Gaining Total Visibility for Lawful Interception

Similar documents
WHITE PAPER. Gaining Total Visibility for Lawful Interception

Net Optics and Cisco NAM

HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES

Fail-Safe IPS Integration with Bypass Technology

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

Efficient Network Monitoring Access

Application Performance Management and Lawful Interception

Introducing STAR-GATE Enhancements for Packet Cable Networks

Remote Forensic Software. Dr. Michael Thomas DigiTask GmbH, Germany

Why sample when you can monitor all network traffic inexpensively?

domain is known as the high side, and the less secure domain is the low side. Depending on the application, the

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

VPN. Date: 4/15/2004 By: Heena Patel

Implementing VoIP monitoring solutions. Deployment note

Network Performance Channel

Simple Law Enforcement Monitoring

Net Optics xbalancer and McAfee Network Security Platform Integration

SIP Trunking with Microsoft Office Communication Server 2007 R2

T.38 fax transmission over Internet Security FAQ

Firewall Architecture

Is Skype Safe for Judges?

BITEK INTERNATIONAL INC PRESENTS: MANAGING VOIP

Understand Wide Area Networks (WANs)

IP Telephony Basics. Part of The Technology Overview Series for Small and Medium Businesses

Guideline on Auditing and Log Management

Reporting and Incident Management for Firewalls

INSTANT MESSAGING SECURITY

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

Key Drivers of Hosted Voip

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

FAQ - Device Question Can I forward calls to my mobile device? Question Can I have my greetings professionally recorded?

Privacy Year in Review: Privacy and VoIP Technology

Networks 2. Gabriela Ochoa University of Stirling CSCU9B1 Essential Skills for the Information Age. Content

Methods for Lawful Interception in IP Telephony Networks Based on H.323

Computer Science 199r. CALEA, The USA PATRIOT Act, and VoIP: Privacy Concerns with Next Generation Telephony

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

EAGLE EYE IP TAP. 1. Introduction

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

SIP Trunking Configuration with

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

AT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

IP Office Technical Tip

IP Network Control: Turning an Art into a Science. Case Study: Global Crossing

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

IP Telephony Management

REPORT & ENFORCE POLICY

West River Telecom Network Management Practices Policy

Reduce Your Virus Exposure with Active Virus Protection

CTS2134 Introduction to Networking. Module Network Security

Netsweeper Whitepaper

74% 96 Action Items. Compliance

Observer Analysis Advantages

How To Buy Nitro Security

Terms VON. VoIP LAN WAN CODEC

South Dakota Network, LLC (dba SDN Communications) Open Network Policies

BlackRidge Technology Transport Access Control: Overview

LOG MANAGEMENT: BEST PRACTICES

WHITE PAPER. Tap Technology Enables Healthcare s Digital Future

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Network Service, Systems and Data Communications Monitoring Policy

FAQ - Features Question Question Question Question Question Question

GeoMatrix. Positioning of Mobile Phones System

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Top tips for improved network security

These practices, characteristics, terms and conditions are effective as of November 20, 2011.

Walnut Telephone Company, Inc. dba/ Walnut Communications Network Management Practices Policy Disclosure

IRC Forensic Basics. by: James Guess. Internet Relay Chat (IRC) first met the world in the late 1980 s. It was the first

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Implementing VoIP support in a VSAT network based on SoftSwitch integration

Partner with the UK s leading. Managed Security Service Provider

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

VoIP: Architectural Differences of SIP and MGCP/NCS Protocols and What It Means in Real World VoIP Service

State of Texas. TEX-AN Next Generation. NNI Plan

VPN Technologies: Definitions and Requirements

Internet and Services

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5

Variable length subnetting

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Three Key Design Considerations of IP Video Surveillance Systems

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

WHITE PAPER. Application Performance Management and Lawful Interception

U.S. Department of Justice. Federal Bureau of Investigation VIA ELECTRONIC SUBMISSION

High Performance VPN Solutions Over Satellite Networks

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

Intelligent Threat Management TM Coupled with Automated Threat Management

In this Profile. USA Tel: Fax:

Monitoring applications to increase security in 40G and 100G networks

AppDirector Load balancing IBM Websphere and AppXcel

Steps for Basic Configuration

Deploying Firewalls Throughout Your Organization

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

ICTNPL5071A Develop planning strategies for core network design

EBOOK. The Network Comes of Age: Access and Monitoring at the Application Level

Achieving PCI Compliance Using F5 Products

Thanks to SECNOLOGY s wide range and easy to use technology, it doesn t take long for clients to benefit from the vast range of functionality.

