internet safety and security solution requirements - btrc

7
Bangladesh Telecommunication Regulatory Commission IEB Bhaban, Ramna, Dhaka-1000 Internet Safety Solution in Bangladesh

Upload: sami-doha

Post on 07-Nov-2015

217 views

Category:

Documents


4 download

DESCRIPTION

a BTRC tender

TRANSCRIPT

  • Bangladesh Telecommunication Regulatory Commission

    IEB Bhaban, Ramna, Dhaka-1000

    Internet Safety Solution in Bangladesh

  • 54

    Section VIII. Solution Specifications and Capability

    General Requirements & Capability

    1 URL and Content Filtering

    2 IP addresses and Port blocking

    3 The solution should have the capability to comply the Parental Control for complying Childrens Internet

    Protection Act (CIPA) and/or Internet Watch Foundation (IWF).

    4 URL and Portal Categorization (Porn / Sex, Drug, Social Networking, Educational, Fashion, Forum etc.)

    5 The solution must recognize all major languages (fully scalable) filter / block accordingly

    6 The solution should be an independent third-party certified for its filtering performance ; and/or,

    The bidder/OEM should give the assurance for the quoted performance benchmarking on its letter head, which may become liable for their international good-will.

    7 The solution-vendor should offer 24/7 technical support to BTRC.

    8 Scalable and Redundant solution.

    9 360 View of End To End Network-Nodes (Users, Operators etc.) for health monitoring

    10 Quality Assurance Certificate from Independent Certification Authority & ICT Regulators

    Interface, Network Architecture, Performance & Routing Capability

    1 The solution must be capable to withstand/support the following bandwidth-levels without slowing-down the internet-traffic / degradation in performance:

    2 Managing 50 Gbps (as minimum) of international internet bandwidth used by Bangladesh via either its 7 (seven) carrier level operators [1 (one) submarine cable and 6 (six) ITCs] or by its 27 (twenty seven) IIGs.

    3 The solution should support the standards based multi-link aggregation technology (IEEE 802.3ad) to achieve higher bandwidth.

    4 The solution should support VLAN tagging (IEEE 802.1q) with about 4096 VLANs supported (in NAT/Route mode)

  • 5 The solution should be designed to support all sorts of scalability/expansion requirements and should be scalable to support futuristic capacity requirements without much hardware expansion preferable with software-license expansion.

    6 The solution should be implemented in such a way that this solution should not introduce any single point of failure and systems shall provide 99.95% or higher.

  • 55

    7 The solution should be robust and capable enough to support all sorts of routing policy (e.g. static, policy based, dynamic, multicast etc.) and other routing requirements, if applicable, to deploy the solution.

    8 The solution should not introduce latency more than 20ms in the network (SC, ITC or IIG to end-user in whatsoever circumstances).

    9 The solution should be able to perform URL filtering and traffic analysis in real time.

    10 It shall pass http traffic (which is not intended to be blocked) and non-http traffic at line rate i.e. No Latency. As completely-inline solution affects the business critical traffic

    11 The solution should be capable of working in an environment with Asymmetric traffic, with no shortcomings due to it.

    12 The solution must use a security-hardened, carrier-grade and/or purpose-built operating system. General purpose OS like Windows, even though hardened, is highly discouraged.

    13 The system should support easy Software / Hardware upgrade.

    14 The solution should support both IPv6 as well as IPv4 (IPv6 Phase II Ready certified).

    15 The IIGs should provide the support by routing the relevant traffic as required by the solution partner to integrate the system e.g. PBR on the existing router.

    16 The solution must not cause any disruption of traffic in case of its failure. The traffic can flow unfiltered in that scenario, but with no disruptions

    URL & Content Filtering Capability

    1 The solution shall have the capability of URL & Content filtering at high bandwidth.

    2 There should not be any limitation on the no of URLs in the block list.

    3 The solution should have a Web GUI to block/unblock IP Addresses/ports as and when required by the administrator.

    4 The solution should have a Web GUI to white/grey/black list URLs as and when required by the administrator.

    5 The system should support access control black-list, grey-list and white-list.

    6 The solution should be capable of inspecting and blocking various outbound packets (TCP / UDP) to various domains/IPs provided the relevant traffic is passed to the system.

    7 The solution should filter specific traffic matching the URL. Other URLs of the same domain and other non-http traffic should pass unfiltered. For HTTPS, the domain should be blocked.

    8 The solution should be able to provide a Replacement Webpage (HTML format or a redirected webpage) in case of ISP users accessing the blocked URLs.

    9 The solution should have URL categorization with more than 50 categories and cover major languages.

  • 56

    10 The system should support Safe-Search Filter which allows IIGs to enforce how strictly search results are to be filtered regardless of the users own choice in the search engine.

