Corrigendum 3. Tender Number: 10/ dated

Similar documents
Tender 10/ dated Reply to Pre-bid Queries

Check Point DDoS Protector Introduction

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

Surat Smart City Development Ltd. Surat Municipal Corporation 1

haltdos - Web Application Firewall

McAfee Network Security Platform

McAfee Network Security Platform

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

This release of the product includes these new features that have been added since NGFW 5.5.

Data Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Comprehensive datacenter protection

Palo Alto Networks PCNSE7 Exam

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Check Point DDoS Protector Simple and Easy Mitigation

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

This release of the product includes these new features that have been added since NGFW 5.5.

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

IxLoad-Attack TM : Network Security Testing

TENDER ACTIVE COMPONENTS TENDER DOCUMENT at ITI Data Center TENDER NO: ITI DEPARTMENT

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

Stonesoft Next Generation Firewall

This release of the product includes these new features that have been added since NGFW 5.5.

CISCO EXAM QUESTIONS & ANSWERS

RUGE. Rugged IP load generator (Ruge) Ruge gives your network a serious beating. Just to make sure it does not fail when it is time to go live.

Monitoring the Device

This release of the product includes these new features that have been added since NGFW 5.5.

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

Reduce Your Network's Attack Surface

This release of the product includes these new features that have been added since NGFW 5.5.

SmartWall Threat Defense System - NTD1100

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

Appliance Comparison Chart

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Managing Latency in IPS Networks

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

NIP6000 Next-Generation Intrusion Prevention System

AccessEnforcer Version 4.0 Features List

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Imma Chargin Mah Lazer

Design and Deployment of SourceFire NGIPS and NGFWL

Systrome Next Gen Firewalls

Appliance Comparison Chart

Security, Internet Access, and Communication Ports

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

McAfee Network Security Platform 9.1

DDoS Detection&Mitigation: Radware Solution

Future-ready security for small and mid-size enterprises

Cubro Packetmaster EX12

Configuring attack detection and prevention 1

Network Security. Thierry Sans

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Barracuda Firewall Release Notes 6.6.X

Addendum to RFP SSL/IT/RFP-004/ dated 28-March-2017

A10 DDOS PROTECTION CLOUD

Fundamentals of Network Security v1.1 Scope and Sequence

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Understanding Cisco Cybersecurity Fundamentals

F5 DDoS Hybrid Defender : Setup. Version

This release of the product includes these new features that have been added since NGFW 5.5.

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Imperva Incapsula Product Overview

Security, Internet Access, and Communication Ports

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

Security, Internet Access, and Communication Ports

Venusense UTM Introduction

45 10.C. 1 The switch should have The switch should have G SFP+ Ports from Day1, populated with all

KillTest. 半年免费更新服务

McAfee Network Security Platform

McAfee Network Security Platform 8.3

Cisco s Appliance-based Content Security: IronPort and Web Security

McAfee Network Security Platform

QUOTATION CALL NOTICE

:- IDBI /PCELL/ RFP/

McAfee Network Security Platform 9.2

Pulse Secure Application Delivery

Configuring attack detection and prevention 1

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

F5 Synthesis Information Session. April, 2014

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

McAfee Network Security Platform

Network Security Platform Overview

SANGFOR AD Product Series

This release of the product includes these new features that have been added since NGFW 5.5.

Features and Functionality

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Network Security Platform 8.1

Addendum & Corrigendum-2 Request for Proposal

Driving Network Visibility

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

New Features and Functionality

Detecting Specific Threats

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Your First Line of Defense AGAINST DDOS ATTACKS. change the rules for inspection performance, security intelligence and

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Transcription:

(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial of Service (DDoS) protection solution. Last Date & Time for receipt of Offers: Extended Last Date & Time for receipt of Offers: 25.10.2016 at 4:00 PM. 28.10.2016 at 4:00 PM. From: The Assistant General Manager Corporation Bank Information Technology Division Head Office, Mangalore-575001 Karnataka.

