Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention



Similar documents
Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

utimaco a member of the Sophos Group

EAGLE EYE IP TAP. 1. Introduction

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

Introducing STAR-GATE Enhancements for Packet Cable Networks

WHITE PAPER. Gaining Total Visibility for Lawful Interception

Real Time Intercept from Packet Networks, Challenges and Solutions. Presented by Keith Driver

Dual Usage Strategy of Lawful Interception Systems

JDSU Signaling Analyzer Solution for Femtocell Monitoring

OSIX Real-time network performance monitoring.

Integrating Lawful Intercept into the Next Generation 4G LTE Network

How To Make Money From Your Network (Ip) And Your Network) Safely And Securely (Ipl)

Flow Analysis Versus Packet Analysis. What Should You Choose?

Agilent Network Monitoring Content Intercept Manager

See Criminal Internet Communication as it Happens.

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

Ethernet/IP Test Solutions

EAGLE EYE Wi-Fi. 1. Introduction

Lawful Interception in German VoIP Networks

IPv6 Broadband Access Network Systems

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Today s challenges in Lawful Interception. C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Course 4: IP Telephony and VoIP

Voice over IP Basics for IT Technicians

SS7 & LTE Stack Attack

ETM System SIP Trunk Support Technical Discussion

Observer Analysis Advantages

Transport and Network Layer

SIP Trunking with Microsoft Office Communication Server 2007 R2

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

Lab Testing Summary Report

GPRS and 3G Services: Connectivity Options

Nokia Siemens Networks his 700 Integrated signaling application solutions

H.264 Internet Video Server

GPRS / 3G Services: VPN solutions supported

JDSU Signaling Analyzer Family. Dramatically Re-engineered for an Industry Revolution

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Voice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX blackbox.com

Cisco ACE 4710 Application Control Engine

How To Create A Network Monitoring System (Flowmon) In Avea-Tech (For Free)

State of the Art in Peer-to-Peer Performance Testing. European Advanced Networking Test Center

Utimaco Safeware: Capturing a First-to-Market Opportunity with a Telecom Solution

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

VoIP, SIP, IMS, PSTN and Analog Convergence Testing

QRadar Security Intelligence Platform Appliances

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Simple Law Enforcement Monitoring

X.25 over IP. The Challenge. How it Works. Solution

Gigabit Multi-Homing VPN Security Router

Understanding IP Faxing (Fax over IP)

Brocade Telemetry Solutions

Voice over IP (VoIP) Basics for IT Technicians

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

TIME TO RETHINK PERFORMANCE MONITORING

ETSI TR V1.1.1 ( )

Network Overview. Background Traditional PSTN Equipment CHAPTER

EE4607 Session Initiation Protocol

PRImaGate Switch RACK 3U

IP Voice Reseller. Deliver the VoIP services your customers demand without costly infrastructure investment or increased management complexity.

Advanced SIP Series: SIP and 3GPP

Mobile Wireless Overview

Receiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream

Mobile. Analyzing, Planning and Optimizing Heterogeneous Mobile Access and Core Networks

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP

Cisco Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module

5 Things You Need to Know About Deep Packet Inspection (DPI)

GoIP Series. SIM Card for GSM Voice Gateway. User Manual

How To Build A Network Architecture For A Cell Phone Network

CS Fallback Function for Combined LTE and 3G Circuit Switched Services

Understanding IP Faxing (Fax over IP)

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

AUTOMATIC BILLING SYSTEM FOR CISCO ANALOG TELEPHONE ADAPTOR ATA 186/188

Foundations for the All-IP Network Access Concentration

White Paper ON Dual Mode Phone (GSM & Wi-Fi)

Lucent Technologies APX 1000 Universal Gateway The Universal Port Standard

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Mobility and cellular networks

Open Source in Network Administration: the ntop Project

LAWFUL INTERCEPTION: A MOUNTING CHALLENGE FOR SERVICE PROVIDERS AND GOVERNMENTS

Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated

IxLoad - Layer 4-7 Performance Testing of Content Aware Devices and Networks

HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19

The OSI and TCP/IP Models. Lesson 2

VoIP Glossary. Client (Softphone client): The software installed in the userâ s computer to make calls over the Internet.