    11 The URL category should also include the categorization of Anti Malware and Anti Phishing websites.

    12 The solution should offer dynamic URL categorization and the capability to update uncategorized URL in to category of URL within 24 hours.

    13 The solution should be Internet Watch Foundation (IWF) Compliance and regular updating of the database to block Malware & Malicious Website.

    14 Rules and policies must be highly flexible and can be set according to different types of URL and Content filtering requirements as and when required by the administrator using the WEB GUI.

    15 The solution should support Web API for integration with 3rd Party Systems for provisioning, if required.

    16 The solution shall be able to detect and block zero-hour proxy site use, most commonly used in attempt to bypass web filtering solution.

    Real-Time Monitoring and Alert Service Capability

    1 The solution should have Web GUI to display KPIs like latency, CPU usage, Memory, Disk Space etc in the Graphical Format.

    2 Provision to support the SNMP (for sending alerts to NMS in case of system failures).

    3 Provision to generate the automatic notification of events via SNMP

    4 Provision to support simultaneous login of multiple-administrators

    5 Provision to export the configuration to a Text file via Web or TFTP

    DPI, Network Forensic, IDS and IPS Capability

    1 The solution should be robust and secured enough to protect itself by using its own Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

    2 The solution should be robust and secured enough to protect itself by inspecting and blocking various inbound packets (TCP / UDP) to/from various domains/IPs.

    3 The solution should be robust and secured enough to protect itself by its own ability to detect and block all sorts of vulnerability regarding cyber-attacks and network-reconnaissance.

    4 The solution shall be capable and robust enough in accordance with the Phase III requirements of CIRTs recommended by ITU IMPACT, for the solutions own security/safety.

    Management and Administration Capability

    1 It solution should have a GUI feature to enter blocked URLs / Contents. The solution should have GUI for automatic-blocking, manual-blocking, unblocking etc. of URLs / Contents as per defined rules/policies as on-demand.

  • 57

    2 The solution should support Web UI (HTTPS) and CLI (SSH) based Management.

    3 The solution should have configurable option to define remote access to the device on any interface and restrict the same to a specific IP/Subnet (i.e. Trusted Hosts for Management).

    4 All the nodes of the solution should have the capability to be managed and monitored centrally from a standard Windows based PC/Server at BTRC. This has to be done securely over Internet.

    5 The solution should be accessed/configured/managed through a console connection (RJ45 / DB9)

    6 The solution support for role based administration rights of the solution.

    7 The solution should support simultaneous login of multiple-administrators.

    8 The solution should support system software rollback to the previous version in case of failure in the application up-gradation.

    9 The system should support (generate and store) audit log of each users actions and activity.

    Logging and Reporting Capability

    1 Centralized logging and reporting platform (software based) will be required at each IIGs which is capable to meet the customized reporting needs. To support the software based logging solution, the compatible Server with the OS needs to be provisioned.

    2 The reporting module should be installed on the separate set of redundant servers and should not impact the performance of the filtering engine when report generation is in process.

    3 The platform should be capable of retaining the processed reports for a period of 6 (six) months.

    4 The solution should offer extensive reporting tools to report on policy, accessed URL or page, group, IP and bandwidth and multiple levels reporting rights that are stored and can be accessed on any given time.

    5 The reports should be available in tabular and graphical format.

    6 The reports can be exported in: .csv/ .xls/ .pdf etc. file formats.

    7 The reports should be available in Daily/Weekly/Monthly formats.

    8 Support of Role based access rights on reporting platform.

    9 Provision to send reports to multiple email recipients automatically.

    10 Provision to customize the dashboard (eg: by selecting suitable Widgets) for reporting module.

    11 At least the following reports (as well as any Combinations of these) should be available from the system:

    a. Traffic Reports (both In-Bound and Out-Bound) per URL / IIG / IP / Ports / Website Hits etc.

    b. Filtering Report (both In-Bound & Out-Bound) per Subscriber / URL Domains / Requested URLs etc.

  • 58

    Fact Sheet

    The bidder(s) are served with the Information of ILDC & IIG (updated till March, 2014), which may become helpful to understand and design the ISS for Bangladesh. The Information of ILDC & IIG is consisting the following 3 (three) sets of information and the Download-Link is given below as well.

    i. Capacity-Usage Information on International Long Distance Cable (ILDC) of Bangladesh

    ii. Gateway, DPI/Firewall & Bandwidth related Information on International Long Distance Cable (ILDC) of Bangladesh.

    iii. Gateway, DPI/Firewall & Bandwidth related Information on International Internet Gateway (IIG) of Bangladesh.

    Download Link :: http://rapidshare.com/share/66EE3514BCBE6C8E6B1F51937412AA29