m a nagi ng v irtual ide nt itie s a c ros s ip netw orks · 2015. 8. 21. · ena b lin g t ru e...
TRANSCRIPT
![Page 1: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/1.jpg)
Enabling True Network Intelligence Everywhere
Managing Virtual Identities Across IP Networks
Jean-Philippe LionVice President, EMEA Sales
ISS Prague, June 2009
![Page 2: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/2.jpg)
How do you accurately identify targets across multiple applications, multiple physical locations, multiple terminals and multiple identities?
Page 2
A New Complex Situation Creates a Number of Challenges !o $orrec!ly I+en!ify Targe!s…
Base StationSystem (BSS)
Serving GPRSSupport Node(SGSN)
Home LocationRegister (HLR)
Gateway GPRSSupport Node
(GGSN)
IP-basedGPRS / UMTS
Network
AlternatePublic Land
MobileNetwork
BRAS
AuthorizationAuthentication& Accounting(AAA) Server
DSLAM
DSLAM
IP-basedDSL, FTTH
Network
Internet
GmailServer
SalesforceServer
YouTubeServer
LiveMailServer
3G Access Network DSL Access Network
![Page 3: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/3.jpg)
1. Identifying Virtual IDs: The Principles
2. Identifying Virtual IDs: The Challenges
3. Summary
Page 3
Contents
![Page 4: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/4.jpg)
Page 4
How do you Identify Targets Across Multiple (Virtual) e-Identities and Multiple Network Access IDs?
Person
Network access ID
E-Identity
RADIUS / DIAMETER
IMSIIP Address IP Address IP Address
IMSI
IMSI
IMSI
![Page 5: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/5.jpg)
Page 5
Step 1: Track Usage of All or Suspected Virtual IDs
Person
Network access ID
E-Identity
RADIUS / DIAMETER
IMSIIP Address IP Address IP Address
IMSI
IMSI
1
IMSI
![Page 6: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/6.jpg)
Page 6
Step 2: Link Virtual IDs to Network Access IDs
Person
Network access ID
E-Identity
RADIUS / DIAMETER
IMSIIP Address IP Address IP Address
IMSI
IMSI
IMSI
2
![Page 7: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/7.jpg)
Page 7
Step 3: Intercept all Traffic from Virtual IDs and Link to Physical Person
Person
Network access ID
E-Identity
RADIUS / DIAMETER
IMSIIP Address IP Address IP Address
IMSI
IMSI
IMSI
3
![Page 8: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/8.jpg)
Page 8
Step 4: Extract Contact List to Understand Links Between People
Person
Network access ID
E-Identity
RADIUS / DIAMETER
IMSIIP Address IP Address IP Address
IMSI
IMSI
IMSI
4
![Page 9: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/9.jpg)
1. Identifying Virtual IDs: The Principles
2. Identifying Virtual IDs: The Challenges
3. Summary
Page 9
Contents
![Page 10: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/10.jpg)
Challenge #1: Identify Targets Using the Steps Previously Described
New challenges for LEAsPeople are no longer linked to physical subscriber linesThe same person can communicate in several ways: VoIP, IM, Webmail, etc.How to launch interception across all communication with a single trigger?
AnswerIdentify users and intercept all type of communication initiated by the same user when a trigger such as .user login1 is detectedIdentify Internet access point and physical device of targeted userLink trigger to IP address, MAC address, IMSI, IMEI, etc.Show all communication on the same screen, in real-time: Webmail, Instant Messaging, FTP, P2P, Financial Transactions
Page 10
1. Trigger = IM activity on monitored user login
2. Link user login to:- IP address- or IMSI
3. Intercept IM + Webmail + VoIP from a particular user on a certain PC or mobile to a specific person in real-time!
![Page 11: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/11.jpg)
Challenge #2: Need to Understand Different Applications Behind The Same Protocol
HTTP is not only used by Web browsing
HTTP is also used by: LiveMail, Gmail, YahooMail,GoogleEarth, GoogleMap,Salesforce, iGoogle, mashups,and hundreds of other applications...
