Bangladesh Telecommunication Regulatory Commission

IEB Bhaban, Ramna, Dhaka-1000

Internet Safety Solution in Bangladesh

54

Section VIII. Solution Specifications and Capability

General Requirements & Capability
1

URL and Content Filtering

IP addresses and Port blocking

The solution should have the capability to comply the Parental Control for complying Childrens Internet
Protection Act (CIPA) and/or Internet Watch Foundation (IWF).

URL and Portal Categorization (Porn / Sex, Drug, Social Networking, Educational, Fashion, Forum etc.)

The solution must recognize all major languages (fully scalable) filter / block accordingly

The solution should be an independent third-party certified for its filtering performance ; and/or,
The bidder/OEM should give the assurance for the quoted performance benchmarking on its letter head,
which may become liable for their international good-will.

The solution-vendor should offer 24/7 technical support to BTRC.

Scalable and Redundant solution.

360 View of End To End Network-Nodes (Users, Operators etc.) for health monitoring

10

Quality Assurance Certificate from Independent Certification Authority & ICT Regulators

Interface, Network Architecture, Performance & Routing Capability

1

The solution must be capable to withstand/support the following bandwidth-levels without slowing-down
the internet-traffic / degradation in performance:

Managing 50 Gbps (as minimum) of international internet bandwidth used by Bangladesh via either its 7
(seven) carrier level operators [1 (one) submarine cable and 6 (six) ITCs] or by its 27 (twenty seven) IIGs.

The solution should support the standards based multi-link aggregation technology (IEEE 802.3ad) to
achieve higher bandwidth.

The solution should support VLAN tagging (IEEE 802.1q) with about 4096 VLANs supported (in
NAT/Route mode)

The solution should be designed to support all sorts of scalability/expansion requirements and should be
scalable to support futuristic capacity requirements without much hardware expansion preferable with
software-license expansion.

The solution should be implemented in such a way that this solution should not introduce any single point
of failure and systems shall provide 99.95% or higher.

55

The solution should be robust and capable enough to support all sorts of routing policy (e.g. static, policy
based, dynamic, multicast etc.) and other routing requirements, if applicable, to deploy the solution.

The solution should not introduce latency more than 20ms in the network (SC, ITC or IIG to end-user in
whatsoever circumstances).

The solution should be able to perform URL filtering and traffic analysis in real time.

10

It shall pass http traffic (which is not intended to be blocked) and non-http traffic at line rate i.e. No
Latency. As completely-inline solution affects the business critical traffic

11

The solution should be capable of working in an environment with Asymmetric traffic, with no
shortcomings due to it.

12

The solution must use a security-hardened, carrier-grade and/or purpose-built operating system. General
purpose OS like Windows, even though hardened, is highly discouraged.

13

The system should support easy Software / Hardware upgrade.

14

The solution should support both IPv6 as well as IPv4 (IPv6 Phase II Ready certified).

15

The IIGs should provide the support by routing the relevant traffic as required by the solution partner to
integrate the system e.g. PBR on the existing router.

16

The solution must not cause any disruption of traffic in case of its failure. The traffic can flow unfiltered
in that scenario, but with no disruptions

URL & Content Filtering Capability

1

The solution shall have the capability of URL & Content filtering at high bandwidth.

There should not be any limitation on the no of URLs in the block list.

The solution should have a Web GUI to block/unblock IP Addresses/ports as and when required by the
administrator.

The solution should have a Web GUI to white/grey/black list URLs as and when required by the
administrator.

The system should support access control black-list, grey-list and white-list.

The solution should be capable of inspecting and blocking various outbound packets (TCP / UDP) to
various domains/IPs provided the relevant traffic is passed to the system.

The solution should filter specific traffic matching the URL. Other URLs of the same domain and other
non-http traffic should pass unfiltered. For HTTPS, the domain should be blocked.

The solution should be able to provide a Replacement Webpage (HTML format or a redirected webpage)
in case of ISP users accessing the blocked URLs.

The solution should have URL categorization with more than 50 categories and cover major languages.

56

10

The system should support Safe-Search Filter which allows IIGs to enforce how strictly search results are
to be filtered regardless of the users own choice in the search engine.

11

The URL category should also include the categorization of Anti Malware and Anti Phishing websites.

12

The solution should offer dynamic URL categorization and the capability to update uncategorized URL in
to category of URL within 24 hours.

