Today s challenges in Lawful Interception. C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam

Size: px
Start display at page:

Download "Today s challenges in Lawful Interception. C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam"

Transcription

1 Today s challenges in Lawful Interception C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam 1

2 Lawful Interception a Definition Action (based on the law) performed by a network operator / access provider / service provider (NWO/AP/SvP), of making available certain information and providing that information to a law enforcement monitoring facility for investigation purposes. 2

3 Lawful Interception concept (1) Warrant NWO/AP/SvP Interception Provisioning PSTN Internet PLNM LEMF Assignment 3

4 Lawful Interception concept (2) NWO/AP/SvP Warrant PSTN PLNM Internet 4

5 Entities involved in Lawful Intercetion Government Operates in the interests of the nation; Sets the regulatory framework in which Lawful Interception is performed; Defines economical parameters for Lawful Interception activities. Operators Lawfully operate for the sake of their business and profit, almost totally driven by telecommunications; Withstand rules set by the government in terms of lawful interception as an unavoidable; Install proper devices to fulfil the relevant obligations; Law Enforcement Agencies Operate in the name of crime fighting and nation security; Request lawful interception and define the real targets; Receive the communication data extracted by the operators; Need proper devices to playback and decode the intercepted traffic. 5

6 A triviality TELecom Companies and Government agencies are NOT created equal! They have: Different Purposes Different Structure Different Knowledge Different Liabilities Different Activities Different Constraints So they need: but LI requires cooperation! Different Systems Different Approaches 6

7 Different Key Values For the government Agencies Overall solution effectiveness Return on investment (in investigative terms!) Adherence to existing operating procedures Low level of the technicalities to be handled Surgical precision For the Telecom operators Reliability Reduced maintenance and management hassles Low installation and running expenses Integration with the existing network Use of proven COTS hardware Possibility to document the obligation fulfilment 7

8 Lawful Interception Application fields User Government Agencies Voice Recorders, Decoders, Storage, Doc. production Data Recorders, Decoders, Storage, Doc. production Telco Voice Mediation Devices, SS7 probes Voice Mediation Devices, IP probes 8 Circuit Switched Technology Packet Switched

9 LI in Circuit Switched and Packet Switched Networks 9 (that is, why do we face different issues in the two worlds)

10 Once upon a time the mass telecommunications were only bound to the fixed PSTN network; no additional functionalities were provided by the handsets; the transport Network was unique in type and technology, it was based upon Circuit Switching, and the only type of payload transported was VOICE. In this fairy tales world, the interception: operated over a single network, with good-to-excellent results; had to deal with a single type of payload (typically ISDN voice over 64 kbps; due to the circuit switching technology, may e operated in any point of the network between the end points. PSTN/ISDN Network 10

11 then it was the turn of fax, modems and mobiles Fax and Modems still use analog modulation over the CS network in order to transport images, data and internet services. The mass interception was therefore still possible with CS methodologies, with the only complication of demodulation. PSTN/ISDN network Internet Service Provider Internet PLMN GSM cell GSM cell 11

12 and, suddenly, the security nightmare!!! A lot of mass telecommunication traffic today doesn t traverse ANY part of the well-controlled Circuit Switched network! IP multimedia traffic between GPRS/UMTS mobile phones; the traffic to and from Internet exchanged on high bandwitdh ISPs (ADSL, FTTH, cable ); Telephone traffic between two REAL VoIP connected to different VoIP operators. terminals, maybe PSTN/ISDN network VoIP operator Internet Service Provider 12 GSM/UMTS cell 2.5G / 3G Mobile operator Circuit S. Network IP Network Internet

13 Lawful interception compulsory services Depending on the local legislation, the Operator may be requested to provide: Interception based upon target identity It is requested to replicate ALL the traffic generated by a single, identifiable target among the multitude of users of the Operator itself. Investigative interception based upon parametric search It is requested massive filtering of the transported traffic in order to spot UNKNOWN users showing suspect behaviours (in example, exchanging mails containing specific keywords). Interception over Telecom operator s services It is requested to replicate IN CLEAR any transaction made by an user towards a Service exercised by the telecom. 13 Free access to the network It is requested to guarantee proper network access to black boxes owned by the law enforcement agencies themselves.

