Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cs Wif I System Overview 2009


Published on


  • Be the first to comment

  • Be the first to like this

Cs Wif I System Overview 2009

  1. 1. <ul><li>CS incorporates Delma and 3 rd party components (list on request) </li></ul><ul><li>CS is designed for multi-media lawful interception of data transmitted over Internet, mobile phone, landline and other IP networks. </li></ul><ul><li>Based on specified identification criteria , CS </li></ul><ul><ul><li>detects Internet connections or phone identifiers of selected users, </li></ul></ul><ul><ul><li>captures information originated by or directed to such users, </li></ul></ul><ul><ul><li>stores it in a Database for subsequent examination. </li></ul></ul><ul><li>CS performs control of data transmitted by standard as well as data non-standard protocols </li></ul><ul><li>CS is operated via easy-to-use multilanguage Windows interface </li></ul>
  2. 2.
  3. 3. <ul><ul><li>System is scalable by traffic filtering performance. </li></ul></ul><ul><ul><li>Cluster version has data capture rate – up till 7 Gb/s on common equipment (and more depending on hardware). </li></ul></ul>Performance
  4. 4. <ul><li>WINDOWS based interface is structured as a standard email client, the interface has a familiar-looking tree of objects and viewing panes allowing the user to easily locate and analyze the data of interest. </li></ul>
  5. 5.
  6. 6. <ul><li>Web page visualisation </li></ul><ul><li>Complete restoration of web pages </li></ul><ul><li>Viewing in standard Internet browser </li></ul><ul><li>Web pages sequence exploring </li></ul>
  7. 7. FTP file page visualisation
  8. 8. Messaging visualisation
  9. 9. <ul><li>Tapping Interfaces </li></ul><ul><li>System wiretapping device support the following OSI Layer 2/3 protocols : </li></ul><ul><ul><li>Ethernet IEEE 802.3 10/100/1000/10000 </li></ul></ul><ul><ul><li>STM-1/STM-4, </li></ul></ul><ul><ul><li>G.703 / G.704 (E1), </li></ul></ul>
  10. 10. <ul><li>Tunneling protocols: PPPoE, PPTP, L2TP, GRE, IP-in-IP including fragmented IP packet processing </li></ul><ul><li>Mail and news protocols: IMAP4, POP3, SMTP, NNTP </li></ul><ul><li>Hypertext and file transfer protocols: HTTP, WAP, FTP </li></ul><ul><li>Web-mail over HTTP: Gmail, Yahoo, Hotmail etc. </li></ul><ul><li>Authentication protocols RADIUS, TACACS+, DIAMETER </li></ul><ul><li>Remote control: Telnet, etc. </li></ul>Protocol Decoding
  11. 11. <ul><li>Instant messaging & IRC : MSN, Yahoo, AOL, ICQ </li></ul><ul><ul><li>Text chat </li></ul></ul><ul><ul><li>Files </li></ul></ul><ul><ul><li>Voice </li></ul></ul><ul><li>GSM/GPRS network protocols: GTP, MMS, WAP </li></ul><ul><li>And more….. </li></ul>Protocol Decoding
  12. 12. <ul><li>Signaling protocols: H.323, SIP, IAX2, MGCP, Skinny, H.248 </li></ul><ul><li>Codecs supported : G.711, G.729 and more… </li></ul><ul><li>Fax and video over IP </li></ul><ul><li>Audio & Video Conferences </li></ul>VoIP Protocol Decoding
  13. 13. <ul><li>Keeping Internet user statistics </li></ul><ul><li>Dump decoding of pcap files </li></ul><ul><li>Incoming traffic SPAM pre-filtering (optional for off-line analyzer model) </li></ul>Additional Functionality Features