Sr. No. Specification Compliance 1 Hardware and Performance 1.1 DDoS solution should be a dedicated hardware appliance designed exclusively for DDOS detection and mitigation. The solution should not be a licensed feature on any other network devices (like Firewall and Load Balancer Appliance etc.) 1.2 Device should have at least 8 x 1G copper Interfaces with port level bypass 1.3 Should have at least 4 x 1G SFP fibre/ 4 x 1 G Internal fibre interfaces with port level bypass 1.4 System should have scalable inspection throughput of 500 Mbps scalable to 3 Gbps without additional hardware. 1.5 Present license should be for 500 Mbps throughput and a minimum of 2 million concurrent sessions 1.6 System latency should be less than <80 microseconds and should be clearly documented in the data sheet. 1.7 System should have High performance ASIC-based DoS-mitigation engine ensures that attack mitigation does not affect normal traffic processing and Maximum DDoS Flood Attack Prevention Rate up to 1 Million PPS 1.8 SSL attack prevention Module/appliance System should Mitigate encrypted attacks and should have 3000 SSL CPS on day 1 and upgradable to 5000 SSL CPS with 2048 bit Key 1.9 In inline mode system must not modify MAC or IP addresses of passed frames 1.10 The device should support high availability. 1.11 System should Fail-Open or should bypass the traffic in case of Hardware failure 1.12 System should support Multiple Segment protection minimum of 4 Segments. 2 Generic Features 2.1 System should support, In-Line, SPAN Port, Out-of-Path deployment modes by default without any extra license cost. 2.2 Solution should be transparent to control protocol like MPLS and 802.1 Q tagged VLAN environment. Also it should transparent to L2TP, GRE, IPinIP traffic. 2.3 The system should be transparent to logical link bundle protocols like LACP 2.4 The Solution should be IPV6/ dual stack compatible IPV6 certified 2.5 Solution Should detect IPv6 Attacks 2.6 Solution should mitigate IPv6 Attacks 2.7 The DDoS detection capability of the solution must not be impacted by asymmetric traffic routing. 2.8 Should detect and Mitigate attacks at Layer 3 to Layer 7 2.9 Should support inspection of standard network MTU. 2.10 The system must allow protection parameters to be changed while a protection is running. Such change must not cause traffic interruption 2.11 The appliances must have dual power supplies for redundancy.

3 Security / DDoS Feature 3.1 System should Protect from multiple attack vectors on different layers at the same time with combination of Network, Application, and Server side attacks 3.2 Solution should provide protection for volumetric, protocol and Application layer based DDoS attacks 3.3 Inspection and prevention is to be done in hardware 3.4 The system must have an updated threat feed that describes new malicious traffic (botnets, phishing, etc...). 3.5 The system should be capable to mitigate and detect both inbound and outbound traffic. 3.6 Solution should provide real time Detection and protection from unknown Network DDOS attacks. 3.7 System should have mitigation mechanism for protection against zero-day DoS and DDoS attacks without manual intervention. 3.8 System should support horizontal and vertical port scanning behavioral protection 3.9 System supports behavioral-based application-layer HTTP DDoS protection 3.10 System supports DNS application behavioral analysis DDoS protection 3.11 System must be able to detect and block SYN Flood attacks and should support different mechanism a SYN Protection - Transparent Proxy/out of sequence b SYN Protection - Safe Reset c SYN Protection /TCP Reset. 3.12 System must be able to detect and block HTTP GET Flood and should support mechanisms to avoid False Positives 3.13 Should support following HTTP flood Mechanism : a High Connection Rate b High rate GET to page c High rate POST to page 3.14 System should detect and Mitigate different categories of Network Attacks: a High rate SYN request overall b High rate ACK c High rate SYN-ACK d Push Ack Flood e Ping Flood f Response/Reply/Unreachable Flood g any other DOS/DDoS attacks 3.15 System should provide zero-day attack protection based on learning baseline / behavioral analysis of normal traffic, zero-day attacks are identified by deviation from normal behavior. 3.16 System should provide behavioral-dos protection using real-time signatures 3.19 System must be able to detect and block ICMP, DNS Floods 3.20 Should support IP defragmentation, TCP stream reassembly. 3.21 The system must be able to block invalid packets including checks for : Malformed IP Header, Incomplete Fragment, Bad IP Checksum, Duplicate Fragment, Fragment Too Long, Short Packet, Short TCP Packet, Short UDP Packet, Short ICMP Packet,