13

The solution should be Internet Watch Foundation (IWF) Compliance and regular updating of the
database to block Malware & Malicious Website.

14

Rules and policies must be highly flexible and can be set according to different types of URL and Content
filtering requirements as and when required by the administrator using the WEB GUI.

15

The solution should support Web API for integration with 3rd Party Systems for provisioning, if required.

16

The solution shall be able to detect and block zero-hour proxy site use, most commonly used in attempt to
bypass web filtering solution.

Real-Time Monitoring and Alert Service Capability

1

The solution should have Web GUI to display KPIs like latency, CPU usage, Memory, Disk Space etc in
the Graphical Format.

Provision to support the SNMP (for sending alerts to NMS in case of system failures).

Provision to generate the automatic notification of events via SNMP

Provision to support simultaneous login of multiple-administrators

Provision to export the configuration to a Text file via Web or TFTP

DPI, Network Forensic, IDS and IPS Capability

1

The solution should be robust and secured enough to protect itself by using its own Intrusion Detection
System (IDS) and Intrusion Prevention System (IPS)

The solution should be robust and secured enough to protect itself by inspecting and blocking various
inbound packets (TCP / UDP) to/from various domains/IPs.

The solution should be robust and secured enough to protect itself by its own ability to detect and block all
sorts of vulnerability regarding cyber-attacks and network-reconnaissance.

The solution shall be capable and robust enough in accordance with the Phase III requirements of CIRTs
recommended by ITU IMPACT, for the solutions own security/safety.

Management and Administration Capability

1

It solution should have a GUI feature to enter blocked URLs / Contents. The solution should have GUI for
automatic-blocking, manual-blocking, unblocking etc. of URLs / Contents as per defined rules/policies as
on-demand.

57

The solution should support Web UI (HTTPS) and CLI (SSH) based Management.

The solution should have configurable option to define remote access to the device on any interface and
restrict the same to a specific IP/Subnet (i.e. Trusted Hosts for Management).

All the nodes of the solution should have the capability to be managed and monitored centrally from a
standard Windows based PC/Server at BTRC. This has to be done securely over Internet.

The solution should be accessed/configured/managed through a console connection (RJ45 / DB9)

The solution support for role based administration rights of the solution.

The solution should support simultaneous login of multiple-administrators.

The solution should support system software rollback to the previous version in case of failure in the
application up-gradation.

The system should support (generate and store) audit log of each users actions and activity.

Logging and Reporting Capability

1

Centralized logging and reporting platform (software based) will be required at each IIGs which is capable
to meet the customized reporting needs. To support the software based logging solution, the compatible
Server with the OS needs to be provisioned.

The reporting module should be installed on the separate set of redundant servers and should not impact
the performance of the filtering engine when report generation is in process.

The platform should be capable of retaining the processed reports for a period of 6 (six) months.

The solution should offer extensive reporting tools to report on policy, accessed URL or page, group, IP
and bandwidth and multiple levels reporting rights that are stored and can be accessed on any given time.

The reports should be available in tabular and graphical format.

The reports can be exported in: .csv/ .xls/ .pdf etc. file formats.

The reports should be available in Daily/Weekly/Monthly formats.

Support of Role based access rights on reporting platform.

Provision to send reports to multiple email recipients automatically.

10

Provision to customize the dashboard (eg: by selecting suitable Widgets) for reporting module.

11

At least the following reports (as well as any Combinations of these) should be available from the system:
a.

Traffic Reports (both In-Bound and Out-Bound) per URL / IIG / IP / Ports / Website Hits etc.

b.

Filtering Report (both In-Bound & Out-Bound) per Subscriber / URL Domains / Requested URLs etc.

58

Fact Sheet
The bidder(s) are served with the Information of ILDC & IIG (updated till March,
2014), which may become helpful to understand and design the ISS for
Bangladesh. The Information of ILDC & IIG is consisting the following 3
(three) sets of information and the Download-Link is given below as well.
i. Capacity-Usage Information on International Long Distance Cable (ILDC) of Bangladesh
ii. Gateway, DPI/Firewall & Bandwidth related Information on International Long Distance
Cable (ILDC) of Bangladesh.
iii. Gateway, DPI/Firewall & Bandwidth related Information on International Internet Gateway
(IIG) of Bangladesh.

Download Link :: http://rapidshare.com/share/66EE3514BCBE6C8E6B1F51937412AA29