Transcription:

This paper provides a basic deinition and description of Lawful Interception (LI), as well as offering a brief overview of current challenges that confront communications organizations and law enforcement. The paper also evaluates some technology options for organizations in monitoring digital and voice communications across diverse channels. LI encompasses all activities that affect the capture and storage of digital and voice communications traveling over the network of a service provider, including the telephone and the Internet. Each country has its own criteria for deining criminal or terrorist activities; the purpose of LI is to gather evidence to detect and prevent such activities. In the United States, the Communications Assistance for Law Enforcement Act (CALEA) sets forth how service providers must support lawful interception. Abroad, the European Telecommunications Standards Institute (ETSI) drives adoption of standards for telecommunications, broadband, and related technologies in Europe and other countries. - 1 -

The Purposes of Lawful Interception LI is intended to obtain certain communications network data for the purposes of analysis, or for use as evidence, pursuant to legal authority. Such data might take the form of signaling or network management information or may include the actual content of the communications. If data is not obtained in real time, LI activity is referred to as access to retained data. The term lawful interception describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order. To protect the common welfare, nations worldwide have adopted legislative regulations mandating that communications providers design their networks in such a way as to enable authorized electronic surveillance. International standards organizations set forth parameters to guide service providers (SPs) and manufacturers in implementing these standards. Most people are aware of surveillance in the form of wiretaps on traditional telecommunications such as telephones. As communication technologies have become more complex, interception techniques have grown accordingly. Nowadays, the idea behind wiretapping is also employed in voice, data, and multiservice networks that deliver Internet services. Figure 1 illustrates the variety of communications that can be monitored, including voice over IP (VoIP), email, Web trafic, ile sharing, and so forth. Wiretapping in the Digital Age Wiretapping applied to digital media differs in process but not in either intent or concept from analog. Under LI, a Law Enforcement Agency (LEA) will decide to perform electronic surveillance on a target, under the authorization of a judge or other authority. Surveillance is implemented by means of wiretaps on traditional telecommunications and by digital intercepts on Internet services in voice, data, and multiservice networks. The LI process may be handled by a third-party vendor using its own proprietary mediation device. Such a device not only provides the interface that LI uses for interception but can also create requests to other network devices to carry out the LI. Lastly, the mediation device can convert the trafic into the format required by the LEA, which can vary by country or by governmental agency. The LEA. after demonstrating legally mandated probable cause, might deliver a request for a wiretap to the SP of the entity under investigation. That SP then uses the target s Internet Protocol (IP) address to determine which of its edge routers handles the target s trafic in the form of data communication. The SP intercepts suspect trafic as it passes through the router and sends a copy to the investigative agency without the awareness of the entity under investigation. The need for accuracy and reliability of the information is dificult to overstate, because the consequences of surveillance may be profound, both for the target and for law enforcement itself. The LI Monitoring Infrastructure: Concepts and Components The technology of LI monitoring is driven foremost by the changing needs of law enforcement which in turn respond to the fast-evolving Internet and the nature of the threats. As a result, a variety of solutions has emerged to address diverse applications such as homeland security and may require information delivered in speciic formats. Because intercepts on the network must be secret, the active intercept messages have to be kept separate from messages used for routine call setup. At its most fundamental level, LI monitoring technology consists of a listening device placed on the telephone or computer cable a process conducted in accordance with the requisite legal permissions for - 2 -

interception plus a device to record and alert authority when trigger points are reached. For example, a CALEA for Voice feature would allow the lawful interception of voice conversations running on VoIP. When a law enforcement entity wishes to monitor a telephone conversation, CALEA for Voice would make copies of IP packets carrying the conversation and send duplicates to respective monitoring devices. Telephone interception and monitoring Telephone conversations may be recorded in their entirety, or in a form determined by the need of the speciic legal instance: For example, recording might be conined to outgoing conversations only, or to solely international calls. Some messages are audited in real time and only recorded and stored if content of a suspicious nature becomes evident in a short period of time. Pen Register or Trap and Trace devices record or decode dialing, routing, addressing, or signaling information, but do not include the contents of any communication. They take note only of calls and data similar to that which appears on a phone bill, such as time of call, answer, disconnect, and call forward information. Computer Trafic Monitoring In the U.S., LI capabilities on the Web are legally mandated by the Communications Assistance for Law Enforcement Act (CALEA). This is because computer-to-computer communication presents a huge volume of information and potential threats, with so many people and entities connecting to Web sites, email servers, ISPs, and ile servers daily. LEAs can ilter this information for authentic threats by tracking users; or by tracking the data itself that is transferred; or by noting trafic patterns. Following is a list of primary activities that can be monitored: Web site use tracking When a user connects to a Web site, the site can record the IP address that the user connected from and the one that he or she connects to afterwards. LEA can also track this activity. Email Email typically passes through many intermediary sites between sender and receiver. These sites Internet Web and Email Servers VoIP, FTP and File Servers Firewall Router Workgroups Network Controller - 3 - Monitoring Tools s and a Network Controller provide invisible, transparent access to digital communications for LI applications

