Product Information Comlog Im

8/2/2019 Product Information Comlog Im

1/12


2/12

PAGE 2/12


3/12

PAGE 3/12

PRODUCT OVERVIEW

The ComLog interception and mediation equipment ( I.M.E.) supports hybrid (active & passive) interception and

mediation in TDM- and IP environments, presently used at most telecom operators and Internet service providers

The ComLog I.M.E. is based upon scalable high performance CPCI and/or PCI servers that can be equipped with a

variety of E-1 , Ethernet monitoring cards and specialized DSP-cards that enable Layer 7- packet analysis at full wire

line speed of up to 10 Gbps per server

ComLog I.M.E. is compliant with the latest ETSI and CALEA interception standards for IP- and TDM networks.

TARGET CUSTOMER GOUPS

Telecom operators (mobile and fixed) and internet service providers who have a legal obligation to provide

interception services for the national authorities.


4/12

PAGE 4/12

TARGET MANAGEMENT

The ComLog target management software offers centralized target management for various network elements e.g.

TDM-switches, Routers, Soft switches, CMTSs etc.

Functionality

One user interface for centralized target management (placing / prolonging and removing of a tap) for circuit andpacket switched targets in a multi-vendor infrastructure.

Test calls to Leas monitoring centers. Extensive log files. Billing module. Import of HI-1 electronic warrants. Fax server functionality for electronically attaching fax warrants. Automated fax confirmation to Leas after a tap has been activated. Automatic periodical synchronization of target database at all interception access points .

The ComLog tap management software is build up out of four applications.

These applications are client- server based, using secure encrypted connections.


5/12

PAGE 5/12

o TMS server applicationThe application is installed on a target management server and is responsible for the actual target

provisioning of the various interception access points (e.g. MSCs, IP-routers, CMTS, soft switches etc) and

mediation equipment. The TMS server application has no user interface and is installed as a service.

o TapAdmin client applicationTapAdmin is used for daily target management activities e.g. setting and deleting taps.

The application is user name and password protected and can run simultaneously on multiple workstations

o TMSAdmin client applicationTMS is used for the user- and case administration. For security reasons this application can only run on one

workstation with a fixed IP-address.

o Tap Billing client applicationTap billing is used for generating billing records that can be processed by external billing applications e.g.

SAP.

TARGET IDENTIFIERS (*)

o A-NUMBERo B-NUMBERo MS-ISDNo IMEIo IMSIo

SIP-fieldso contacto fo fromo mo p-asserted-identityo record-routeo remote-party-ido routeo sip_requesto to to

o IP address; single, range and subneto Port; single or rangeo Protocol; internet protocol numbero Email address; TO/FROM/CC/BCC in SMTP, POP3, IMAP4 messageso RADIUS; Calling station ID, username, NAS ID, NAS Porto DHCP:client MAC address, option-82 MAC addresso URL: Instant Messaging ID; Google, MSN, Yahoo!, AOL

(*) Depending on infrastructure and available interception access points


6/12

PAGE 6/12

CASE BASED TARGET ADMINISTRATION

The target administration of the ComLog system is case based, meaning that users are assigned to one or more cases,

while targets are assigned to a specific case. This setup enables to configure separate interception management user

groups, e.g. one user-group for normal LEA interceptions and one user-group for highly confidential national

intelligence interceptions. Both groups have no access to each other target-list.

SECURITY AND INTEGRITY

Server services are disabled on the ComLog servers. Thus no disk shares possible. All relevant administrator and user events are logged and encrypted. X-1/2/3 connectivity is encrypted (*) HI-1/2/3 connectivity is SSL-secured (**) Hashing is applied to ensure the integrity of the intercepted data Intercepted data is buffered in case delivery to the monitoring center(s) is not possible. ComLog LI.S complies with the Dutch N.I.I. specifications. These are mandatory security regulations applicable for

all L.I. interception equipment that is used in the Netherlands.

(*) This is applicable for ComLog I.M.E. and may also be applied for any other third party L.I. equipment that

supports encryption standards.

(**) Depending on the applicable L.I. hand-over protocol.


7/12

PAGE 7/12

REDUNDANCY

Thee ComLog Interception & Mediation equipment can be equipped with several levels of redundancy depending on the

requirements of

Hardware redundancyEach server is equipped with Raid- hard disk pack, redundant power supplies, temperature and fan monitoring.