14 New issues connected with IP interception User Identification Whilst the correspondence between user credentials and user identity is rarely questioned in the Voice world, this is not necessarily true for the IP networks; Traffic dispersion The packet switching world poses new issues in terms of tapping points and capture efficiency; Mass cryptography In the IP world, cryptography is extensively used and at hand of everybody. 14

15 User Identification Issues Availability of reliable user information No more anonymous access to the network will be provided by world s telecom operators; Trusted identity systems Any mean shall be used to guarantee the correlation between user s credentials and the physical person accessing the network; Availability of the user parameters at the capture point 15 Any network feature hiding user s identity at the capture point (e.g. NAT) shall be taken into account and suitable workarounds for the authority shall be provided.

16 Traffic dispersion issues Arpanet was originally conceived in order to deploy a military network able to survive huge, nation-level disasters As a result, IP routing follows BY DESIGN several different routes even towards the same target address. 16 As a consequence, the tapping point is not at all indifferent to the Lawful Interception Activities!

17 17 Tappin around the net

18 Probing in the access network PSTN users ADSL users Corporate Users Last Mile PSTN PSTN DSLAM 1 Gb overall Traffic; LE ATM / IP WAN 2% is ; = PRA 20 mb of packets to be deeply inspected RAS/NAS ATM/IP switch Mail Server POP Aggregation Router IP Backbone 18

19 Probing in the Central Office PSTN users ADSL users Corporate Users Last Mile PSTN PSTN DSLAM 1 Gb overall Traffic; 98% is ; LE ATM / IP WAN = 980 mb of packets to be deeply inspected PRA (!!!) RAS/NAS ATM/IP switch Mail Server POP Aggregation Router IP Backbone 19

20 Mass Cryptography issues Over the PSTN network, communication encryption was at disposal of few users; moreover, the few devices available offered backdoors for the agencies; Over the internet, encryption is at disposal of EVERYBODY. Not in any case backdoors are available; Whilst the operator may not be held responsible for user-level encryption, it may as well be obliged to provide in-clear interception of the services offered by itself. 20

21 21 The ISP in front of the authority. Viable options for the IP LI.

22 In-Band and Out-Band interception In-band interception implies the use of IIF inplemented in the network devices; it can be succesfully used with any kind of interception based upon user identity: Circuit based traffic; Packet traffic over mobile networks (es. GPRS); Packet traffic over carrier-grade modern switches in ISPs. Out-band interception imples the use of network probes; it is the only key when: Parametric (keyword) interception is requested; The authority doesn t trust the operator itself or the operator s personnel in investigative matters. 22

23 Typical Out-band Interception 10/100 Ethernet IPP (1) Delivery Router Delivery NW IP-V PMS MD (2) PoP IPP Server Web Server FTP Server (3) 10/100 Ethernet IPP Core Network RP (2) RADIUS Server Server Farm PoP Interception of assigned IP Address Access NW POI killer Warrant LIID Protocol No. Reference LEA Interception Duration Interception Criteria Transit peer (username killer) 23

24 Typical Out-band Interception 10/100 Ethernet IPP Delivery Router Delivery NW IP-V PMS MD PoP IPP Server Web Server FTP Server 10/100 Ethernet IPP Core Network RP RADIUS Server Server Farm PoP Access NW POI killer Warrant LIID Protocol No. Reference LEA Interception Duration Interception Criteria Transit peer (username = killer) 24

25 Parametric Out-band Interception 10/100 Ethernet IPP (2) (1) Delivery Router Delivery NW IP-V PMS MD (2) PoP IPP (2) Server Web Server FTP Server 10/100 Ethernet IPP (2) Core Network RP RADIUS Server Server Farm PoP Access NW Warrant LIID Protocol No. Reference LEA Interception Duration Interception Criteria Transit peer (keyword = bomb) 25

26 Parametric Interception (Interception) 10/100 Ethernet IPP Delivery Router PMS MD ISDN/VPN VIP IP: write bomb PoP IPP Server Web Server FTP Server 10/100 Ethernet IPP Core Network RP RADIUS Server Server Farm PoP PSTN / ISDN POI..I will place a bomb Warrant LIID Protocol No. Reference LEA Interception Duration Interception Criteria Transit peer 26 Username: tom IP: (keyword = bomb)

27 Tactical probing vs. strategic interception (1) Tactical probes a definition: devices that are installed at operator s premises on a per need basis. 27 Some common sense assertions about Tactical probing devices: small stealthy easily movable typically operated by agencies personnel dedicated to a few specific interception tasks at a time totally extraneous respect to the hosting network by definition

28 Tactical probing vs. strategic interception (2) Strategic Interception a definition: An interception network permanently deployed at operator s premises to serve any present or future interception request. Some common sense assertions about Strategic probing devices: solid integrated permanently connected to the network typically maintained by telco personnel dedicated to a huge spread of interception tasks at a time may be integrated with the hosting network 28

