Name: LIMA Introduction

Text: Network
Forensics

LIMA Introduction

new needs need new solutions

1

Group 2000
Founded in 1978
Independent, privately owned company
Stable financial position
70 employees
Headquarters in the Netherlands
Offices in the Netherlands, Norway, Switzerland and USA
In-house development and 24x7 Customer Care
ISO certified & full ETSI member

Dec-11

LIMA introduction

2

Group 2000 product lines
ICTS product line
• System integration at Telecom Operators
• Ample experience with major European operators
• Flexible and cost effective, yet telco-grade

Network Forensics product line
• Lawful Interception, Data Retention, DPI
• Experience > 20 years

LIMA
• Group 2000 platform suite for Network Forensics
• Deployed in > 20 countries at Telco’s and ISP’s

Dec-11

LIMA introduction

3

LIMA environment
LIMA functionality

Dec-11

LIMA introduction

4

LIMA configurations
Voice over IP


AcmePacket Net-Net




Cisco PGW 2200
Cisco BTS 10200



SipWise OpenSER



Italtel iMSS



Nortel CS2000



Siemens HiQ 8000

Dec-11

LIMA introduction

5

5

LIMA configurations
GSM, GPRS, UMTS




MSOFT X3000
UMG 8900




Nokia OLCM
Nokia LIG



LI-IMS



LIMA GTP monitor

Dec-11

LIMA introduction

6

6

LIMA configurations
IP/SII – DHCP, Radius

Email

Dec-11

LIMA introduction

7

7

LIMA configurations
PSTN




Ericsson AXE
Ericsson LI-IMS



Nortel DMS 100



SS7 monitor

IMS
P-CSCF, I-CSCF, S-CSCF
HSS, ATS, PES, AS
AGCF, SBC

Dec-11

LIMA introduction

8

8

LIMA Handover specifications
GSM

ETSI TS 201 671 v2.5.1

3G

ETSI TS 201 671 v2.5.1 – Annex B
TIIT v1.1.0
ETSI TS 102 232
3GPP TS 33.108

GTP monitoring

ETSI TS 102 232 v1.3.1
IRI records according to ETSI TS 201 671 v2.5.1

Circuit Switched

ETSI TS 201 671 v2.5.1
ETSI ES 201 671 v3.2.1

IP
VoIP
Multimedia

ETSI TS 102 232 v1.3.1
ETSI TS 102 233 v1.2.1
ETSI TS 102 234 v1.4.1
ETSI TS 102 232-1 v2.2.1
ETSI TS 102 232-3 v2.1.1
ETSI TS 102 232-4 v2.1.1
ETSI TS 102 232-5 v2.1.1
ETSI TS 102 232-6 v2.1.1
TIIT v1.1.0

Email

ETSI TS 102 233 v1.2.1
ETSI TS 102 232-2 v2.1.1
TIIT v1.1.0

Dec-11

LIMA introduction

9

LIMA Platforms
LIMA Management System


Unified LI Management for all types of traffic and networks



Interfaces to network equipment to enable end-to-end interception



Operator friendly interface; no network knowledge required for LI user



Distributed setup; can be deployed across networks or countries

LIMA Mediation


Converts intercepted traffic into handover standards
(e.g. ETSI)



Correlates intercepted events and data

Dec-11

LIMA introduction

10

LIMA Data Retention
Retention Store


Third party technology for storage



COTS hardware



At least 20% compression rate



Ingestion rates of 100+ million records/day

Integrated solution


Module in LIMA MSv3



ETSI HI-interface optional

Dec-11

LIMA introduction

11

LIMA MS v3
Web-based system for end-to-end control
Warrant Administration
Network Element management
Automatic distribution
Integrity checking
Extensive logging
- IDR
- Events
- Alarms
- Auditing

Dec-11

LIMA introduction

12

LIMA MS v3
One solution manages all networks
Simultaneous support for different types of interceptions
Easy to use interface
Clear status overview
Problem analysis by
drilling down into
details
Multi-lingual user interface

Dec-11

LIMA introduction

13

LIMA MS v3 integrity monitor
Interception integrity!
Monitor interceptions on network elements during their entire life time
On scheduled intervals interceptions are
checked against the LIMA MS database
Automatic repair of inconsistent interception measures

(sample screen)

Dec-11

LIMA introduction

14

LIMA MS v3
User Management based on Sun Open-SSO
Definition of users and user groups
Secure environment
Fine-grain control on access to data and functions for user groups

Security groups
Access to warrants can be shielded off between user groups
Possible to securely handle different sets of warrants in single system

Dec-11

LIMA introduction

15

Security and Auditing
Comprehensive audit logging
All actions of users and systems are recorded
Access to audit logging based on user rights
Direct and filtered access from GUI modules
• Interceptions
• Network elements

Dec-11

LIMA introduction

16

LIMA MS Distribution Layer
Intelligent Interception distribution
Provisioning of network elements, in the right order, with the right
information, on the right time.






All switches (e.g. GSM network)
Only specific network elements (e.g. Fixed network)
Handling of interception identifiers (e.g. generated by NE)
Based on events (e.g. SIP call, DHCP lease)
Adhere to Warrant Start and Warrant End Dates

Handles fault scenarios such as failing network elements or network
connections
Intelligent repair of failing interceptions
Supports dynamic provisioning for dynamic network identities such as IP
addresses based on DHCP, Radius or SIP information

Dec-11

LIMA introduction

17

LIMA MS Provisioning Modules
LIMA MS - Provisioning modules
Provisioning modules
Interfacing LIMA Management System with 3rd party equipment.









Softswitches
SGSN/GGSN
CMTS ’s
Mail Servers
SBC’s
Edge Routers
Class 5 switches
....

(Huawei, Siemens, Nortel, Cisco, Ericsson, Italtel, ...)
(Nokia, Huawei, Starent, Ericsson, ...)
(Cisco, Arris, Casa, ...)
(OpenWave, Synacor, ....)
(AcmePacket, ...)
(Cisco, Juniper, ...)
(Nortel, Ericsson, ...)

Allow LIMA MS to interface with any network element

Dec-11

LIMA introduction

18

LIMA MS options
Optional modules for extension of functionality
Reporting and Statistics
Reports about number and types of interception

Provisioning interface
Allows LIMA MS to be controlled by external system (e.g. LEMF)

Electronic HI-1 interface
Digital interfaces for warrant handling (not applicable to all countries)

Billing
Automatic generation of invoices

Customer specific configuration
Configuration of fields for specific value or lengths

Dec-11

LIMA introduction

19

LIMA MS Cross country Deployment

Dec-11

LIMA introduction

20

LIMA MS – Unifying multiple networks

Dec-11

LIMA introduction

21

Distributed setup – government controlled

Dec-11

LIMA introduction

22

Network
Forensics

LIMA Introduction

new needs need new solutions

23

Document Path: ["1375-group-2000-presentation-lima-introduction.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh