Cs Wif I System Overview 2009


Published on


  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cs Wif I System Overview 2009

  1. 1. <ul><li>CS incorporates Delma and 3 rd party components (list on request) </li></ul><ul><li>CS is designed for multi-media lawful interception of data transmitted over Internet, mobile phone, landline and other IP networks. </li></ul><ul><li>Based on specified identification criteria , CS </li></ul><ul><ul><li>detects Internet connections or phone identifiers of selected users, </li></ul></ul><ul><ul><li>captures information originated by or directed to such users, </li></ul></ul><ul><ul><li>stores it in a Database for subsequent examination. </li></ul></ul><ul><li>CS performs control of data transmitted by standard as well as data non-standard protocols </li></ul><ul><li>CS is operated via easy-to-use multilanguage Windows interface </li></ul>
  2. 2.
  3. 3. <ul><ul><li>System is scalable by traffic filtering performance. </li></ul></ul><ul><ul><li>Cluster version has data capture rate – up till 7 Gb/s on common equipment (and more depending on hardware). </li></ul></ul>Performance
  4. 4. <ul><li>WINDOWS based interface is structured as a standard email client, the interface has a familiar-looking tree of objects and viewing panes allowing the user to easily locate and analyze the data of interest. </li></ul>
  5. 5.
  6. 6. <ul><li>Web page visualisation </li></ul><ul><li>Complete restoration of web pages </li></ul><ul><li>Viewing in standard Internet browser </li></ul><ul><li>Web pages sequence exploring </li></ul>
  7. 7. FTP file page visualisation
  8. 8. Messaging visualisation
  9. 9. <ul><li>Tapping Interfaces </li></ul><ul><li>System wiretapping device support the following OSI Layer 2/3 protocols : </li></ul><ul><ul><li>Ethernet IEEE 802.3 10/100/1000/10000 </li></ul></ul><ul><ul><li>STM-1/STM-4, </li></ul></ul><ul><ul><li>G.703 / G.704 (E1), </li></ul></ul>
  10. 10. <ul><li>Tunneling protocols: PPPoE, PPTP, L2TP, GRE, IP-in-IP including fragmented IP packet processing </li></ul><ul><li>Mail and news protocols: IMAP4, POP3, SMTP, NNTP </li></ul><ul><li>Hypertext and file transfer protocols: HTTP, WAP, FTP </li></ul><ul><li>Web-mail over HTTP: Gmail, Yahoo, Hotmail etc. </li></ul><ul><li>Authentication protocols RADIUS, TACACS+, DIAMETER </li></ul><ul><li>Remote control: Telnet, etc. </li></ul>Protocol Decoding
  11. 11. <ul><li>Instant messaging & IRC : MSN, Yahoo, AOL, ICQ </li></ul><ul><ul><li>Text chat </li></ul></ul><ul><ul><li>Files </li></ul></ul><ul><ul><li>Voice </li></ul></ul><ul><li>GSM/GPRS network protocols: GTP, MMS, WAP </li></ul><ul><li>And more….. </li></ul>Protocol Decoding
  12. 12. <ul><li>Signaling protocols: H.323, SIP, IAX2, MGCP, Skinny, H.248 </li></ul><ul><li>Codecs supported : G.711, G.729 and more… </li></ul><ul><li>Fax and video over IP </li></ul><ul><li>Audio & Video Conferences </li></ul>VoIP Protocol Decoding
  13. 13. <ul><li>Keeping Internet user statistics </li></ul><ul><li>Dump decoding of pcap files </li></ul><ul><li>Incoming traffic SPAM pre-filtering (optional for off-line analyzer model) </li></ul>Additional Functionality Features