29 A duofold option for the ISP 1. Open the door to Agencies for Tactical Activities as a pro, some responsibilities and costs are charged over the Agency rather than over the operator; as a drawback, the operator will need to support (eventually upon network reconfiguration) the agency s activities, on a per need basis! 2. Make Room for Strategic interception systems The operator will face some not recurring costs, only eventually covered by the governement; However, the impact over the network will be minimized. 29

30 An only thing is important JUST PUT THE RIGHT PROBE IN THE RIGHT ENVIRONMENT! 30

31 31 A Mixed Approach to LI

32 Classic approach general principles PSTN users ADSL users Corporate users Last Mile PSTN PSTN DSLAM IP over xxx SGU ATM / IP WAN Radius POP boundary PRA POP boundary Mediation Device (1x) C.O. boundary Radius Pb IP Probe IP Backbone POP Aggregation Router (32x) 32

33 Classic Approach PROs Extensive capture allows many forms of parametric interception (e.g. Keyword search or addresses); The solution is totally unobtrusive and is completely impactless on the network architecture; The solution functionalities may be extended to effective network traffic monitoring as an added value. 33

34 Classic Approach CONs many probes to be placed; large investment needed; a lot of space (with access control requirements) to be reserved in the POP; tapping may be a NIGHTMARE, but the use of span ports may impact network performance; distributed and secure network connectivity between system elements to be provided; Some peering traffic is lost (i.e., the peering traffic closing on the same BRAS). 34

35 Hijack approach general principles PSTN users ADSL users Corporate Users Last mile PSTN PSTN DSLAM IP over xxx POP boundary ATM / IP WAN C.O. boundary Mediation Device (1x) RAS/NAS ATM/IP switch LI POP Radius TT Radius Pb LI Config POP Aggregation Router IP Backbone IP Probe PPP tunnel 35 L2TP tunnel

36 Hijack Approach PROs few probes to be placed; low investment needed; Few space with access control requirements may be reserved anywhere in the network; tapping is quite simple; Reduced need of secure network connectivity between system elements; No peering traffic is lost. 36

37 Hijack Approach CONs The possibility of parametric interception are limited; The solution needs a slight network redesign; Not suitable for extensive traffic monitoring. 37

38 38 A Service Approach to LI

39 Service interception approach Any time the telco operator offers some services on its own, it may be obliged to intercept them. Examples are: VoIP services; FTP/mail/webmail services; Videocall over PSTN line; In ALL those cases, the operator will be asked to get rid of any interception aspect, including traffic encription! So the solution may lay in Service interception rather than transport interception. 39

40 Service interception an example Access Network Internet RAS Service Network Firewall MMS FTP Autentication 40

41 41 LI A flexible approach

42 A flexible LI architecture is the key The answer to operators interception needs cannot be a spot solution for a specific interception issue or a specific service but rather an extensive approach covering at least in perspective - all interception needs at a time. 42

43 IP Network Probing Different probing devices are at disposal of the Network Engineer, granting overall coverage of any IP LI needs: General-purpose IP Probes: IP probes performing parametric interception may be placed in front of a network server (e.g. ); The interception is triggered basing upon service access, regardless the location of the network site accessing the batch service. IP probes performing typical interception may be used to capture generic IP transactions basing upon IP address, CLI, or keyword; A specific access probe may be needed to trigger the interception; Access (RADIUS) Probes: access probes are able to detect a known user accessing the network; they provide trigger to IP probes as well as access logging capabilities. 43

44 Mediation Device It is the central server performing LI information handover from the provider s domain to the LEA s domain. It allows for a simpler and centralised LI network management, whilst optimising network resources usage. It grants a superior level of control in IP LI activities. It may be extended to support further capture methodologies, both out-band and in-band. 44

45 Mediation Device flexible architecture GSM PSTN Voice IIFs VoIP IIFs GPRS/IP Switching IIFs IP Probes Switching Telephony Probes Ingress Interface Ix Ingress Interface Iy Ingress Interface Iz Ingress Interface In Ingress Interface Ik Ingress Adaptation Layer IRI (HI2) MEDIATION FUNCTION LIID / LEMF and Config. Database CC (HI3) MEDIATION Egress Normalization and Synchrinization Layer Egress Interface Ex Egress Interface Ey Egress Interface Ez Egress Interface En Egress Interface Ek Long Term Storage BroadBand IP LEMF IP over ISDN/PSTN LEMF Leased ISDN LEMF Leased PSTN LEMF 45

