Network security, control and management system

adeebtaqui · ‎07-27-2016

Which are the most suitable cisco devices for below specifications for network security, control and management.

ISE, prime ?

1.4 Campus Controller

Mandatory Characteristics

Support authentication through local accounts and passwords and associative authentication by setting AD domain server, LDAP server, and third-party RADIUS server as identity authentication sources
Support authentication through association with CA/USB Key and RSA server
Support user synchronization based on OU, user groups , and account attributes
Support simultaneous association with multiple AD/LDAP servers in multi-domain environments
Support AD/LDAP server's best-effort function that ensures high reliability when the AD/LDAP server breaks down
Support tree-structured user group management that is identical with the administrative management structure on the live network, which simplifies user management
Support role management: Administrators can perform authorization management based on user role
Support technologies for identifying multiple types of devices , including SNMP, User-Agent , DHCP, and MAC OUI. Types , operating systems , and manufactures of wireless network access terminals can be identified.
Support automatic and manual grouping based on the device type identification results
Administrators and guest management personnel can manually create guest accounts . Administrators can create a single visitor account or guest accounts in batch. Supports guest account export and printing and notification through emails and Short Messaging Service (SMS) messages.
Guests can apply for a temporary account in a self-service manner. After administrators approve the application, a notification is sent to the guest via web, SMS message, or email. Guests are permitted to apply for an account without
Pushes different Portal authentication pages and registration pages based on different conditions such as terminals' IP address, access AP, device type, and access SSID.
Provides external APls for third-party systems to add, delete, or modify a guest account.
Multiple authentication modes such as 802.1x, MAC, Portal, security gateway , and VPN authentication modes, which implement unified authentication on wired/wireless and internal/external networks.
Unified delivery of security group policies to associated devices, which ensures that users can obtain the same network access policies at any location. Supports incremental synchronization and synchronous status display.
User-based network bandwidth configuration and service priority after access to the internal network from an external network, guaranteeing a quality network access experience for the specified users.
1.5 Network Management System

Mandatorv Characteristics
- System architecture The system uses the browser/server (B/S) architecture and supports the on-demand component-based installation mode to meet service needs. The system supports mainstream browsers in the industry, such as IE, Firefox, and Chrome.
- Operating system The system supports Windows Server 2008 R2 standard, Windows Server 2012 R1 standard, and Novell SUSE Linux Enterprise Server-Enterprise-11 .0 SP3 operating systems that are widely used in the industry, and provides latest patches. The manufacturer must provide screenshots of and links to the proof on the official website.
- Database The system uses mainstream database software in the industry, such as MySQL, SQL Server 2012, and Oracle. To improve security of the entire solution, the system supports distributed and centralized deployment modes for the database . The manufacturer must provide screenshots of and links to the proof on the official website .
- Management capability The system provides large-scale management capabilities . A single set of system can manage no less than 20,000 network resources.
- Deployment mode The system supports single-node and two-node cluster deployment The system can be installed on both physical servers and virtual machines (VMs).
- Communication interfaces All the internal and external communication interfaces of the system use security protocols, such as SSHv2, TLS1 .0, SSL3 .0, IPSec, SFTP, and SNMPv3 .
- System hardening The manufacturer provides a security hardening tool for the system, including the operating system and database. The security hardening tool is provided along with the management system . The manufacturer must provide screenshots of and links to the proof on the official website .
- Encryption protection Involved key information such as passwords and keys are encrypted , and no information is displayed in plain text on the system.
- Antivirus The system has been scanned by at least one mainstream antivirus software, such as Symantec, Office Scan, McAfee, Avira AntiVir , and Kaspersky. The result shows that the system is not infected with viruses or attacked by Trojan horses.
  - The manufacturer provides scanning reports, which describe the antivirus software name and version, virus library version, scan time, and scanning result. The manufacturer must provide screenshots of and links to the proof on the official website .
- Multi-manufacturer device management The system can manage devices from mainstream manufactures including Huawei, Cisco, H3C, and Ruijie.
  - The system provides fast customization capability of basic device management for other manufactures and customized development of advanced management functions based on service needs.
- Resource management The system can uniformly manage routers, switches, firewalls , WLAN devices , servers , storage devices, video surveillance devices , and UC devices and analyze services. The manufacturer must provide screenshots of and links to the proof on the official website.
  - The system supports user-defined grouping of management objects (devices and ports). To reduce management complexity , the system automatically applies alarm , performance, and security policies to groups . In this way , administrators do not need to perform the same operation for multiple times.
- Graphical monitoring The system provides friendly graphical monitoring capabilities and displays network topologies . Users can perform operations in the topologies, for example , viewing traffic , performance, and access terminal information or dividing a region into several sub-regions . In addition, multi-dimensional information is displayed in the topologies.
- Topology customization The system allows users to customize topology nodes, such as devices and Users can also hide or unhide network nodes in the topologies and set their preferred styles .
- Fault management The system monitors network-wide device alarms on a 24/7 basis and sends remote notifications through emails or SMS messages. Users can customize the notification content.
  - The alarm details include fault related information, for example, associated port, fault, link topology, historical traffic information and maintenance experience for a port fault. The manufacturer must provide related screenshots .
  - All the current alarms (a maximum of 20,000 records) are displayed on one page. The manufacturer must provide related screenshots .
- Performance management The system monitors network performance by tasks on a 2417 basis. Users can set different performance threshold conditions to generate critical, major, minor, and warning alarms. The system compares and allows users to view historical performance. The manufacturer must provide related screenshots.
  - Users can view and edit all monitored performance counters and collection intervals on the performance management page. The system displays the performance monitoring pages with previous settings such as the columns and column length based on the login account.