Overview of Voice Over Internet Protocol

Gigabit Content Security Router

Internet Telephony PBX System

Using Asterisk with Odin s OTX Boards

Dialogic Vision VG Media Gateway

NetScan Real-time network monitoring

White Paper. Solutions to VoIP (Voice over IP) Recording Deployment

Solution Profile. Branch in a Box

Transcription:

Utimaco LIMS Access Points Realtime Network Monitoring for Lawful Interception and Data Retention

2 LIMS Access Points

Realtime Monitoring with Passive Probes Realtime monitoring of network connections has been used by telecom operators for years for various purposes, like quality of services monitoring, performance analysis, fraud detection, E911 location and billing. Specialized network probes are typically connected to the network by taps, thus receiving a copy of the communications traffi c. These probes analyze the traffi c based on defi ned fi lter rules and can extract data of specifi c interest. Law enforcement and intelligence agencies make use of passive probes for non-intrusive surveillance of communication links. Compared to the common approach of active monitoring, where network nodes, e.g. switches or routers, acquire the required data, probes have a number of advantages with regard to: Telecom operators and Internet service providers sometimes prefer network probes for similar reasons. That`s why probes are an integral part of the Utimaco Lawful Interception Management System (Utimaco LIMS ) and of the Utimaco Data Retention Suite (Utimaco DRS ). Management by Utimaco LIMS Management Interface Mediation by Utimaco LIMS Output Interface Performance, bandwidth support Capacity, number of simultaneous targets/fi lter rules Monitoring Interface Transparency Accuracy, level of details Network Link Network Tap Utimaco provides three types of probes: LIMS Access Points for IP services Cost-effective probes for single IP services like e-mail, VoIP, AAA, SMS, MMS LIMS Access Points DPI Deep Packet Inspection Probes for 1Gb to 10Gb Ethernet networks LIMS Access Points TDM Probes for circuit-switched networks based on E1/T1, SDH/SONET (STM-1 to STM-4) LIMS Access Points are centrally controlled by the Utimaco LIMS and Utimaco DRS. All data intercepted by the probes are encrypted and protected from unauthorized access. Before data is handed over to law enforcement agencies it is mediated to comply with international LI standards. 3

Deep Packet Inspection Deep Packet Inspection (DPI) is the name of a state-of-theart technology designed to meet some of the key challenges relating to the plethora of IP-based communication services. The ever-growing number of Internet applications and IP-based protocols make it hard for law enforcement agencies (LEAs) and communication service providers to identify bad guys or criminals on the net and to analyze their communications for the purpose of criminal investigations and prevention of terrorism. Utimaco LIMS Access Points implement DPI technology not only to fi lter individual IP packets but also to decode and analyze complete communications fl ows of more than 300 different Internet applications. The probes can either extract only the metadata (e.g. source ID, destination ID, IP addresses, port numbers, timestamps) or intercept entire communication sessions. Intercept targets can be identifi ed by a range of application specifi c user IDs, device IDs, network addresses or by keywords. Utimaco offers a variety of carrier-grade probes for different networks and services. Customers can select from a range of LIMS Access Points according to their actual needs for performance, protocol support and scalability. Supported services and protocols Networking protocols IPv4, IPv6, TCP, UDP, Ethernet, EtherIP, FTP, HTTP Tunneling protocols MPLS, GRE, L2TP, PPP, PPTP, GTP AAA protocols RADIUS, DHCP E-Mail POP3, SMTP, IMAP, MAPI Webmail Yahoo mail, Microsoft Hotmail, google mail, Maktoob, OWA VoIP SIP, RTP, H.323, SCCP Signaling SIGTRAN, MTP, MAP, SCCP, RANAP and many more Internet applications 4

LIMS Access Points are designed for non-intrusive monitoring without alerting subscribers or disrupting the service. The probes can be seamlessly integrated into networks of various kinds, such as broadband access networks, IP core networks, or Internet exchange networks. Common network access techniques such as passive taps (splitters) or switch span ports help ensure that there is no outgoing traffi c from the IP probe back to the network. Keeping Pace with New Types of Traffic Internet applications are constantly evolving. Regularly, new communications applications appear on the Internet and established application protocols are modified. So customers must be prepared to keep pace with this evolution. To this end, Utimaco provides support plans that give customers access to quarterly protocol updates and new protocol plugins. Such plug-ins can also be customized according to individual customer needs. Broadband Access Network N PSTN Core Network Exchange Network Mobile Access Network LIMS Access Points 5