  14. 14. <ul><li>IP address or net of IPs in combination with TCP/UDP ports; </li></ul><ul><li>Email address; </li></ul><ul><li>I M l ogin name (AOL, MSN, ICQ); </li></ul><ul><li>Dialup access number; </li></ul><ul><li>MSISDN number of a GSM/GPRS subscriber; </li></ul><ul><li>IMSI code of a GSM/GPRS; </li></ul><ul><li>U ser login name; </li></ul><ul><li>Access line identifier of an xDSL, Ethernet or leased line subscriber; </li></ul><ul><li>Calling or called telephone number of a VoIP service user, or access number of the ITSP rendering VoIP services ; </li></ul><ul><li>VoIP login name; </li></ul><ul><li>HTTP URL of a website to monitor access to the web pages; </li></ul><ul><li>Name of a file up- or downloaded under FTP or exchanged through peer-to-peer communication ; </li></ul><ul><li>Keyword, with the possibility of traffic pre-filtering by IP address or subnet for the ease of detection and web mail interception ; </li></ul><ul><li>Keyword/pattern in 7 Gb/s in a variety of encodings; </li></ul><ul><li>Keyword/pattern in complex objects (MS Office files, archives, PDF files), optional for off-line analyzer model. </li></ul>Target information Decoding
  15. 15. <ul><li>Visualization of intercepted data via Windows based   application </li></ul><ul><li>Access to the intercepted email through POP3/IMAP4 </li></ul><ul><li>Visualization of TCP/UDP sessions in the hexadecimal or text format </li></ul><ul><li>Investigation and analysis of the contacts of criminal suspects </li></ul><ul><li>Import/export facilities, including saving to removable media in portable format </li></ul>Data Management
  16. 16. <ul><li>Hierarchy of users, logging all users activity </li></ul><ul><li>Remote monitoring and administration </li></ul><ul><li>Prevention of unauthorized access and unauthorized access attempts logging </li></ul><ul><li>Logs of the system errors that might affect the investigation process </li></ul>System Administration
  17. 17. <ul><li>Traffic Probe – passive interception, decoding and objects reconstruction in real time </li></ul><ul><li>Load balancer – TCP/UDP flows balancer between several probes for high-speed networks </li></ul><ul><li>Monitoring Centre – intercepted object database, configuration storage </li></ul><ul><li>Offline analyzer – provides enhanced possibility of keyword search in complex data formats (MS Office, MS Access, PDF, archives) </li></ul><ul><li>Operator workstations – provide GUI to access to the system through connection to Monitoring Centre (absent on the picture) </li></ul>System Components
  18. 18. <ul><li>Passive listening connection to network of service provider </li></ul><ul><li>Secure communication links between system modules </li></ul><ul><li>Remote health control </li></ul><ul><li>Back-up and restoration procedures </li></ul>Connection Layout and Safety Measures:
  19. 19. <ul><li>Distributed architecture for complex networks </li></ul><ul><li>Probe, Monitoring Center, Off-Line Analyzer (if present) are deployed on standalone platforms . </li></ul><ul><li>« Multi-probe » </li></ul><ul><li>Probe is connected to several independent Monitoring Centers and provides independent service for each of them . </li></ul><ul><li>Standalone configuration </li></ul><ul><li>Probe and Monitoring Centre are deployed on a single platform . </li></ul><ul><li>Mobile configuration: </li></ul><ul><li>Probe + Monitoring Center + Workstation are on a single laptop platform. </li></ul>Configuration options
  20. 20. Distributed configuration
  21. 21. Standalone configuration
  22. 22. Mobile configuration
  23. 23. <ul><li>Data capture rate – 7 Gb/s on common equipment and more on scalable hardware ! </li></ul><ul><li>Keyword search filtering performance in 8 encodings – 7 Gb/s ! </li></ul><ul><li>Up to 48 traffic probes per control server ! </li></ul><ul><li>Up to 96 wiretapping points ! </li></ul><ul><li>Unlimited number of workstations per one control server ! </li></ul><ul><li>Keyword search in complex objects (MS Office files, PDF files, archives) ! </li></ul>KEY ADVANTAGES
  24. 24. <ul><li>Projecting </li></ul><ul><li>Installation </li></ul><ul><li>Training </li></ul><ul><li>Consulting </li></ul><ul><li>Customization </li></ul><ul><li>Support & Maintenance </li></ul>Services and support