iSolv’s InterceptIP product is an Internet Protocol (IP) interception solution compliant to European Telecommunication Standards Institute (ETSI) and North American CALEA specifications for lawful interception (LI).


InterceptIP

Over the years, the threats to national and public safety have become increasingly sophisticated, more dangerous and much more difficult to deal with. Government agencies responsible for national security and public safety have, as a result, a heavier reliance on telecommunications interception and analysis.

With the rapid rate of change in technology and with the increased sophistication of communication techniques used by criminals and terrorists, many government agencies are finding it difficult to keep up. IP interception is a particularly challenging area that government agencies now face. Some of the factors that contribute to this challenge include: 

- many traditional telecommunication providers migrating from circuit-switched

           networks to next-generation networks (NGNs) that are packet switched (based on

   IP);

- the proliferation of Internet Service Providers (ISPs);

- the convergence of voice and data services over IP networks;

- the routing flexibility inherent in the IP protocol itself; and

- the migration of IP services to wireless bearers (3GPP, CDMA, WiMAX etc.)


                  

iSolv’s InterceptIP solution is a mobile interception solution for IP traffic that caters for both data (Web, Web mail, File transfer, chat, e-mail) and voice (VoIP) services.


Data Extraction

The data extraction methods supported by InterceptIP solution are:

- Passive extraction using probes and taps

- Internal Intercept Function (IIF) built into networking equipment


In the case of passive extraction, the network taps supplied with the InterceptIP probe enables full-duplex monitoring without data stream interference or introducing a single point of failure. The receive (RX) and transmit (TX) paths are provided on separate monitoring ports and are 100% passive i.e. they do not introduce any latency on the network being monitored.


InterceptIP is currently able to interface directly to Cisco network equipment over the Service Independent Intercept (SII) interface provided in Cisco LI-capable IOS versions. In this instance, the Data mediation function communicates to the network switching and routing elements without the need for data extraction devices.


Data Collection and Filtering


A minimum of 15,000 triggers are supported per probe which supports an ambient load of at least 2Gbps. Additional probes are added to a deployment to scale up the solution in order to meet growing interception demands on a network.


Data Mediation


Each data mediator supplied with InterceptIP is able to manage up to sixteen probes. The mediation supports multiple marking instances for targets as well as multiple delivery destinations (in the case of online mode of operation). The mediator interface to a management station is provided for the provisioning of triggers on managed probes. The built-in intelligence within the mediator automatically distributes and manages triggers on the probes under its control.


Management and Provisioning


InterceptIP

A graphical user interface (GUI) application is provided on a management station (laptop computer) to communicate with the data mediation unit. Further tools are provided for administering system settings, storage volumes and devices.


The management station is also equipped with a sound card and headset for local playback in the field i.e. hot-monitoring.


Data Storage (Off-line Mode)


For off-line mode operation, a local data storage unit of 320GB is provided with the InterceptIP mediator platform. The storage is by default configured in RAID 5 for resilience. Higher storage capacity configurations are available on customer request.


A built-in DVD writer is also supplied together with data export functions in PCAP format to store intercepted information to removable DVD media.


Alternatively, intercepts captured in this off-line mode, can be replayed over a network at a later stage to a LEA monitoring center through a docking application supplied with the solution.


InterceptIP

Data Forwarding (On-line Mode)


For on-line mode operation, a Gigbit Ethernet (GigE) interface is provided within the InterceptIP mediator to re-route intercepted traffic in real-time to a monitoring center. Mediation is performed in compliance with the ETSI or CALEA standards for both the on-line mode and docking applications.


The interface is configured with IPSEC security support utilizing 256-bit Advanced Encryption Standard (AES) encryption with X.509 digital certificate authentication.


Security


InterceptIP has several standard built-in information security measures including network firewall, anti-virus, disk encryption and IPSEC-compliant link encryption capability. These security measures are built into InterceptIP to ensure the integrity and confidentiality of your intercepted information at all times.


Optional security measures that can be provided with InterceptIP are network and host intrusion detection, biometric and smart card authentication.

InterceptIP


The passive taps utilized in the solution ensure that the data extraction interface can not be attacked, as the probe is not visible on the network.


Add-on Interface Modules (optional):

InterceptIP supports the following optional add-on interface modules for interception of IP traffic over trunked communication links (copper or fiber taps included):

- T1/E1 (HDLC, Frame Relay, PPP)

- T3/E3 (HDLC, Frame Relay, PPP)

- STM-1/OC-3 PoSONET (HDLC, Frame Relay, PPP) / ATM (AAL5)


Contact Us

For further information, please visit our website or contact us directly via telephone, fax or e-mail.


Key Features & Benefits:
Mobile form factor for easy transportation and field installation
Support for off-line, on-line and hot monitoring modes in a single platform
Cost-effective and modular solution offering
Flexible interface options covering passive (probe) and internal intercept function (IIF)
capabilities
Interoperability with other LI products compliant with the ETSI LI standards
Built-in data export functionality to facilitate off-line mode of operation when deployed
in the field; industry-standard PCAP format export is supported
Unified interface for viewing and managing intercepts within a converged
communication environment i.e. voice and data service interception
Built-in security features in terms of firewalls, anti-virus and encryption
Integrated text indexing and searching capability across many file formats (including
HTML, Word and PDF)
Integrated link analysis and social network analysis (SNA) capability with dynamic link
map visualization
Support for external storage and archive units for high capacity applications


Technical Specifications:
Supported Data Extraction methods:
Directly from network switches via up to eight SPAN ports
Up to eight Fast Ethernet (100Mb) copper taps
Up to two Gigabit Ethernet (1000Mb) copper taps or fiber taps (SX or LX)
Up to two ATM/POS fiber taps

Supported Trigger Types:
Fixed IP address
Dynamic IP address from DHCP and RADIUS information (user logon or calling station
ID)
VoIP SIP URI or H.323 address
Email address
DNS address
Chat name

Supported Create/Delete/Add/Modify functions:
Agencies
Alarms
Folders
Triggers
Users
Groups
Roles
Topics

Built-in Analysis capability:
Link analysis
Social network analysis
Content Indexing and searching

Mediator Standards compliance:
ETSI standard:
TS 102-232 Parts 1, 2, 3 and 5
ANSI standard:
CALEA J-STD-025-B

Probe Standards compliance:
IETF RFC3924 (Cisco SII) 
CISCO-TAP2-MIB