Additional network security
Depending on the application, Swisscom also recommends examining the use of service-specific security components.
Web application firewalls from third-party producers
Web application firewalls are reverse-proxy systems, and they can reduce the attack surface with web servers and web services, for example. They do this by opening and filtering the data stream between the end device and the system in the cloud. Because web application firewalls operate on the application level, they run in addition to the existing firewall environment. Currently, there are many web application firewall products on the market that can be used in combination with a virtual environment.
Managed Web Application Firewall Service operated by Swisscom
Instead of operating the virtual web application firewall from third-party producers by yourself, Swisscom is offering you a managed service. With the Managed Web Application Firewall from “Managed Security Services – individual” (MSS-i), you can protect applications that are available via the Web, for example, Web shop, SharePoint, Web mail and many more. Unlike classic firewalls, the Web Application Firewall analyses the content of a data connection and does not just filter it. Choose between two modes: logging only and blocking and logging. With the logging only version, the firewall is set to sniffer mode and potential attacks are logged and reported. With the blocking and logging version, the Web Application Firewall prevents attacks and thus stops them from attacking the application.
The operation of these virtual systems is identically to an appliances based solution. For Security Services Swisscom has a dedicated 24/7 security operation center (SOC) in Switzerland. The customer will have access to a dashboard and has a personal code to dial-in directly to a Security-Expert. In addition change management, release management, incident management, licence management, configuration management, backup management and vulnerability management is included. For more detail information visit www.swisscom.ch/mss-i.
The use of VPN gateways is recommended for secure remote access to systems in the cloud environment, or to connect other network environments.
Verification of system and network security
There are various options with which to verify the security mechanisms being deployed. Normally, port scanning and vulnerability scanning systems are used for that purpose. Such systems check the configuration of the firewall, on the one hand. They can also be used to identify any possible vulnerabilities in the cloud systems. Swisscom recommends scanning such systems externally (Internet) and from the internal network on a regular basis. Swisscom security experts will be happy to support you with an analysis.