is available 24/7.
  • For non-critical and medium priority incidents, support is available weekdays from 7 a.m. to 6 p.m. (excluding state holidays).
Service Availability The service is available 24/7, excluding planned outages and maintenance windows.
Standard Maintenance Windows

Infrastructure and standard change activity:

  • Sundays: 4 a.m. to noon
  • Thursdays: 4-7 a.m.

Service-specific activity (e.g., security patch deployment, system enhancements and some system upgrades and updates):

  • Mondays to Fridays: 6 p.m. to 7 a.m. (when service interruption is not anticipated)
  • Thursdays: 8 p.m. to 2 a.m. (when service interruption is anticipated)
Service Communications
  • Changes or outages that might have an impact on customers are communicated through the NCDIT Communications Hub and Agency Change Approval Board. 
  • The agency's admin for this service will support communications to the agency users of the service..
Service Level Agreements NCDIT Global Service Level Agreement

  • Approved rates for this service are published in the NCDIT Rate Schedule.
  • Monthly recurring charges cover NCDIT’s costs for hardware, software, maintenance and management of required equipment. Major cost drivers include the size and performance of equipment required to support your business requirements.
  • Additional costs could include one-time charges for consultation and implementation.
     

View NCDIT Rate Schedule

Fully Managed Service Options

Option Details
SSL VPN Service 

The SSL VPN service option is a fully managed solution for customers whose remote or travelling users and business partners require secure remote access to a pre-authorized list of agency and enterprise resources. This service provides standards-based encryption technology, authentication and authorization of users based on their profiles. 

All phases of a VPN security solution are managed, including architectural validation, implementation, operations and ongoing configuration management.

Service options include secure encrypted remote access to information protected by the firewall:

  • Protection and encryption of sensitive data (e.g., credit card, medical data, personally identifiable information)
  • Integration with NC Identity Management (NCID) for user authentication and authorization to allow access to a pre-authorized list of agency or enterprise resources
  • Access restrictions based on VPN groups (5 VPN groups are included with the service. Additional VPN groups are available for more granular authorization and are priced separately.)

Customer responsibilities include additional customer POC responsibilities for this service option include providing VPN group administrator(s) responsible for assigning group membership to users:

  • Implement remote access security policies that enforce the use of sound security practices to keep VPN client system(s) secure against unauthorized access and other security threats and that comply with the statewide information security standards.
Intrusion Prevention Service (IPS) Service 

IPS provides a critical defensive layer of security for the customer's network by monitoring network activities for malicious behavior and blocking or preventing those activities. This service option is a fully managed Internet Protocol (IP) based security solution designed to provide inline protection against threats from hackers, viruses and worms that attack customer networks and computing equipment. 

We manage all phases of the service, including consulting for the required policies, implementation, operations and ongoing configuration management.

Key features include:

  • All required activities to complete service installation
  • Implementation of a customer-defined security plan to meet your security requirements by providing protection for all your security domains, including VPN traffic
  • Continual tuning of security policies to ensure the detection and response technologies are well adapted to the customer's environment
  • Zero-day attack protection using anomaly detection
  • Risk rating-based policy provisioning
  • Real-time view of events
  • Customer notification of pre-identified critical events
  • Visibility of customer network events for the preceding 30 days
  • Monthly trend reports e-mailed to the customer

Key benefits include:

  • Single platform for security services, tightly integrated with other network security elements to maximize the effectiveness of security technologies
  • Enhanced firewall protection from looking deeper into packets and providing real-time protection against worms, Trojans and exploitation of application and OS vulnerabilities
  • Customized security posture, tailored to the specific requirements of the individual site, to provide protection against external and internal threats
  • Selection of IPS throughput based on customer needs; IPS capabilities hardware-accelerated to provide maximum performance
  • Comprehensive and timely attack protection, provided by Global Correlation, to address emerging threats and provide real-time signature updates every 15 minutes
  • IPS Reputation Filtering technology to proactively protect your network from known malicious users
  • Help meeting compliance mandates and securing critical assets and networks

Customer responsibilities include:

  • A customer point of contact for 24-hour reviewing of event notifications
High Availability Service 

This service option includes:

  • Redundant firewall/VPN device
  • A switch installed between the WAN connection and the firewall
Vendor Access Service 

This service option includes:

  • 10 MB access from the vendor’s connection termination point to the state’s network
  • Private access to the agency’s VRF and/or enterprise applications services
  • VPN termination from an external vendor

Customer responsibilities include:

  • Provide WAN connectivity from the vendor site to the state’s network
  • Be a point of contact and coordinate activities with vendor and this service

Service components, implementation and support include:

  • All hardware and software components required to deliver the security service
  • NCDIT’s configured and supported firewall/VPN installed at the customer's premise
  • All required activities to complete the service installation
  • Consulting includes service options and security configurations
  • Fully managed service
  • 24/7 centralized monitoring and management via NCDIT’s Network-Security Operations and Service Desk