LIMS Access Points DPI Realtime Monitoring of IP Networks Deep Packet Inspection In contrast to many other network probes, Utimaco LIMS Access Points do not just fi lter IP packet headers on wellknown ports but reassemble complete IP fl ows in order to analyze the header fi elds and the content of more than 300 IP-based protocols and Internet applications. By carrying out semantic analysis, the LIMS Access Point can track control connections that induce dynamically negotiated connections on temporary ports such as passive FTP, VoIP or full multimedia conferencing streams, gnutella or BitTorrent peer-topeer traffi c and instant messaging, and is able to automatically decode complex encapsulation tunnels. Lawful Interception and Data Retention Utimaco LIMS Access Points are fully integrated in the Utimaco LIMS (Lawful Interception Management System) and Utimaco DRS (Data Retention Suite). Intercept targets can be provisioned centrally in LIMS and will then be distributed to all connected LIMS Access Points for interception. For data retention purposes the probes can generate IPDRs (IP data records, or metadata) for all IP services or for those of specifi c interest. These IPDRs are sent to the Utimaco DRS for further processing and storage. Models LIMS Access Point for IP services 4x1Gb Ethernet (copper) up to 100kpps E-Mail AAA VoIP Mobile data LIMS Access Point DPI 1G 4x1Gb Ethernet (fiber or copper) up to 800kpps HW accelerated data aquisition Multi-protocol support LIMS Access Point DPI 10G up to 4x10Gb Ethernet (fiber or copper) up to 4,000kpps HW accelerated data aquisition stackable Multi-protocol support 6

High-Speed Monitoring Utimaco offers a range of probe models to meet customer requirements in terms of performance, capacity, and price. There are small appliances with a 100/1000 Mbit interface and single protocol support as well as blade-server systems with multiple 10 Gbit interfaces and sufficient capacity to monitor many protocols and thousands of targets simultaneously. All models are designed to provide line-speed performance with zero packet loss. Blade systems can be expanded by means of additional line cards and processor cards to accommodate growing network capacity. Flexible Target Identifi cation LIMS Access Points can identify targets by various kind of triggers related to a certain protocol or service. A target ID can be an IP address, MAC address, user ID, device ID, SIP- URL, TEL-URI, email address, URL, MSISDN, IMSI, IMEI, a keyword, or several other application-level IDs. A virtual ID manager correlates target IDs of different protocols and applications in order to capture all relevant traffic associated with a certain intercept target. For instance, a MAC address monitored in the DHCP traffi c can be automatically correlated to the associated IP address to capture all IP traffi c, a SIP-URI can be mapped to an IP address to capture all RTP traffi c, or an instant messaging login can be mapped to the IP address to intercept all IP traffi c to and from such a target. For investigators, this feature represents a great new tool for identifying the communications of a person under surveillance even when the information available for identifi cation is limited. Interception of Ongoing Sessions LIMS Access Points keep track of all online users authenticated via the DHCP, RADIUS, or GTP protocol. This feature enables intercepts to start immediately, even if a target user has been authenticated before the intercept is activated. Protocol Updates As new Internet applications emerge and communication protocols change, network operators must be prepared for changes and updates. Utimaco offers support plans that include free updates for new versions of protocols at predictable costs. Security & Availability Utimaco LIMS Access Points are designed to protect data from unauthorized access and to provide timely, secure delivery to the law enforcement agencies. Security features include full audit trails, communication encryption, access control, operating system hardening, automatic consistency checks and alarms. The probes are continuously monitored by the Utimaco LIMS or Utimaco DRS system and can support redundancy concepts with hot-standby functionality. Compliance Utimaco LIMS mediates and delivers intercepted communications in compliance with ETSI standards, CALEA, and other national lawful interception mandates. Utimaco DRS retains the data generated by the LIMS Access Points and provides controlled access to such data in accordance with national data protection and data retention laws. LIMS Access Points 7

