Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting.

Slides:

Advertisements

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper CALEA(LI)/Monitoring Solution Architectures Richard Holben.

Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.

Protocols and the TCP/IP Suite Chapter 4 (Stallings Book)

Protocols and the TCP/IP Suite

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Chapter 3 Review of Protocols And Packet Formats

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Chapter 4: Managing LAN Traffic

Internet Protocol (IP)

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Chapter 13 – Network Security

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Protocols and the TCP/IP Suite

TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 7 Internet Protocol (IP) Routing.

Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Chapter 7 Backbone Network. Announcements and Outline Announcements Outline Backbone Network Components  Switches, Routers, Gateways Backbone Network.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Internet Security and Firewall Design Chapter 32.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

CHAPTER 4 PROTOCOLS AND THE TCP/IP SUITE Acknowledgement: The Slides Were Provided By Cory Beard, William Stallings For Their Textbook “Wireless Communication.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Protocols and the TCP/IP Suite

A quick intro to networking

IT443 – Network Security Administration Instructor: Bo Sheng

Computer Networks with Internet Technology William Stallings

Network Fundamentals – Chapter 5

Hubs Hubs are essentially physical-layer repeaters:

Standards Basics.

Chapter 5: Inter-VLAN Routing

Introduction to Networking

Chapter 7 Backbone Network

Hubs Hubs are essentially physical-layer repeaters:

Protocols and the TCP/IP Suite

Internet Protocol (IP)

Implement Inter-VLAN Routing

Implement Inter-VLAN Routing

Introduction to Network Security

Implement Inter-VLAN Routing

Protocols and the TCP/IP Suite

Implement Inter-VLAN Routing

Network Architecture Models: Layered Communications

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting February 8, 2006

2 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net ETSI Reference Model Law Enforcement Agency Service Provider HI1: Warrant Related Information HI2: Intercept Related Information HI3: Content of communication LEA Monitoring System Intercept Related Mediation System Content Mediation System Administration system Access Network Juniper Experiences From the Field  In-band versus out-of-band approaches  Features used to support LI  Mediation device control interface

Out-of-band (Passive Monitoring)  Implement an out-of- band infrastructure with signal splitters  User proximity improves selectivity Dynamic address changes Asymmetric routing Multicast  Sometimes preferred for operational isolation 3 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Storage and Analysis Data handler (multiple) Signal Splitter

4 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net In-band (Active Monitoring)  Use existing network elements  Independent of network access technology Supports POTS, ISDN, xDSL, Cable, Wireless  Provides cost reduction, implementation speed Preferred for this reason where feasable Storage and Analysis User Data Replicated Data

5 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Selection  Useful for both in-band and out-of-band  Channelization Select among TDM’d, DLCI, ATM VC, or 802.1q VLANs  Mature packet filtering capability required for security and features Very high performance Highly flexible and proven IPv6 ready  Can be combined arbitrarily  Dynamic Flow Capture (DFC): Identify flows that match one or more dynamic filter criteria and forward to one or more destinations. Passive monitoring Filter criteria are dynamically added (not in configuration) Activate filter within 50ms of criterion add request IP TCP Ver IHL ToS Total Len ID Fragmentation TTL Proto Hdr Checksum Source Address Destination Address Source Port Dest Port Sequence Number Acknowledgement Number Offset Flags Window Checksum Urgent Pointer Select Selected Packets All packets on aggregated link Intercept with external splitter or in-band packet replication Sample Filterable fields

6 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Replicatoin  Useful for both in-band and out-of-band  Up to 16 copies of the same packet Each copy can be encapsulated and forwarded independently  No performance impact Ideally suited shared memory architecture One or more copies Selected Packets Replication

7 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Feature: Distribution  Useful for both in-band and out-of-band Enables reuse of data network for distribution  Multiple encapsulations supported GRE IPSec (3DES/AES) Layer 2 VPNs Selected packets and/or flow records Tunnel Packet tunneled to LEMF Packet New Header

8 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example 1 Signal Splitter Juniper Router To Law Enforcement Facilities Separate Distribution Network Service Network Decapsulate 1. Choose sub- interface Select Circuit Select Packets Replicate 2. Remove link layer header 3. Filter on src/dest address 4. Create 3 copies of the packets 5. Send each copy to diferent LEMF in GRE tunnel Distribute

9 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example 2 To Law Enforcement Monitoring Facilities Service Network Every M-series router can act as an IAP To Law Enforcement Monitoring Facilities DecapsulateSelectReplicate Summarize Distribute 1. Remove MPLS headers 2. Select based on IP address and port 3. Create extra copy of packet 4. Create flow records from one copy 5. Encrypt packets and flow records in IPSec 3DES tunnels and send to LEMF

10 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Mediation Device Control Interface  JUNOScript is already there  Layered Interface Design TCP/IP based SSL or plain text (for troubleshooting) Easy-to-use XML-based data format / RPC invocation readily adapts to new complex data structures  Mature standards-based solution Juniper supported for over 6 years See: prot-01.txt

11 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Included API  Object-oriented PERL  Easy library for retrieving data and manipulating results  Numerous examples my $res = $jnx->$query( %queryargs ); unless ( ref $res ) { die “FAIL CMD[$deviceinfo{hostname}] $query.\n";}

12 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Example Exchange M10iMediation Server 7.3I0 [sisyphus]. at-1/2/1 up ATM-PVC I0 [sisyphus]. at-1/2/1 up ATM-PVC 4482

13 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Summary  Router based lawful intercept provides numerous advantages over dedicated hardware Higher flexibility Less time to implement and manage Lower costs  Juniper E, M, and T series routers provide a set of functional building blocks to support any LI application  JUNOScript is well suited for a mediation interface

Ben Eater