46 Provisioning and Maintenance System It is the central configuration device for the entire LI network. It allows the operation of the LI system using minimum personnel. By supporting different privilege levels, it is the natural Man-Machine Interface for: Maintenance Operators (alarms and devices mgmt); LEA Operators (Warrants mgmt); Billing Opertors (where applicable). 46

47 THANK YOU For any further info: Carlo Rogialli 47

Network Services Internet VPN

Network Services Internet VPN Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order

More information

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards. STAR-GATE TM Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards. In this document USA Tel: +1-703-818-2130 Fax: +1-703-818-2131 E-mail: marketing.citi@cominfosys.com

More information

WHITE PAPER. Gaining Total Visibility for Lawful Interception

WHITE PAPER. Gaining Total Visibility for Lawful Interception WHITE PAPER Gaining Total Visibility for Lawful Interception www.ixiacom.com 915-6910-01 Rev. A, July 2014 2 Table of Contents The Purposes of Lawful Interception... 4 Wiretapping in the Digital Age...

More information

Introducing STAR-GATE Enhancements for Packet Cable Networks

Introducing STAR-GATE Enhancements for Packet Cable Networks STAR-GATE TM Annex: Intercepting PacketCable Compliance with CALEA and ETSI Delivery and Administration Standards. In this document USA Tel: +1-703-818-2130 Fax: +1-703-818-2131 E-mail: marketing.citi@cominfosys.com

More information

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention Realtime Network Monitoring for Lawful Interception and Data Retention 2 Realtime Network Monitoring with Passive Probes Realtime monitoring of network connections has been used by telecom operators for

More information

Deploying Media Probes in Evolving VoIP Networks

Deploying Media Probes in Evolving VoIP Networks Deploying Media Probes in Evolving VoIP Networks Dave Gladwin dave.gladwin@newport-networks.com Presentation Template V4.00 Nov-05 Agenda! Convergence of Fixed and Mobile services are driving networks

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

Brocade Telemetry Solutions

Brocade Telemetry Solutions WHITE PAPER www.brocade.com Service provider Brocade Telemetry Solutions telemetry applications such as Monitoring and Lawful Intercept are important to Service Providers and impose unique requirements

More information

Signaling System 7 (SS7) Gateway Solution for Internet Access

Signaling System 7 (SS7) Gateway Solution for Internet Access Signaling System 7 (SS7) Gateway Solution for Internet Access Definition A signaling system 7 (SS7) gateway is an intelligent network (IN) based system that can be used in conjunction with network-access

More information

NGN Interconnection Standards & Protocols

NGN Interconnection Standards & Protocols NGN Interconnection Standards & Protocols A G E N D A NGN ENVIRONMENT LICENSING CONDITIONS REGULATORY INITIATIVES INTERCONNECTION PROTOCOLS ISSUES R. R. Mittar DDG(NGN), TEC NGN CONCEPT Central Office

More information

EAGLE EYE IP TAP. 1. Introduction

EAGLE EYE IP TAP. 1. Introduction 1. Introduction The Eagle Eye - IP tap is a passive IP network application platform for lawful interception and network monitoring. Designed to be used in distributed surveillance environments, the Eagle

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

Net Integrator Firewall

Net Integrator Firewall Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

ETSI TR 102 528 V1.1.1 (2006-10)

ETSI TR 102 528 V1.1.1 (2006-10) TR 102 528 V1.1.1 (2006-10) Technical Report Lawful Interception (LI); Interception domain Architecture for IP networks 2 TR 102 528 V1.1.1 (2006-10) Reference DTR/LI-00025 Keywords Lawful Interception,

More information

Technical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Technical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection? FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...

More information

Network Overview. Background Traditional PSTN Equipment CHAPTER

Network Overview. Background Traditional PSTN Equipment CHAPTER CHAPTER 1 Background Traditional PSTN Equipment Traditional telephone services are engineered and offered over the public switched telephone network (PSTN) via plain old telephone service (POTS) equipment

More information

WAN Failover Scenarios Using Digi Wireless WAN Routers

WAN Failover Scenarios Using Digi Wireless WAN Routers WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another

More information

Simple Law Enforcement Monitoring

Simple Law Enforcement Monitoring Simple Law Enforcement Monitoring Fred Baker draft-baker-slem-architecture-01.txt ftp://ftpeng.cisco.com/fred/ietf/slem.ppt ftp://ftpeng.cisco.com/fred/ietf/slem.pdf The message I wish had been found in