Bad TCP / UDP Checksum, Invalid TCP Flags, Invalid ACK Number) and provide statistics for the packets dropped 3.22 Should detect and Mitigate from Low/Slow scanning attacks 3.23 should detect and mitigate from Proxy & volumetric Scanning 3.24 System Should support dedicated DNS protection from DDoS 3.25 System should support suspension of traffic/ blacklisting from offending source based on a signature/attack detection 3.26 System should support user customizable and definable filter 3.27 system should support prevention of malware propagation attacks 3.28 System should support prevention of anti-evasion mechanisms 3.29 System should support Intrusion Prevention from Known Attacks either on the appliance or through external appliance 3.30 System should have capability to allow custom signature creation 3.31 System should protect from DDoS attacks behind a CDN by surgically blocking the real source IP address 3.32 The system must support the ability to blacklist a host, country, domain, URL 4 Protection against Encrypted Attacks 4.1 System should have on device SSL/ out-of-path inspection from same OEM as of DDoS solution provider 4.2 Proposed Solution should Protect against SSL & TLS-encrypted Attacks with an separate SSL Decryption module on device / out of Path 4.3 Proposed solution should Protect against SSL & TLS-encrypted information leaks with a separate SSL Decryption module on device / out of Path 4.4 Proposed Solution should provide protection for known attack tools that attack vulnerabilities in the SSL layer itself with a separate SSL Decryption module on device / out of Path 4.5 Proposed Solution should detect SSL encrypted attacks at Key size 1K & 2K without any hardware changes. 4.6 System should support Outbound SSL Inspection for inspecting the outgoing encrypted traffic and should have capability to integrate with other security inspection solutions. 5 High detection and mitigation accuracy 5.1 System should support Challenge-response (Layers 4 to 7) mechanisms by default /without Scripts 5.2 System should support HTTP Challenge Response authentication by default /without Scripts 5.3 System should support Polymorphic Challenge-Response mechanism by default /without scripts 5.4 System should support DNS Challenge Response authentication : Passive

Challenge, Active challenge Both by default /without scripts 6 Integration Capabilities 6.1 System should have capability to integrate with SIEM solution 6.2 System should have capability to integrate with new/forthcoming network technologies such as it should have ready API for Software Defined Networking (SDN) / Application Centric Infrastructure (ACI) environment integration. (Recommended) 6.3 System should be compatible for integration with the existing Data Centre Management and Orchestration devices/tools/systems. (optional) 6.4 Proposed solution should have capability to integrate with existing security solutions (which are compatible only) with Bank in order to optimize the inspection performance. (Optional) 7 Monitoring & Management 7.1 The system must support configuration via standard up-to-date web browsers. System user interface must be based on HTML 7.2 System must support CLI access over RS-232 serial console port, SSH. 7.3 The system must have a dedicated management port for Out-of-Band management 7.4 Management interfaces must be separated from traffic interfaces. System management must not be possible on traffic interfaces, management interfaces must not switch traffic 7.5 System must have supporting of tools for central monitoring 7.6 System must have concept of users / groups / roles 7.7 Management certificate must be possible to change 7.8 Proposed solution should have centralized management system and should help to manage, monitor, and maintain all DDoS Appliances from a centralized location. 7.9 The system must support Role/User Based Access Control 7.10 The system must support the generation of reports (PDF and e-mail) 7.11 Integration with login authentication system (RADIUS and TACACS+) should be possible 8 OEM Services 8.1 OEM should have their own Security research team to generate signature profile targeted at DoS Tools and the same should be updated weekly to the devices installed at Bank. 8.2 Bidder/OEM to provide support in real-time to the Bank who faces malware outbreak or emergency flood attack 8.3 OEM should have Own Cloud Scrubbing Capability such that Bank can use it in future if required - optional 8.4 Real Time Attack Mitigation: The Bidder/OEM should have Experts who should analyze the attack and advice on adjustments to the security configuration onthe-spot in order to mitigate the attack.

8.5 Post Attack Forensics Analysis and Recommendations 8.6 Security Expert Service: After the customer notification the response SLA of the Security Expert should be within 10 min. And should be available to bank to handle attack situations 8.7 OEM should provide Quarterly Configuration Review and fine tuning of appliance should not be limited by duration / days of effort 8.8 OEM should provide monthly Security event report and should have option to customize as per Bank needs 8.9 Direct Hot-Line Access: Bank should have direct Hot Line access to the Security team for the duration of the attack/campaign and should provide the Toll Free no. as part of RFP response 8.10 OEM should provide 50 Man Days direct Onsite support / assistance during installation at each location of the Bank. 8.11 Quoted OEM should have 24x7x365 India TAC for local support 8.12 OEM Should provide 2 days training and knowledge transfer to Bank 9 Certification / References 9.1 Device should be Common criteria certified at least EAL 3 or above

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback