Embed Size (px)
DESCRIPTION
E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010. Decision Group www.edecision4u.com. Introduction to E-Detective. LAN Internet Monitoring, Data Retention, Data Leakage Protection & Network Forensics Analysis Solution Solution for: - PowerPoint PPT Presentation
Citation preview
E-Detective Ethernet LAN Interception System (with Real-Time
Content Reconstruction) - 2010
Decision Groupwww.edecision4u.com
Introduction to E-Detective
LAN Internet Monitoring, Data Retention, Data Leakage Protection & Network Forensics Analysis Solution
Solution for: Organization Internet Monitoring/Network Behavior Recording Auditing and Record Keeping for Banking and Finance Industry Forensics Analysis and Investigation, Legal and Lawful Interception (LI) Mediation Platform & Tactic Server for Telco Operator
Compliance Solution for:Sarbanes Oxley Act (SOX), HIPAA, GLBA, SEC etc...
FX-30NFX-06
FX-100 FX-120
E-Detective Standard System Models and Series (Appliance based) User can also opt to purchase software license only from us and use their own hardware/server.
1010101010100110011110110111011100011011
EmailWebmailIM/ChatHTTP
File TransferTelnet
101010101010100101010
Using port-mirroring or SPAN port
E-Detective System Architecture
DisplayReports
CapturePackets Reassemble
& Decode
ReconstructBack to Actual
ContentStoreSave
Archive
E-Detective Architecture
E-Detective – Mirror Mode Implementation
Organization or Corporate Network Deployment
E-Detective – Bridge Mode Implementation
E-Detective Lawful Interception Solutions
Telco/ISPLawful Interception
Branch Office
Branch Office
Data Center of HQ
Firewall(Edge Router)
VPN(Edge Router)
VPN(Edge Router)
VPN(Edge Router)
E-Detective
E-Detective
N X E-DetectiveSystems for online real-time constructionon targeted users or IP’sin different departments or subnets
1G
10G
1G
1G
1G
1G
T1/E1
T1/E1
T1/E1
Central Management System (CMS)for aggregation and centralized management accessible by CISO
Bank IT Security Officers
Core Switch
NAS/SAN storage for longperiod data retention
……
Compliance with1. Basel II – risk
management2. Sarbine-Oxlay –
insider transaction prevention & anti-corruption
3. GLBC – customer information protection
Internet
Data & Network Protection in Company
Customer Office
Data Center of ISP
VPN(Edge Router)
VPN(Edge Router)
Clients
Cloud Computing Model:ISP provides private VPN service, collocate services with e-Behavior and e-Total Control Management, and server farm & data storage service for customers.
T1/E1,FTTX,xDSL
Private VPNGateway
Server Farm & NAS/SAN storage for long period data retention
Collocate Services for ISPs
e-BMS or e-TCS
Private VPNScope
T1/E1,FTTX,xDSL
T1/E1,FTTX,xDSL
Internet
Firewall(Edge Router)
E-Detective Sample Screenshots - Reports
Homepage – Top-Down Drill to Details Reporting
IM/Chat(Yahoo,
MSN, ICQ,QQ, IRC,
Google TalkEtc.)
EmailWebmail
HTTP(Link, Content,Reconstruct,
UploadDownload)
File TransferFTP, P2P
OthersOnline Games
Telnet etc.
E-Detective Internet Protocols Supported
Sample: Email (POP3, SMTP and IMAP)
Sample: Webmail – Yahoo Mail, Gmail, Hotmail etc…
Webmail Type: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail and others
Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
Sample: File Transfer – FTP Upload/Download
Sample: File Transfer – P2P File Sharing
Supports P2P such as Bittorent, eMule/eDonkey, Fasttrack, Gnutella
Sample: HTTP (Web Link, Content and Reconstruction)
Whois function provides you the
actual URL Link IP Address
HTTP Web Page content can be reconstructed
Sample: HTTP Upload/Download
Sample: HTTP Video Streaming (FLV Format)
Video Stream (FLV format): Youtube, Google Video, Metacafe.
Playback of Video File
Sample: Telnet Session (with Play Back)
Sample: VoIP Calls (with Play Back)
Play back of reconstructed VoIP audio file using Media PlayerSupport RTP Codec such as G.711a-law, G,711µ-law, G.726, G.729, iLBC
Sample: Unknown or Non-Reconstructable
Admin: System Access Authority Assignment
Authority – Visibility and Operation in Group (with User defined)
Authority - Visibility
Authority - Operation
Authority Groups with
Users
Export & Backup – Auto (by FTP) and Manual
Auto (with FTP) BackupManual Backup
Download ISO or Burn in to CD/DVD
Reserved Raw Data Files and Backup Reconstructed Data Comes
with Hashed Export Function
Alert and Notification – Alert with Content
Alert configured from different service categories and
different parameters such as key word,
account, IP etc.
Alert can be sent to Administrator by Email
or SMS if SMS Gateway is available.
Throughput alert function also available!
Search – Free Text, Condition, Association
Complete Search – Free Text Search, Conditional Search, Similar Search and Association Search
Conditional Search Free Text Search
Association Search
File Checksum (Hash) – Check File Content Integrity
Shows the file lists and user can import files to check and compare with the files thathas been captured by the system.
Compare file content integrity. Abuser might have changed file name and send outthe file to competitor.
Bookmark (for Review Next Time)
Bookmark items and allow the review of the items. Bookmark items can also be exported.
Reporting – Network Service Usage - Daily
Drill Down Reporting Capabilities
Reporting – Network Service Usage - Weekly
Drill Down Reporting Capabilities
Reporting – Top Websites Viewed (Users)
Reporting – Online IP – Account Lists
Reporting – Daily Excel Log Report
Manually or AutomaticallyGenerate Daily Log ReportIn Excel File Format.
High Availability
2 ways of high availability configuration based on customer requirement
Single and simple cluster configuration for small and mid-size network structure
Multiple and complex cluster configuration for large or ISP network structure with real-time performance
Site survey and customer requirement in advance
Company Logo
High Availability Option 1Single and Simple Cluster Configuration
Company Logo
Data Reconstruction ServerCluster
(Connected to Network with Single IP)
Heartbeat Line
Dual-Loop Fiber Channel Connection
Fiber ChannelSwitches
SNA Storages
ActiveStand-by
Network Backbone
Under mid-size network struucture, E-Detective in cluster configuration can ensure High availability requirement
• No Single Point of Failure!• Redundancy Design in Server
(Mirror or Bridge Connection)
High Availability Option 2Multiple and Complex Cluster Configuration
Company Logo
Network Loop 1
Network Loop 2
Network Sniffer Probe Group
Data Reconstruction ServerCluster (Connected to Network
with Single IP)
Heartbeat Line
Dual-Loop Fiber Channel Connection
Fiber ChannelSwitches
SNA Storages
Under large network structure, E-Detective can be implemented as sniffer probes and data reconstruction sever cluster to ensure real-time performance and high availability
Active
Stand-by
(Redundancy Design in Server)
(Mirror or Bridge Connection)
References – Implementation Sites and Customers
Criminal Investigation Bureau The Bureau of Investigation Ministry of Justice National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defense in various countries Counter/Anti Terrorism Department National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Others
Notes: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed.
E-Detective Online Demo https://60.251.127.208 (root/000000)
Decision Groupwww.edecision4u.com