More information

Technology Brief. Implementing DSL Service for ISPs with the SMS. The DSL Opportunity. DSL is Different from Dial

Technology Brief. Implementing DSL Service for ISPs with the SMS. The DSL Opportunity. DSL is Different from Dial Technology Brief Implementing DSL Service for ISPs with the SMS The DSL Opportunity Digital Subscriber Line (DSL) services represent a major opportunity for dialup-based Internet Service Providers (ISPs)

More information

Wholesale IP Bitstream on a Cable HFC infrastructure

Wholesale IP Bitstream on a Cable HFC infrastructure Wholesale IP Bitstream on a Cable HFC infrastructure In order to understand the issues related to an ISP reselling Cable Based Internet access it is necessary to look at similarities and dissimilarities

More information

Intranet Security Solution

Intranet Security Solution Intranet Security Solution 1. Introduction With the increase in information and economic exchange, there are more and more enterprises need to communicate with their partners, suppliers, customers or their

More information

Real Time Intercept from Packet Networks, Challenges and Solutions. Presented by Keith Driver

Real Time Intercept from Packet Networks, Challenges and Solutions. Presented by Keith Driver Real Time Intercept from Packet Networks, Challenges and Solutions Presented by Keith Driver Packet Intercept Packets are everywhere LAN networks WAN networks/ Carrier Ethernet 3G Telephony networks CDMA

More information

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer: DSL Access Guide DSL Access Routers ZyXEL is a leading manufacturer and supplier of DSL and Voice over IP routers. ZyXEL offer a complete portfolio of routers suited for Telecoms providers, Internet Service

More information

VoIP Bandwidth Considerations - design decisions

VoIP Bandwidth Considerations - design decisions VoIP Bandwidth Considerations - design decisions When calculating the bandwidth requirements for a VoIP implementation the two main protocols are: a signalling protocol such as SIP, H.323, SCCP, IAX or

More information

Secured Voice over VPN Tunnel and QoS. Feature Paper

Secured Voice over VPN Tunnel and QoS. Feature Paper Secured Voice over VPN Tunnel and QoS Feature Paper Table of Contents Introduction...3 Preface...3 Chapter 1: The Introduction of Virtual Private Network (VPN) 3 1.1 The Functions and Types of VPN...3

More information

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps ADSL or Asymmetric Digital Subscriber Line Backbone Bandwidth Bit Commonly called DSL. Technology and equipment that allow high-speed communication across standard copper telephone wires. This can include

More information

Application Note - Using Tenor behind a Firewall/NAT

Application Note - Using Tenor behind a Firewall/NAT Application Note - Using Tenor behind a Firewall/NAT Introduction This document has been created to assist Quintum Technology customers who wish to install equipment behind a firewall and NAT (Network

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the

More information

GPRS / 3G Services: VPN solutions supported

GPRS / 3G Services: VPN solutions supported GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive

More information

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3 DATRET/EXPGRP (2009) 3 - FINAL EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC

More information

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

CTS2134 Introduction to Networking. Module 07: Wide Area Networks CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data

More information

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling Release: 1 ICTTEN6172A Design and configure an IP-MPLS network with virtual private network tunnelling Modification

More information

WAN Data Link Protocols

WAN Data Link Protocols WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data

More information

com.sat IP Basic ISDN

com.sat IP Basic ISDN com.sat IP Basic ISDN com.sat Multichannel Gateway 1 2009 com.sat GmbH Kommunikationssysteme Schwetzinger Str. 19 D-68519 Viernheim www.comsat.de Tel: +49-(0)6204-7050-0 1. General Overview IP BASIC ISDN:

More information

ETSI & Lawful Interception of IP Traffic

ETSI & Lawful Interception of IP Traffic ETSI & Lawful Interception of IP Traffic Jaya Baloo RIPE 48 May 3 Netherlands Amsterdam, The Contents Introduction Introduction to Lawful Interception Interception Interception of Internet services Origins

More information

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) Question: how do packets actually get to their destination? IP routing tables: based on network addresses Ethernet physical interfaces only understand ethernet addresses

More information

Wireless DSL in Action The Advantage of WiMAX based wireless DSL for incumbent and competitive operators. White Paper

Wireless DSL in Action The Advantage of WiMAX based wireless DSL for incumbent and competitive operators. White Paper Wireless DSL in Action The Advantage of WiMAX based wireless DSL for incumbent and competitive operators White Paper The Need to go Wireless In remote areas where wired infrastructure is not available

More information

BT Remote Internet. Internet Teleworker. Customer Service Description. June 04. Issue 1. Internet Teleworker Customer Service Description.