Application redundancyAll vital ComLog applications are mirrored on at least two separate servers and monitor each other performance over

secure IP-channels. In case of failure of an application, the mirrored application will take over the functionality, thus

ensuring the availability of the application.

Site redundancyBy setting up two or more ComLog interception & mediation equipment at different physical location, site redundancycan be achieved. In the event of a site failure, the interception process will still continue without loss of functionality.


8/12

PAGE 8/12

SYSTEM MONITORING AND ALARM FUNCTIONS

As the proper working of a ComLog L.I.S depends on many (third party) hard- and software applications, vital

components are therefore monitored by the status console application (StatCon).

In case of malfunctioning of a component, the corresponding icon will recolor from green, yellow, gray to red (severest

alarm level). An Email or SMS-message, containing details about the error, will then be sent to a system engineer.

Detailed status information can also be viewed by clicking on the corresponding icon.

Optionally StatCon can be equipped with a SMTP-interface for integration with existing (SMTP-compatible) system

monitoring applications.

StatCon runs on any PC having (secure) IP-connectivity with the ComLog interception & mediation equipment.


9/12

PAGE 9/12

Furthermore the ComLog L.I.S has extensive logging capabilities for administrative and application events e.g.

Tracing of changes made in the target database (e.g. which user has set or deleted a target).

On-line status overview of incoming and outgoing intercepted TDM / IP traffic. Up time S-2 en S-1 applications Number of connected S-1s Number of taps defined in tap database Number of taps to be activated. Number of activated taps Number of closed taps Total number of packets , received from S-1s Number of packets sent to T1 or buffered before sending. Number of packets received by S-1 which could not be send to T-1

and/or buffered.

Errors in tap database. Tap errors (how many taps are in error status, info on S-1s and S-2 and/or S2 and T-1 Uptime, downtime, unavailable, failed T1s Uptime / downtime S1 and S2 application Bandwidth statistics connection between S-1 en T-

Per tap following error reports

No, incomplete, or incorrect T-1 connection information in the tap database for this tap. Tap could not set up connection with T-1 Tap has lost connection with T1 and could not be restored Per tap and per T1 tunnel , status: Connected, disconnected. All possible errors can be found in the log files with date and time stamp. Log file connection sessions between S-1 / S-2 and T-1 . Log file of changes in tap database


10/12

PAGE 10/12


11/12

PAGE 11/12

SUPPORTED INTERFACES & HAND-OVER PROTOCOLS (*)

HI-1/2/3 INTERFACES

ETSI ES 201 671 ETSI ES 101 671 ETS TS 102 232 ETSI 102 233 ETSI TS 102 234

ETSI-NL (Dutch variant on ETSI ES 201 671 specifications)

JTS ( Dutch inband signaling protocol) Calea J-STD-025 ( USA variant of ETSI ES 201 671 specifications) T.I.I.T. (Netherlands) (Dutch handover protocol for intercepted IP-traffic) DFD (Italy) Packet Cable 1.5 Specifications

X-1/2/3 INTERFACES

Active interception on TDM & Soft switches from Nortel, Alcatel, Nokia, Siemens, Marconi and Ericsson. Active interception on IP-switches ( SII) of e.g.

o Ciscoo Broad softo Junipero Extreme

Passive interception ono Ethernet (up 10 Gb )o ATMo STM- 1/16o DS1/3

(*) Please note that new interfaces can be developed at customers request.


12/12

PAGE 12/12

TECHNICAL SPECIFICATIONS & CAPACITY OVERVIEW

Circuit switched interception & mediation server

E-1 :Max 32 E-1 trunks per server Maximum Nr. of targets :100.000 L.I. protocol stacks :99 Nr of servers :Virtually no limits support for clustering :Yes Max buffering capacity : 4 TB Number of concurrent LEA-MC : 99

Packet switched interception & mediation

Layer 2/L7 filtering/decoding :Max. 10 Gbps per server Nr of targets :100.000 L.I. Protocol stacks :99 Nr of servers :Virtually no limits support for clustering. :Yes Max buffering capacity : 4 TB Number of concurrent LEA-MC : 99

Documents

Product Information Comlog Im