EAGLE EYE IP TAP. 1. Introduction



Similar documents
Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

EAGLE EYE Wi-Fi. 1. Introduction

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Flow Analysis Versus Packet Analysis. What Should You Choose?

COMPUTER NETWORK TECHNOLOGY (300)

Transport and Network Layer

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

CTS2134 Introduction to Networking. Module Network Security

Installation of the On Site Server (OSS)

Integrating a Hitachi IP5000 Wireless IP Phone

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Multi-Homing Security Gateway

Troubleshooting LANs with Network Statistics Analysis

Qfiniti Enterprise and VoIP for Avaya. Qfiniti Enterprise and VoIP. An etalk Technical White Paper

AppDirector Load balancing IBM Websphere and AppXcel

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Security Technology: Firewalls and VPNs

Auditing the LAN with Network Discovery

User Manual. Page 2 of 38

See Criminal Internet Communication as it Happens.

Troubleshooting LANs with Wirespeed Packet Capture and Expert Analysis

CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise

Advanced Higher Computing. Computer Networks. Homework Sheets

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

12. Firewalls Content

BASIC ANALYSIS OF TCP/IP NETWORKS

Multi Stage Filtering

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

WHITE PAPER. Gaining Total Visibility for Lawful Interception

Observer Probe Family

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

LifeSize Video Communications Systems Administrator Guide

Detecting rogue systems

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Note! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

Application Delivery Testing at 100Gbps and Beyond

UIP1868P User Interface Guide

CCT vs. CCENT Skill Set Comparison

5 Things You Need to Know About Deep Packet Inspection (DPI)

Answer: Can be used on smart phones/ipad/tablets OR can be used anywhere that has an internet connection. Do not mention anything to do with cost

Cisco Prime Virtual Network Analysis Module

What is VLAN Routing?

Application Note. Onsight TeamLink And Firewall Detect v6.3

Security. TestOut Modules

Cover. White Paper. (nchronos 4.1)

Session Border Controller

Device Log Export ENGLISH

QRadar Security Intelligence Platform Appliances

How To Create A Network Monitoring System (Flowmon) In Avea-Tech (For Free)

HRG Performance Series DVR DDNS Support Application Note (hrgddns)

IxLoad - Layer 4-7 Performance Testing of Content Aware Devices and Networks

T-BERD / MTS-4000 Multiple Services Test Platform. Enterprise Solutions

FLX UC1000/1500 Registering with Siemens HiPath 4000 & OpenScape Voice Server

Observer Probe Family

Interconnecting Cisco Network Devices 1 Course, Class Outline

Scalable Extraction, Aggregation, and Response to Network Intelligence

How To Learn Cisco Cisco Ios And Cisco Vlan

Network Configuration Setup Guide. Air4G-W

BroadCloud PBX Customer Minimum Requirements

Skills Assessment Student Training Exam

Abstract. Avaya Solution & Interoperability Test Lab

SSVVP SIP School VVoIP Professional Certification

Web Traffic Capture Butler Street, Suite 200 Pittsburgh, PA (412)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

A Model-based Methodology for Developing Secure VoIP Systems

Proxies. Chapter 4. Network & Security Gildas Avoine

Lucent VPN Firewall Security in x Wireless Networks

Step-by-Step Configuration

Securing Networks with PIX and ASA

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Tesira Voice-over-IP Interface. Preliminary Steps. Configuring a Cisco CallManager system to work with Biamp s SVC-2 card

Session Border Controller

DPI and Metadata for Cybersecurity Applications

Cisco Network Analysis Module Software 4.0

SSVP SIP School VoIP Professional Certification

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Ranch Networks for Hosted Data Centers

VoIP Fraud and Misuse

NetCrunch 6. AdRem. Network Monitoring Server. Document. Monitor. Manage

Transition Networks White Paper. Network Security. Why Authentication Matters YOUR NETWORK. OUR CONNECTION.

7.1. Remote Access Connection

Chapter 5. Data Communication And Internet Technology

Intranet Security Solution

Applications that Benefit from IPv6

Interwise Connect. Working with Reverse Proxy Version 7.x

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL

AP-GSS3000 TM 512Ch GSM SIM Server

Recommended IP Telephony Architecture

Configuring the Transparent or Routed Firewall

VOIP-211RS/210RS/220RS/440S. SIP VoIP Router. User s Guide

"Charting the Course...

Transcription:

1. Introduction The Eagle Eye - IP tap is a passive IP network application platform for lawful interception and network monitoring. Designed to be used in distributed surveillance environments, the Eagle Eye - IP tap is ideal for monitoring various networks from small business network to large complex networks. EAGLE EYE IP TAP The Eagle Eye - IP tap enables to perform inspec- tion and classification of network packets with subsequent decoding of application-level protocols without necessity of preliminary filtration at switches, routers or other probes. This capability eliminates any performance impact to the existing infrastructure and provides enhanced interception capabilities. The Eagle Eye - IP tap offers flexible interception options, including the ability to deliver entire data stream, level 7 application's data stream, IRI/Pen- Register information, IPDR/CDR records, and/or key session events, that enable the Eagle Eye - IP tap to provide a full range of interception solutions and data retention. The Eagle Eye - IP tap also incorporates sophisticated reconstruction logic to deliver only pertinent information when intercepting complex applications such as webmail and IM/chat, reducing processing required by the monitoring and analytic systems. 1