BT Remote Internet. Internet Teleworker. Customer Service Description. June 04. Issue 1. Internet Teleworker Customer Service Description. BT Remote Internet Internet Teleworker June 04 2003 BT TABLE OF CONTENTS 1 INTRODUCTION...3 2 SERVICE SUMMARY...3 3 BENEFITS...4 3.1 SERVICE FEATURES...4 3.2 COVERAGE...4 4 FEATURES...5 4.1 INTERNET TELEWORKER...5

More information

This course has been retired. View the schedule of current networking

This course has been retired. View the schedule of current <a href=http://www.ptr.co.uk/networkingcourses.htm>networking Introduction to Data Communications & Networking Course Description: This course has been retired. View the schedule of current networking Courses

More information

WANs and Routers. M.Sc. Aleksandra Kanevce M.Sc. Aleksandra Bogojeska

WANs and Routers. M.Sc. Aleksandra Kanevce M.Sc. Aleksandra Bogojeska WANs and Routers M.Sc. Aleksandra Kanevce M.Sc. Aleksandra Bogojeska 1 Introduction to WANs A WAN is a data communications network that spans a large geographic area such as a state, province, or country.

More information

Cable Modems. Definition. Overview. Topics. 1. How Cable Modems Work

Cable Modems. Definition. Overview. Topics. 1. How Cable Modems Work Cable Modems Definition Cable modems are devices that allow high-speed access to the Internet via a cable television network. While similar in some respects to a traditional analog modem, a cable modem

More information

Chapter 2 - The TCP/IP and OSI Networking Models

Chapter 2 - The TCP/IP and OSI Networking Models Chapter 2 - The TCP/IP and OSI Networking Models TCP/IP : Transmission Control Protocol/Internet Protocol OSI : Open System Interconnection RFC Request for Comments TCP/IP Architecture Layers Application

More information

Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom nico@securite.org - http://www.securite.org/nico/

Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom nico@securite.org - http://www.securite.org/nico/ In SPace Nobody Can Hear You Scream Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom nico@securite.org - http://www.securite.org/nico/ v1 Internet-wide Security Issues What

More information

Voice over Internet Protocol (VoIP) - An Introduction

Voice over Internet Protocol (VoIP) - An Introduction PITCOM Voice over Internet Protocol (VoIP) - An Introduction Peter Ingram Chief Technology Officer Ofcom 18th January 2005 Ofcom What is Voice over IP? Carrying Voice Traffic on Networks Designed for Data

More information

IPv6 Migration Challenges for Large Service Providers

IPv6 Migration Challenges for Large Service Providers IPv6 Migration Challenges for Large Service Providers Aruna P General manager Network Operation Agenda Airtel Overview Drivers of IPV6 Migration challenges Design Considerations Deployment plan Airtel

More information

Load Balance Mechanism

Load Balance Mechanism Load Balance Application in Dual-WAN Interface Load Balance Mechanism To which WAN port the traffic will be routed is determined according to the Load Balance mechanism. Below diagram shows how Vigor router

More information

AP200 VoIP Gateway Series Design Features & Concept. 2002. 3.5 AddPac R&D Center

AP200 VoIP Gateway Series Design Features & Concept. 2002. 3.5 AddPac R&D Center AP200 VoIP Gateway Series Design Features & Concept 2002. 3.5 AddPac R&D Center Contents Design Features Design Specifications AP200 Series QoS Features AP200 Series PSTN Backup Features AP200 Series Easy

More information

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2 1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay

More information

Protocols. Packets. What's in an IP packet

Protocols. Packets. What's in an IP packet Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets

More information

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking

More information

Broadband Phone Gateway BPG510 Technical Users Guide

Broadband Phone Gateway BPG510 Technical Users Guide Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's

More information

IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week

IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week Course Title: No. of Hours: IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week 1 Course Duration: 3 Months (12weeks) No. Of Hours: 7 Hrs./Day- 5 days/week.

More information

Lawful Interception in P2Pbased

Lawful Interception in P2Pbased Lawful Interception in P2Pbased VoIP Systems Jan Seedorf (jan.seedorf_at_nw.neclab.eu) NEC Laboratories Europe Heidelberg, Germany July Page 2008 1-1 IPTCOMM 2008 Heidelberg, Germany Outline 1.

