Meaningful Lawful Intercept (LI) demands the capture and analysis of 100 percent of the traffic crossing a network—whether in 10G or 1G interfaces, or a combination. Sharon likens the challenge to “finding the needle in the haystack,”
Dev Dives: Streamline document processing with UiPath Studio Web
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
1. Identifying the needle in the 10/40/100G haystackSharon Besser, VP Technologies Net Optics Intelligent Access and Monitoring Architecture
2. Goal Present a methodology and solution of leveraging access switching to overcome current and future Lawful Interception challenges
3. Net Optics In a Nutshell Customers Financial, Telco, Healthcare & Government 85% of the Fortune 100 50% of the Fortune 500 7000 Global Deployments Highlights Founded in 1996, Private, Self-Funded 55 Quarters of Growth & Profitability Strong Management Team Sales Offices in New York, Atlanta, Germany 300 plus new direct customers annually Go to Market Strategy 30% Direct Sales 25% OEM/Partner Relationship 45% Global Channel Technology 20+ Patents and Patent Pending Requests
4. Cause and Effect Industry / Networking Data Center Lawful Interception
15. What Customers Want Meet Lawful interception challenges in high capacity networks But how?
16. The LI Foundation: Reliable Copy End user 1 End user 2 Application Application Interception Node Transport Transport Network Network Network Link + Physical Link + Physical Link + Physical Copy LEA Site LEMF Application Application Transport Transport Network Network Link + Physical Link + Physical Source: ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture
17. Current Approach Is Not Scalable Invest in new systems capable to handle 10G/40G/100G Packet duplication add burden on the network Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN
18.
19. Access Switching: Do More With Less 10/40/100Load Balancing Share the load between multiple tools Centralized intelligence for more endpoint Leverage existing / cheap / 1G tools Plan for growth Pre-filter w/ DPI to detect desired traffic on any port Pre-filtering is a mature technology DPI allows to identify data of interest and forward to the monitoring/recording tool GRE tunneling Distribute the collection infrastructure Cloud Monitoring Inter-VM and cloud based monitoring Any type of media Fiber, copper or both
20. Summary Modern and advanced Access switching technology provides the scalable solution to meet Lawful Interception challenges in high capacity networks by focusing on improving collection infrastructure
Capture – CC (Content of Communication) and IRI (Intercept Related Information) related to the subject are extracted from the network.Filtering – information related to the subject that falls within the topic of the inquiry is separated from accidentally gathered information, and formatted to a pre-defined delivery formatDelivery – requested information is delivered to the LEMF The Administration Function (ADMF) receives interception ordersfrom the LEA and hands them over to• Internal Intercept Functions (IIF), which are located tactically within network nodes and generate the two desired types of information, CC and IRI.• Mediation Functions (MF) take charge of delineation between thetwo networks. They implement Internal Network Interfaces (INI),which may be proprietary, to communicate within the PTN, andstandardized interfaces, to deliver requested information to one ormoreLEMFs.
From Cisco:The switch fabric performs the duplication of the original filtered packet. One packet is forwarded to the egress line card. The other packet is forwarded to the Route Processor or to the SIP-400 for LI hardware acceleration.