DECISION Group Inc.. Decision Group www.edecision4u.com Monitoring Center Solution on Internet Access for LEA or Intelligence.

Slides:



Advertisements
Similar presentations
Decision Group Forensics Investigation Toolkit (FIT) Layer 7 Content Reconstruction Tool.
Advertisements

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Page 1 / 18 Internet Traffic Monitor IM Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.
1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
EduCause LI Overview February 2007
Principles of Information Technology
Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010.
Total LI Compliance using Turn-key Applications and Solutions Rami Mittelman V.P. Product Marketing.
MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Network Forensics and Lawful Interception Total Solutions Provider
DECISION GROUP The Pioneer of IT Forensics Taipei, Germany, Hong Kong, Singapore.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
Internet…issues Managing the Internet
CHAPTER THE INTERNET, THE WEB, AND ELECTRONIC COMMERCE 22.
IMonitor Software About IMonitorSoft Since the year of 2002, coming with EAM Security Series born, IMonitor Security Company stepped into the field of.
DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
Forensic and Investigative Accounting
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Market Analysis Decision Group.
Security and LI; ETSI’s role in standards
Cyber Crime & Investigation IT Security Consultant
Surveillance Equipment For Internet Activities It is a Internet activities surveillance equipment designed for sniffer package from networking, converter.
Chapter 16 The World Wide Web Chapter Goals ( ) Compare and contrast the Internet and the World Wide Web Describe general Web processing.
Lawful Interception & Packet Forensics Analysis System for Telecom and ISP Special promotion:- EDDC : Off-line Packet Reconstruction & Network Forensics.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
What makes a network good? Ch 2.1: Principles of Network Apps 2: Application Layer1.
Network Services Networking for Home & Small Business.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
CS101 Introduction to Computing Lecture 7 Internet Services.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
| E. Marocco, G. Canal VoIP Conference 2006, 26 th October P2PSIP for Communications in New Network Topologies Enrico Marocco Research Engineer
| E. Marocco, G. Canal Lucent, 2006, 26 th October P2PSIP: Interworking Enrico Marocco Research Engineer
Decision Group Inc. E-DETECTIVE Decision Group Inc.
STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.
Introducing the Internet and The Web Computer Concepts Unit A What Is Internet.
E-Detective HTTPS/SSL Interception – MITM & Proxy Decision Group
Chapter 1 Communication Networks and Services Network Architecture and Services.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
CALEA IMPLEMENTATION IN VoIP NETWORKS By Cemal Dikmen, Ph.D. General Manager Lawful Intercept Products SS8 Networks, Inc. Thursday - 02/24/05, 8:15-9:00am.
E-Detective Decoding Centre (EDDC) Offline Decoding & Reconstruction Solution Decision Group
Internet Architecture and Governance
E-Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) Decision Group
THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
2005 Electronic Messaging Opportunities IT and Security Services Department 22 February 2005.
E-Detective Network Investigation Toolkit - NIT (2010) Decision Group
Overview SessionVista™ Enterprise is the first integrated network monitoring and control appliance that combines application layer firewall capabilities.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 Internet II A consortium of more than 180 universities, government agencies, and private businesses.
2 pt 3 pt 4 pt 5pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2pt 3 pt 4pt 5 pt 1pt 2pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4pt 5 pt 1pt Internet History Computer Networks.
Decision Group April 2010 Market Analysis. Agenda  Market  DPI/DPC Market Size  Market Segments  Forensic Solution Market  Competitors  Decision.
and Internet Explorer.  The transmission of messages and files via a computer network  Messages can consist of simple text or can contain attachments,
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
8 88 CHAPTER The Internet, the Web, and Electronic Commerce.
The Internet Technological Background. Topic Objectives At the end of this topic, you should be able to do the following: Able to define the Internet.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensics Investigation Toolkit (FIT) Offline Raw Data Files Parsing and Reconstruction Tools (Windows) Decision Group
CompTIA Security+ Study Guide (SY0-401)
Instructor Materials Chapter 5 Providing Network Services
Introduction to Computers
Networking for Home and Small Businesses – Chapter 6
Internet LINGO.
Networking for Home and Small Businesses – Chapter 6
CompTIA Security+ Study Guide (SY0-401)
E-commerce Infrastructure
Lawful Interception Basics
Networking for Home and Small Businesses – Chapter 6
Presentation transcript:

DECISION Group Inc.