More information

Integrate VoIP with your existing network

Integrate VoIP with your existing network Integrate VoIP with your existing network As organisations increasingly recognise and require the benefits voice over Internet Protocol (VoIP) offers, they stop asking "Why?" and start asking "How?". A

More information

Understand Wide Area Networks (WANs)

Understand Wide Area Networks (WANs) Understand Wide Area Networks (WANs) Lesson Overview In this lesson, you will review: Dial-up Integrated services digital networks (ISDN) Leased lines Virtual private networks (VPN) Wide area networks

More information

Mobile Packet Backbone Network Training Programs. Catalog of Course Descriptions

Mobile Packet Backbone Network Training Programs. Catalog of Course Descriptions Mobile Packet Backbone Network Training Programs Catalog of Course Descriptions Page 2 Catalog of Course Descriptions INTRODUCTION... 6 MOBILE PACKET BACKBONE NETWORK (M-PBN) R5.1 DELTA... 7 MOBILE PACKET

More information

Chapter 9. Internet. Copyright 2011 John Wiley & Sons, Inc 10-1

Chapter 9. Internet. Copyright 2011 John Wiley & Sons, Inc 10-1 Chapter 9 Internet Copyright 2011 John Wiley & Sons, Inc 10-1 Outline 9.2 - How the Internet Works - Basic Architecture - Connecting to an ISP - Internet Today 9.3 - Internet Access Technologies - DSL

More information

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Abstract These Application Notes describe the steps for

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

More information

ewon-vpn - User Guide Virtual Private Network by ewons

ewon-vpn - User Guide Virtual Private Network by ewons VPN : what is it? A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network

More information

Mobility and cellular networks

Mobility and cellular networks Mobility and cellular s Wireless WANs Cellular radio and PCS s Wireless data s Satellite links and s Mobility, etc.- 2 Cellular s First generation: initially debuted in Japan in 1979, analog transmission

More information

X.25 over IP. The Challenge. How it Works. Solution

X.25 over IP. The Challenge. How it Works. Solution over IP The Challenge Legacy services such as are still in use worldwide for a range of applications. Over the years, many customers have made significant investments in equipment and processes that depend

More information

ICTNPL5071A Develop planning strategies for core network design

ICTNPL5071A Develop planning strategies for core network design ICTNPL5071A Develop planning strategies for core network design Release: 1 ICTNPL5071A Develop planning strategies for core network design Modification History Not Applicable Approved Page 2 of 15 Unit

More information

Technical Glossary from Frontier

Technical Glossary from Frontier Technical Glossary from Frontier A Analogue Lines: Single Analogue lines are generally usually used for faxes, single phone lines, modems, alarm lines or PDQ machines and are generally not connected to

More information

Non-intrusive, complete network protocol decoding with plain mnemonics in English

Non-intrusive, complete network protocol decoding with plain mnemonics in English The Triple Play Analysis Suite - DATA The Triple Play Analysis Suite - Data are meant for emulating the client s application such as FTP downloading or Web Browser testing at the termination point of DSL

More information

White paper. Reliable and Scalable TETRA networks

White paper. Reliable and Scalable TETRA networks Abstract The evolution of TETRA networks towards an all- IP architecture is now a reality and has been accepted by even the most demanding users of TETRA technology. Although circuit switch based TETRA

More information

Firewalls. Network Security. Firewalls Defined. Firewalls

Firewalls. Network Security. Firewalls Defined. Firewalls Network Security Firewalls Firewalls Types of Firewalls Screening router firewalls Computer-based firewalls Firewall appliances Host firewalls (firewalls on clients and servers) Inspection Methods Firewall

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Internet Services & Protocols

Internet Services & Protocols Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de

More information

Hosted PBX Description General Info about Hosted PBX

Hosted PBX Description General Info about Hosted PBX Hosted PBX Description General Info about Hosted PBX Version Control Revision Date Name 2.0 12/12/2012 Operations 2.1 6/14/2013 Sales & Marketing Product Information Sales & Marketing VoIP Logic LLC, 529

More information

L2F Case Study Overview

L2F Case Study Overview LF Case Study Overview Introduction This case study describes how one Internet service provider (ISP) plans, designs, and implements an access virtual private network (VPN) by using Layer Forwarding (LF)

More information

Lawful Interception of VoIP. Rudolf Winschuh Business Development Transaction Security / Telecommunications

Lawful Interception of VoIP. Rudolf Winschuh Business Development Transaction Security / Telecommunications Lawful Interception of VoIP Rudolf Winschuh Business Development Transaction Security / Telecommunications Agenda Company Overview Lawful Interception Definition and Terms Legal Framework Functional Overview

