e - detective ethernet lan interception system (with real-time content reconstruction) - 2010
DESCRIPTION
E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010. Decision Group www.edecision4u.com. Introduction to E-Detective. LAN Internet Monitoring, Data Retention, Data Leakage Protection & Network Forensics Analysis Solution Solution for: - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/1.jpg)
E-Detective Ethernet LAN Interception System (with Real-Time
Content Reconstruction) - 2010
Decision Groupwww.edecision4u.com
![Page 2: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/2.jpg)
Introduction to E-Detective
LAN Internet Monitoring, Data Retention, Data Leakage Protection & Network Forensics Analysis Solution
Solution for: Organization Internet Monitoring/Network Behavior Recording Auditing and Record Keeping for Banking and Finance Industry Forensics Analysis and Investigation, Legal and Lawful Interception (LI) Mediation Platform & Tactic Server for Telco Operator
Compliance Solution for:Sarbanes Oxley Act (SOX), HIPAA, GLBA, SEC etc...
FX-30NFX-06
FX-100 FX-120
E-Detective Standard System Models and Series (Appliance based) User can also opt to purchase software license only from us and use their own hardware/server.
![Page 3: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/3.jpg)
1010101010100110011110110111011100011011
EmailWebmailIM/ChatHTTP
File TransferTelnet
101010101010100101010
Using port-mirroring or SPAN port
E-Detective System Architecture
DisplayReports
CapturePackets Reassemble
& Decode
ReconstructBack to Actual
ContentStoreSave
Archive
E-Detective Architecture
![Page 4: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/4.jpg)
E-Detective – Mirror Mode Implementation
Organization or Corporate Network Deployment
![Page 5: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/5.jpg)
E-Detective – Bridge Mode Implementation
![Page 6: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/6.jpg)
E-Detective Lawful Interception Solutions
Telco/ISPLawful Interception
![Page 7: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/7.jpg)
Branch Office
Branch Office
Data Center of HQ
Firewall(Edge Router)
VPN(Edge Router)
VPN(Edge Router)
VPN(Edge Router)
E-Detective
E-Detective
N X E-DetectiveSystems for online real-time constructionon targeted users or IP’sin different departments or subnets
1G
10G
1G
1G
1G
1G
T1/E1
T1/E1
T1/E1
Central Management System (CMS)for aggregation and centralized management accessible by CISO
Bank IT Security Officers
Core Switch
NAS/SAN storage for longperiod data retention
……
Compliance with1. Basel II – risk
management2. Sarbine-Oxlay –
insider transaction prevention & anti-corruption
3. GLBC – customer information protection
Internet
Data & Network Protection in Company
![Page 8: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/8.jpg)
Customer Office
Data Center of ISP
VPN(Edge Router)
VPN(Edge Router)
Clients
Cloud Computing Model:ISP provides private VPN service, collocate services with e-Behavior and e-Total Control Management, and server farm & data storage service for customers.
T1/E1,FTTX,xDSL
Private VPNGateway
Server Farm & NAS/SAN storage for long period data retention
Collocate Services for ISPs
e-BMS or e-TCS
Private VPNScope
T1/E1,FTTX,xDSL
T1/E1,FTTX,xDSL
Internet
Firewall(Edge Router)
![Page 9: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/9.jpg)
E-Detective Sample Screenshots - Reports
Homepage – Top-Down Drill to Details Reporting
![Page 10: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/10.jpg)
IM/Chat(Yahoo,
MSN, ICQ,QQ, IRC,
Google TalkEtc.)
EmailWebmail
HTTP(Link, Content,Reconstruct,
UploadDownload)
File TransferFTP, P2P
OthersOnline Games
Telnet etc.
E-Detective Internet Protocols Supported
![Page 11: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/11.jpg)
Sample: Email (POP3, SMTP and IMAP)
![Page 12: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/12.jpg)
Sample: Webmail – Yahoo Mail, Gmail, Hotmail etc…
Webmail Type: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail and others
![Page 13: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/13.jpg)
Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
![Page 14: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/14.jpg)
Sample: File Transfer – FTP Upload/Download
![Page 15: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/15.jpg)
Sample: File Transfer – P2P File Sharing
Supports P2P such as Bittorent, eMule/eDonkey, Fasttrack, Gnutella
![Page 16: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/16.jpg)
Sample: HTTP (Web Link, Content and Reconstruction)
Whois function provides you the
actual URL Link IP Address
HTTP Web Page content can be reconstructed
![Page 17: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/17.jpg)
Sample: HTTP Upload/Download
![Page 18: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/18.jpg)
Sample: HTTP Video Streaming (FLV Format)
Video Stream (FLV format): Youtube, Google Video, Metacafe.