2. Architecture The Eagle Eye - IP tap consists of three basic software-hardware modules: IP Surveillance Module is intended for direct filtering and analysis of network packets. Internal host processors and multi-core packet inspection accelerators of this module make it possible to monitor multiple 1Gbps and 10Gbps Ethernet links at true real wire-speed with full deep application protocol inspection (DAPI) and deep packet inspection (DPI) capabilities. Storage and Intelligent Analysis Module is intended for a long-term storage of intercepted information, for accessing recorded information, analysis of data related to operators authentication and authorization. Operations Support System (OSS) is intended for administration, management, and collection of information on health status. Eagle Eye - IP tap 1-10Gbs IP packets IP Surveillance Module HW Packet Processor HW interfaces Protocol Processor Storage and Intelligent Analysis Storage Adapters Application Server WWW request DPI Engine 16-32x Core Processor Provisioning and Controlling Data Base Customer API OSS software package WWW request 2

The Eagle Eye - IP tap can be supplied to the Customer in three types of configuration: A standalone solution for monitoring small networks with 10/100/1000 Mbs bandwidth (from 1 to 4 ports). In this configuration the Eagle Eye - IP tap includes a software for recording and intelligent analysis of the captured traffic that is to be installed on the same server-based platform, where data interception is performed. A distributed solution for monitoring enterprise networks with 1-10Gbs bandwidth (4 ports or more). IP Surveillance Module and Storage and Intelligent Analysis Module are installed on dedicated platforms. Additionally, several IP Surveillance Modules can interact with one Storage and Intelligent Analysis Module that enables flexibly increase capacity of the system in general. IP probe devices as an integral part of the MC that ensures processing of network traffic. In this configuration the role of the Storage and Intelligent Analysis Module is performed by the Eagle Eye MC software. 3. Features Passive mode Interception. Operation in 100Mb/1Gb/10Gb networks. Interception of network traffic from 1 to 4 channels in a standalone solution. Processing of unlimited quantity of channels in a distributed version. Processing of IPv4 and IPv6 protocols. Identifying and filtering of layer-7 traffic with using integrated real-time DPI engine. Intercepting based on application content specified by a set of simple strings, complex strings, regular expression, or pattern/signature database. Intercepting of specified subscribers enabled by the system's capability to process the RADIUS and DHCP protocols. Extraction of application layer metadata and full reconstruction of content. Full generation of IPDR and CDR for all network flows and events. Intercepting and decoding of GRE and GTP tunneling protocols. Storing of captured content and metadata in a local DB and its transfer to a remote monitoring center. Web-based graphical user interface. 3

Intercepted Protocols Metadata and Criteria for Subject Filtering Intercepted Content Discovery and Interception of SMTP, POP3, and IMAP-based Email Targets can be specified as l o c a l n a m e @ d o m a i n n a m e, localname (at any domain), @domainname (any localname on this domain), @ (all email). Full email with attachments, just the email text, summary information, or the email session events Additionally, targets can be specified as: to (including cc and bcc), from, or both, email subject, attachment type, keyword in email body VoIP VoIP calls are discovered and captured based on the analysis of SIP and H.323 signaling protocols. Voice content and information about occurrence of signaling events Targets can be speci?ed as: user@host, user@ipv4/ipv6 address, phone_number@host, host, phone number@ipv4/ IPv6, telephone_number, hostname, or IPv4/IPv6 address 4 HTTP The HTTP traffic is intercepted based on URL, HTTP header, or IPv4/IPv6 address. Additionally, webmails (non encrypted Gmail, Hotmail, Yahoo and etc.) can be intercepted based on the email address or the webmail domain Web-pages, images, email, and etc.

Intercepted Protocols Metadata and Criteria for Subject Filtering Intercepted Content IM/chat services IM/chat sessions are discovered and intercepted based on the subject's username. The IM/chat session, including advanced features such as audio, video, and file sharing are captured and decoded with the pertinent information extracted and delivered Presence information, text messages, video, files, summary information, and events FTP IPv4/IPv6 address, username Files, summary information, and events Layer 4 IP Traffic Discovery and Interception IP traffic is discovered and captured based on IPv4 or IPv6 address, layer-4ports, and application classifications. IP addresses can be static IPv4/IPv6 addresses or subnets, DHCP-assigned via MAC address, option 82 (remote ID, circuit id or both) or RADIUS login (username or NAS port ID). Layer-4 ports can be specified be as singular, a range, a set, or a 'not' condition Delivered traffic can be all packets, packet summary, or IPDR Layer 2 Traffic Discovery and Interception Discovery and Intercept of the following Data Link Layer protocols: Ethernet, ARP and etc. All packets, packet summary and events 5

4. Benefits Possibility to create small standalone systems for interception in IP networks and distributed system for interception and analysis of information in 2G(GPRS)/3G/ISP networks. Possibility to create both target centric interception systems and systems for massive interception of information in IP networks. Processing of metadata and information on network events enabled by Complex Event Processing technology. Definition of triggers for combinations of network events with an opportunity to start business processes. Integration into the Customer's business structure enabled by ESB and BPEL technology. Integration into the Customer's existing interception systems by using API. 6

EAGLE EYE - IP TAP 6, Kostomarovskaya str. 61002 Kharkov, Ukraine Tel./Fax: +38 (057) 766-13-63 e-mail: post@altron.ua http://www.altron.ua

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information