Monitoring Telephony Networks Circuit-switched connections are still widely deployed in modern telecom networks to carry telephone calls, fax or SMS messages. When monitoring a standard PSTN network or a 2G or 3G cellular network for interception purposes, passive probes offer a worthwhile alternative to on-switch interception. Probes can either enhance the interception capabilities Benefi ts Highly scalable from one to thousands of circuits, up to 100,000 simultaneous targets 100% transparent no impact on existing network links Mass intercept monitors all calls and messages and generates CDRs of switching systems or replace the integrated interception functionality of switches entirely. Utimaco LIMS Access Points can be deployed at various positions in a network for monitoring both signaling and media. The probes associate the signaling to the bearer traffi c and then acquire the targeted call data and usage information. All intercepted data are mediated by the Utimaco LIMS before they are delivered to the law enforcement agency over standardized interfaces. Alternatively or in addition, the same LIMS Access Points used for targeted interception can also generate call detail records (CDR) for all communications session. The CDRs can be collected by the Utimaco DRS for long-term retention and further analysis. Standards-compliant ETSI conform hand-over via ISDN or IP LIMS Access Points 8

Utimaco LIMS Law Enforcement Agency LIMS Management Server HI1 (target: MSISDN, IMSI, IMEI) LIMS Access Point TDM X1 (target: MSISDN, IMSI, IMEI) X2 (IRI) X3 (CC) LIMS Mediation Device HI2 (DF2:IRI) HI3 (DF3:CC) Monitoring Center NodeB BTS 3G Radio Access Network I U CS I U PS A G B 2G Radio Access Network E G n Mobile Core Network Y u G i PSTN/ISDN Internet 9

LIMS Access Points TDM Realtime Monitoring of Circuit-Switched Networks Communications Interception and Data Retention The LIMS Access Point TDM supports the interception of signaling, content and location data of telephony calls, SMS messages and faxes on a wide range of networks: PSTN GSM UMTS CDMAone, CDMA2000 The probes are fully integrated in the Utimaco LIMS and DRS, where intercepted data is mediated and retained. Target Identifi cation The LIMS Access Point is capable of correlating different identities of a single subscriber, even over multiple interfaces. Each probe tracks in realtime all occurrences of MSISDNs, IMSI, MSRN, IMEI, and TMSI. This allows the probe to acquire all data related to a target by just defining one of its identities. Content Analysis Realtime monitoring with the LIMS Access Point is not restricted to signaling only. The probe can also detect and extract DTMF tones, CAS tones (C5, R2), and fax/modem calls from bearer channels. The integrated CIC mapping technology assures accurate automatic correlation between signaling and bearer channels. Interface Support E1/T1 SDH/SONET (STM-1/OC3, STM-4/OC-12) 1G Ethernet (1000Base-T) Protocol Support SS7 ISUP/TUP (incl. country specifi c implementations) ISDN PRI, C5, R2, DTMF, fax/modem GSM/CDMA A-Interface, Abis-Interface UMTS IuCS, IuPS, RANAP ATM, HDLC, TCP/IP SIGTRAN, SMPP Performance Figures Scalable to monitor up to 16,000 TDM connections in realtime Supports up to 100,000 concurrent targets Hardware Platforms Server: 1U 19 rack mount 110/230V AC power, redundant CE, FCC, UL compliant Chassis: 2U 19 rack mount w/ 3 cpci slots or 5U 19 rack mount w/ 8x cpci slots 110/230V AC power, -48V DC power, redundant CE, FCC, UL compliant Switch: 1U 19 Ethernet switch 10/100/1000 Base-T 110/230V AC power, FCC, CE compliant Standards ETSI TS 101 671 (TDM delivery) ETSI TS 102 232-1, TS 102 232-6 (IP delivery) LIMS Access Points 10

Models LIMS Access Point TDM-S up to 4x E1/T1 (duplex) integrated 2 x 1 Gb Ethernet (copper) 1U server LIMS Access Point TDM-M up to 32 x E1/T1 (duplex) or up to 2 x STM-1 (duplex) 2x1Gb Ethernet (copper) 1U server + 2U cpci chassis LIMS Access Point TDM-L up to 64 x E1/T1 (duplex) or up to 4 x STM-1/STM-4 (duplex) 2x1Gb Ethernet (copper) 1U server + 2U cpci chassis 11

For more information on the Utimaco LIMS and Utimaco DRS, please visit: www.utimaco.com/lims Utimaco Safeware AG Germanusstraße 4 52080 Aachen Germany Phone +49 (0) 241-16 96-0 li-contact@utimaco.com Utimaco Safeware Partner: Copyright Information Copyright 1994-2011 Utimaco Safeware AG a member of the Sophos group, February 2011 Utimaco LIMS, Utimaco DRS Utimaco LIMS and Utimaco DRS are trademarks of Utimaco Safeware AG. All other named trademarks are trademarks of the particular copyright holder. Specifi cations are subject to change without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information