More information

VoIP in the Enterprise

VoIP in the Enterprise VoIP in the Enterprise Date: March. 2005 Author: Sonia Hanson Version: 1.1 1 1 Background Voice over IP In the late 1990s Voice over IP (VoIP) was seen as a disruptive new technology that had the potential

More information

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and

More information

Local Area Networks (LANs) Blueprint (May 2012 Release)

Local Area Networks (LANs) Blueprint (May 2012 Release) Local Area Networks (LANs) The CCNT Local Area Networks (LANs) Course April 2012 release blueprint lists the following information. Courseware Availability Date identifies the availability date for the

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention Utimaco LIMS Access Points Realtime Network Monitoring for Lawful Interception and Data Retention 2 LIMS Access Points Realtime Monitoring with Passive Probes Realtime monitoring of network connections

More information

IP-based Delivery Network via OpenVPN Provider Handbook

IP-based Delivery Network via OpenVPN Provider Handbook Federal Department of Justice and Police FDJP IT Service Centre ISC-FDJP Post and Telecommunications Surveillance Service IP-based Delivery Network via OpenVPN Provider Handbook Date: 04 July 2012 Version

More information

9236245 Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

9236245 Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation 9236245 Issue 2EN Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation Nokia 9300 Configuring connection settings Legal Notice Copyright Nokia 2005. All rights reserved. Reproduction,

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

2- Technical Training (9 weeks) 3- Applied Project (3 weeks) 4- On Job Training (OJT) (4 weeks)

2- Technical Training (9 weeks) 3- Applied Project (3 weeks) 4- On Job Training (OJT) (4 weeks) Course Title: Prerequisites: Training Program (5 months) IP Implementation in Private Branch Exchanges Must fresh graduates Communication/Electronics Engineers" 1- Soft Skills Training (4 weeks) 1. Communication

More information

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: Kapil.Kumar@relianceinfo.com Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya

More information

FT networks, services and IS evolution perspectives towards convergence Patrice COLLET France Télécom Network, Carrier and IT Division

FT networks, services and IS evolution perspectives towards convergence Patrice COLLET France Télécom Network, Carrier and IT Division FT networks, services and IS evolution perspectives towards convergence Patrice COLLET France Télécom Network, Carrier and IT Division Networks, Carriers and IT France Télécom T vision Networks, Carriers

More information

Whitepaper - Guide to migrating to SIP

Whitepaper - Guide to migrating to SIP Whitepaper - Guide to migrating to SIP There are both cost savings and productivity benefits to be had by moving from the old circuit switched telephony world to SIP. This short guide describes the steps

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

Truffle Broadband Bonding Network Appliance

Truffle Broadband Bonding Network Appliance Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive

More information

Secure Network Design: Designing a DMZ & VPN

Secure Network Design: Designing a DMZ & VPN Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network

More information

Solution Strategies of Service Fulfilment Operation Support Systems for Next Generation Networks. Frameworks. Service Management. Resource Management

Solution Strategies of Service Fulfilment Operation Support Systems for Next Generation Networks. Frameworks. Service Management. Resource Management Solution Strategies of Service Fulfilment Operation Support Systems for Next Generation Networks Joonas Ojala, 13.11.2007 Supervisor: Prof. Heikki Hämmäinen Instructor: M.Sc. Pekka Partanen Content Background

More information

Comtrend 1 Port Router Installation Guide CT-5072T

Comtrend 1 Port Router Installation Guide CT-5072T Comtrend 1 Port Router Installation Guide CT-5072T 1 Installing Access Point s DSL Service with a Comtrend Router Thank you for selecting Access Point, Inc. to be your Internet service provider. This guide

More information

AMSYS Workshop ASP A. ROLLA P. WUILQUE

AMSYS Workshop ASP A. ROLLA P. WUILQUE AMSYS Workshop ASP A. ROLLA P. WUILQUE Nom Fichier - 18/02/2003-1 AMSYS Workshop Content Simulation and validation approach Network Engineering Platform Multimedia System Validation Test-bed Nom Fichier

More information

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks Real World IPv6 Migration Solutions Asoka De Saram Sr. Director of Systems Engineering, A10 Networks 1 Agenda Choosing the right solutions Design considerations IPv4 to IPv6 migration road map Consumer

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Wholesale Internet Service Schedule

Wholesale Internet Service Schedule Our Wholesale Internet Service provides a high quality, reliable, dedicated permanent connection to the TOPG Network. It is intended for customers who want to resell access to the Internet. 1. Access Connections

More information