  14. 14. <ul><li>IP address or net of IPs in combination with TCP/UDP ports; </li></ul><ul><li>Email address; </li></ul><ul><li>I M l ogin name (AOL, MSN, ICQ); </li></ul><ul><li>Dialup access number; </li></ul><ul><li>MSISDN number of a GSM/GPRS subscriber; </li></ul><ul><li>IMSI code of a GSM/GPRS; </li></ul><ul><li>U ser login name; </li></ul><ul><li>Access line identifier of an xDSL, Ethernet or leased line subscriber; </li></ul><ul><li>Calling or called telephone number of a VoIP service user, or access number of the ITSP rendering VoIP services ; </li></ul><ul><li>VoIP login name; </li></ul><ul><li>HTTP URL of a website to monitor access to the web pages; </li></ul><ul><li>Name of a file up- or downloaded under FTP or exchanged through peer-to-peer communication ; </li></ul><ul><li>Keyword, with the possibility of traffic pre-filtering by IP address or subnet for the ease of detection and web mail interception ; </li></ul><ul><li>Keyword/pattern in 7 Gb/s in a variety of encodings; </li></ul><ul><li>Keyword/pattern in complex objects (MS Office files, archives, PDF files), optional for off-line analyzer model. </li></ul>Target information Decoding
  15. 15. <ul><li>Visualization of intercepted data via Windows based   application </li></ul><ul><li>Access to the intercepted email through POP3/IMAP4 </li></ul><ul><li>Visualization of TCP/UDP sessions in the hexadecimal or text format </li></ul><ul><li>Investigation and analysis of the contacts of criminal suspects </li></ul><ul><li>Import/export facilities, including saving to removable media in portable format </li></ul>Data Management
  16. 16. <ul><li>Hierarchy of users, logging all users activity </li></ul><ul><li>Remote monitoring and administration </li></ul><ul><li>Prevention of unauthorized access and unauthorized access attempts logging </li></ul><ul><li>Logs of the system errors that might affect the investigation process </li></ul>System Administration
  17. 17. <ul><li>Traffic Probe – passive interception, decoding and objects reconstruction in real time </li></ul><ul><li>Load balancer – TCP/UDP flows balancer between several probes for high-speed networks </li></ul><ul><li>Monitoring Centre – intercepted object database, configuration storage </li></ul><ul><li>Offline analyzer – provides enhanced possibility of keyword search in complex data formats (MS Office, MS Access, PDF, archives) </li></ul><ul><li>Operator workstations – provide GUI to access to the system through connection to Monitoring Centre (absent on the picture) </li></ul>System Components
  18. 18. <ul><li>Passive listening connection to network of service provider </li></ul><ul><li>Secure communication links between system modules </li></ul><ul><li>Remote health control </li></ul><ul><li>Back-up and restoration procedures </li></ul>Connection Layout and Safety Measures:
  19. 19. <ul><li>Distributed architecture for complex networks </li></ul><ul><li>Probe, Monitoring Center, Off-Line Analyzer (if present) are deployed on standalone platforms . </li></ul><ul><li>« Multi-probe » </li></ul><ul><li>Probe is connected to several independent Monitoring Centers and provides independent service for each of them . </li></ul><ul><li>Standalone configuration </li></ul><ul><li>Probe and Monitoring Centre are deployed on a single platform . </li></ul><ul><li>Mobile configuration: </li></ul><ul><li>Probe + Monitoring Center + Workstation are on a single laptop platform. </li></ul>Configuration options
  20. 20. Distributed configuration
  21. 21. Standalone configuration
  22. 22. Mobile configuration
  23. 23. <ul><li>Data capture rate – 7 Gb/s on common equipment and more on scalable hardware ! </li></ul><ul><li>Keyword search filtering performance in 8 encodings – 7 Gb/s ! </li></ul><ul><li>Up to 48 traffic probes per control server ! </li></ul><ul><li>Up to 96 wiretapping points ! </li></ul><ul><li>Unlimited number of workstations per one control server ! </li></ul><ul><li>Keyword search in complex objects (MS Office files, PDF files, archives) ! </li></ul>KEY ADVANTAGES
  24. 24. <ul><li>Projecting </li></ul><ul><li>Installation </li></ul><ul><li>Training </li></ul><ul><li>Consulting </li></ul><ul><li>Customization </li></ul><ul><li>Support & Maintenance </li></ul>Services and support