Playback of Video File
![Page 19: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/19.jpg)
Sample: Telnet Session (with Play Back)
![Page 20: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/20.jpg)
Sample: VoIP Calls (with Play Back)
Play back of reconstructed VoIP audio file using Media PlayerSupport RTP Codec such as G.711a-law, G,711µ-law, G.726, G.729, iLBC
![Page 21: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/21.jpg)
Sample: Unknown or Non-Reconstructable
![Page 22: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/22.jpg)
Admin: System Access Authority Assignment
Authority – Visibility and Operation in Group (with User defined)
Authority - Visibility
Authority - Operation
Authority Groups with
Users
![Page 23: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/23.jpg)
Export & Backup – Auto (by FTP) and Manual
Auto (with FTP) BackupManual Backup
Download ISO or Burn in to CD/DVD
Reserved Raw Data Files and Backup Reconstructed Data Comes
with Hashed Export Function
![Page 24: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/24.jpg)
Alert and Notification – Alert with Content
Alert configured from different service categories and
different parameters such as key word,
account, IP etc.
Alert can be sent to Administrator by Email
or SMS if SMS Gateway is available.
Throughput alert function also available!
![Page 25: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/25.jpg)
Search – Free Text, Condition, Association
Complete Search – Free Text Search, Conditional Search, Similar Search and Association Search
Conditional Search Free Text Search
Association Search
![Page 26: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/26.jpg)
File Checksum (Hash) – Check File Content Integrity
Shows the file lists and user can import files to check and compare with the files thathas been captured by the system.
Compare file content integrity. Abuser might have changed file name and send outthe file to competitor.
![Page 27: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/27.jpg)
Bookmark (for Review Next Time)
Bookmark items and allow the review of the items. Bookmark items can also be exported.
![Page 28: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/28.jpg)
Reporting – Network Service Usage - Daily
Drill Down Reporting Capabilities
![Page 29: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/29.jpg)
Reporting – Network Service Usage - Weekly
Drill Down Reporting Capabilities
![Page 30: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/30.jpg)
Reporting – Top Websites Viewed (Users)
![Page 31: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/31.jpg)
Reporting – Online IP – Account Lists
![Page 32: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/32.jpg)
Reporting – Daily Excel Log Report
Manually or AutomaticallyGenerate Daily Log ReportIn Excel File Format.
![Page 33: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/33.jpg)
High Availability
2 ways of high availability configuration based on customer requirement
Single and simple cluster configuration for small and mid-size network structure
Multiple and complex cluster configuration for large or ISP network structure with real-time performance
Site survey and customer requirement in advance
Company Logo
![Page 34: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/34.jpg)
High Availability Option 1Single and Simple Cluster Configuration
Company Logo
Data Reconstruction ServerCluster
(Connected to Network with Single IP)
Heartbeat Line
Dual-Loop Fiber Channel Connection
Fiber ChannelSwitches
SNA Storages
ActiveStand-by
Network Backbone
Under mid-size network struucture, E-Detective in cluster configuration can ensure High availability requirement
• No Single Point of Failure!• Redundancy Design in Server
(Mirror or Bridge Connection)
![Page 35: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/35.jpg)
High Availability Option 2Multiple and Complex Cluster Configuration
Company Logo
Network Loop 1
Network Loop 2
Network Sniffer Probe Group
Data Reconstruction ServerCluster (Connected to Network
with Single IP)
Heartbeat Line
Dual-Loop Fiber Channel Connection
Fiber ChannelSwitches
SNA Storages
Under large network structure, E-Detective can be implemented as sniffer probes and data reconstruction sever cluster to ensure real-time performance and high availability
Active
Stand-by
(Redundancy Design in Server)
(Mirror or Bridge Connection)
![Page 36: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/36.jpg)
References – Implementation Sites and Customers
Criminal Investigation Bureau The Bureau of Investigation Ministry of Justice National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defense in various countries Counter/Anti Terrorism Department National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Others
Notes: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed.
![Page 37: E - Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) - 2010](https://reader035.vdocuments.us/reader035/viewer/2022070411/56814842550346895db55925/html5/thumbnails/37.jpg)
E-Detective Online Demo https://60.251.127.208 (root/000000)
Decision Groupwww.edecision4u.com