Decision Group Monitoring Center Solution on Internet Access for LEA or Intelligence

A legally sanctioned official access to private communications of specific targets through – telephone calls – messages – … A security process: through which a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations. What is Lawful Interception

What Challenges to Current LI  Based on old telecom network of voice analog technology without support of new IP technology  All batch job task without quick response to immediate events  LI result report acquired one or two days later because of batch processing tasks  Only on voice and without on the scope of many other popular online services  Cyber crime rings rely on 60% on voice and and 40% on other social media, instant message, and interactive tools… Current Out-of-Date LI Technology cannot Mitigate the Risk of Attacks from Crime Rings

For both Telecom and Network Environment Compliant with ETSI or CALEA Standards Getting IP packet data stream from Telecom and Internet Service Providers Decoding as many protocols as possible Data retention capability for long term tracking and reporting Easy to deploy and manage with high security control New Criteria for LI

Scenario and Actors for LI target Correspondent Handover interface Interception interface Regulators Service Providers Mediation Vendors Collection Vendors Interception Vendors Monitor

ETSI Lawful Interception Model LEMF Network Internal Functions Intercept related information (IRI) Content of Communication (CC) Administration function IRI Mediation function Content Mediation function IIF INI HI1 HI2 HI3 IIF: Internal interception Function INI: Internal Network Interface HI1: Administraive Information HI2: Intercept Related Information HI3: Content of Communication NWO/AP/SvP Domain Interception Vendors Mediation Vendors Collection Vendors

LI LEA LI ISP Court Investigator Crime Investigation Cycle with LI Interception & Filtering Delivery Target Provision Warrant Management Decoding & Reconstruction Deep Content Inspection Presentation GSN Core Router BRAS AAA IP Data -Control Plane -User Plane

Wired IAS Passive Interception

Wired IAS Active Interception

Wireless 3G Passive Interception

iMonitor (I) Warrant Management - Target type ISP account(RADIUS), CPE MAC address(RADIUS), MSISDN(Phone Number) - Warrant/Target life cycle management Quest for the target context Set start-time and end-time for the warrant /target Suspend receiving data for time-out warrant/target LEMF interface - ETSI TS /2/3 - DG proprietary interface Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection

iMonitor (2) Decoding and Reconstruction - Receive data through handover interface - Protocol decoding and reconstruction Instant Message: MSN messenger, Yahoo messenger, Facebook IM… Mail: POP3, SMTP, web mail VoIP: SIP, H.323, RTP, Codec(G.711/G.729) Social Network: Facebook, Plurk, Twitter, Youtube… Other common protocols: HTTP, Telnet, FTP, …. - Protocol decoding and recognition : Skype, What’s app, LINE… Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection

iMonitor Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…

Content of Facebook, friend list and attached files iMonitor Sample: Facebook

Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed iMonitor Sample: HTTP (Web Link, Content and Reconstruction)

iMonitor Sample: HTTP Upload/Download

iMonitor (3) Deep Content Inspection - Advanced and fast keyword search on reconstructed content - Identity link and communication link discovery System Capacity - 400Mbps - Max number of provision targets: - Max number of inspector: 20 Server Hardware(recommended) - HP DL380 Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection

Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by or SMS if SMS Gateway is available. Throughput alert function also available! iMonitor Sample: Alert and Notification – Alert with Content

Complete Search – Full Text Search, Conditional Search, Similar Search and Association Search Conditional Search Full Text Search Association / Link Search iMonitor Sample: Search – Full Text, Condition, Association