can consist of any page on the Internet, the Internet Service Provider, Web-hosting services, and the email provider. Email messages can be intercepted in or between any of these sites. Instant Messenger (IM) Instant Messenger-type correspondence is sent from the IM originator s computer to a server, and from there to the recipient s computer. File Transfer File transfer moves data from one computer to another, typically over the Internet. Since all iles travel in packets sent over an IP-based network, any type of ile can be transferred: music downloads, data storage, or tax payments. Encryption Users can encrypt some telephone conversations and most computer transmissions. However, unless the user performs this encryption very carefully, using sophisticated, strong keys, the data may be vulnerable to decryption, given enough computing power and time. LEAs can also send encrypted data to forensic specialists for decryption, if they deem that necessary. Functional Requirements for a Lawful Interception Device For an LI device to function effectively, it should embody the following feature set: Undetectability and unobtrusiveness. Neither the initiator or recipient of a communication should be able to detect the presence of the LI device. The LI device should passively record all network transactions and not alter any part of the network trafic. Real-time monitoring capabilities. Because of the nature of law enforcement, timing is of the utmost importance in preventing a crime or an attack or in gathering evidence. Complete visibility into network trafic. This includes: - 100 percent visibility at any point in the communication stream - Zero dropped packets: This is particularly important with encryption, where missing characters can render a message incomplete or unreadable. Adequate processing speed. This must be suficient to match network bandwidth. Net Optics: a Range of Solutions for Lawful Interception Test access ports, or s are devices used by carriers and others to meet the capability requirements of CALEA legislation. Net Optics s reside in both carrier and enterprise infrastructures to carry out network monitoring and to improve both network security and eficiency. These devices are placed in-line to provide permanent, passive access points to the physical stream. That passive characteristic of s means that the network data is unaffected, whether the is powered or not. As part of an LI solution, s have proven more useful than Span ports. If LEA must reconigure a switch to send the right conversations to the Span port every time intercept is required, a risk arises of misconiguring the switch and connections. Also, Span ports drop packets another signiicant monitoring risk, particularly in encrypted communications. Director Xstream and ilink Agg Xstream enable deployment of an intelligent, lexible and eficient monitoring access platform for 10G networks. Director Xstream s unique Flow iltering technology enables LI to focus on select trafic of interest for each tool, based on protocols, IP addresses, ports, and VLANs. The robust engineering of Director Xstream and ilink Agg Xstream enable a pool of 10G and 1G tools to be deployed across a large number of 10G network links, with remote, centralized control of exactly - 4 -

In addition, law enforcement can share tools and data access among groups without contention and centralize data monitoring in a network operations center. Director Pro Network Controller switch provides law enforcement with Deep Packet Inspection (DPI) capabilities or credit card number. The product differs from other platforms deep the packet is; or the location of the data to be matched within the packet. With its history of leading innovation in monitoring and security solutions, Net Optics provides scalable, easy-to-use products designed to support Lawful Interception projects, users, and goals. The company offers equipment to telecoms and service providers who fall under the CALEA mandate, as well to LI solution resellers. Net Optics solutions are purpose-built for LI, offering the performance, visibility, and For further information about technology for lawful interception applications: http://www.netoptics.com Net Optics, Inc. 5303 Betsy Ross Drive Santa Clara, CA 95054 (408) 737-7777 info@netoptics.com Distributed by: Network Performance Channel GmbH Ohmstr. 12 63225 Langen Germany +49 6103 906 722 info@np-channel.com www.np-channel.com Disclaimer: Information contained herein is the sole and exclusive property of Net Optics Inc. Your retention, possession or use of this information constitutes your acceptance of these terms. Please note that the sender accepts no responsibility for viruses and it is your responsibility to scan attachments (if any). - 5 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information