A user typically has different IDs in different applications
AnswerUnderstand all the applications using a particular protocol (such as HTTP)
Deep and stateful analysis of IP packetsConnection context and session managementConnection expiration managementIP fragmentation managementSession inheritance management
Page 11
![Page 12: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/12.jpg)
Challenge #3: Ability to Recognize Regional Protocols
Targets may use regional services for Webmail, Instant Messaging, Social Networking, etc.
Used by large a number of people in local country and local language
Targets can also use services from outside their country of origin, in local language or other languages
AnswerExtend protocol expertise to local Webmail, Instant Messaging, Social Networking, etc.
Page 12
Poland
China
![Page 13: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/13.jpg)
Examples of Regional Protocols
APAC
QQ webmail + Chat263 webmail
SOQ (Sohu) IMPOPO, IMUC (Sina)Fetion NateOnIndia Times webmail
Rediff.comZAPAK
MixiTaobaonaver.comyouku
EMEA
Jubii Mail.ruO2 WebmailOrange WebmailPochta.ruRunboxGMX Mail
MxitMaktoobPaltalkGadu-Gadu
LunarstormPSYCvkontakte.ruCloobGrono.net
Americas
HushmailLavabitFuseMailLuxSciTrusty BoxWebmail.usATT webmail
MeeboVZOchatBeeNutXfire
fotologBeboSonicoMiGente
Page 13
![Page 14: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/14.jpg)
Challenge #4: Many Applications have Evolved from their Initial Use
Applications are used differently than their originally intended purpose
File transfer in Skype Instant Messaging in WOW Financial transactions in Second Life Use of .Dead Mailboxes1 within Webmail => shared storage space and folders (same login/password for different users)
AnswerUnderstand real application usage by correlating multiple sessions and packetsEnsure a full view of application / service / user, independently of protocol
Page 14
Skype file transfer
World Of Warcraft Instant Messaging
![Page 15: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/15.jpg)
Challenge #5: Recognizing Correct Identity Means Going BEYOND OSI Reference Model
Users can easily hide their identityNew, complex communication protocols do not follow OSI model
Examples: P2P, Instant Messaging, 2.5G/3G (GTP), DSL Unbundling, (L2TP), VPN (GRE), etc.
Protocols are frequently encapsulated
Example: multiple encapsulations in an operator DSL network (ATM / AAL5 / IP / UDP / L2TP / PPP / IP / TCP / HTTP)
AnswerExtract user identity information in real-time, independently of OSI model and dig into encapsulation within several complex IP layers
Page 15
Qosmos protocol graph
![Page 16: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/16.jpg)
Challenge #6: Not Possible to Rely on IANA Ports to Track Applications and Users
Applications can no longer be linked to specific ports
Port :0 < .The crime boulevard1Skype runs on port 80, port 443, or on random portsRTP does not use predefined portsSIP negotiates and defines the ports used for data communication (RTP)
AnswerInspect complete IP flows rather than .packet by packet1Track control connections: e.g. FTP data, SIP/RTP or P2P trafficEnsure a full view of application / service / user independently of protocol
Page 16
Skype Connection Preferences
![Page 17: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/17.jpg)
Challenge #7: Adapt Rapidly to New Protocols
Difficult to handle an increasing numbers of protocols with dedicated ASICs
Long development times (MONTHS)
Limited flexibility
AnswerUse a software-based approach, ensuring greater flexibility, easy updates and short development time (DAYS)
Shorten lead times to answer quickly to mounting threat patterns
Ensure high packet processing performance by using the latest standards-based, multi-core architecture
Make the software portable across different hardware platforms
Appliances, routers, IP DSLAMs, GGSNs, Set-Top-Boxes, PCs, etc.
Page 17
!
![Page 18: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/18.jpg)
1. Identifying Virtual IDs: The Principles
2. Identifying Virtual IDs: The Challenges
3. Summary
Page 18
Contents
![Page 19: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/19.jpg)
Qosmos and its integrator partners offer a complete interception solution including:
Flow classification Applicative classificationInformation extraction Selective recording Application transcoding (mail, etc.) Visualization
Page 19
Qosmos Legal Intercept Solutions
CDRs Database& Traffic recording
for replay transcoding
Packet Acquisition Application transcoding
Provisioning
CommunicationData / Signaling
Media Content
Provisioning
CommunicationData / Signaling
Media Content
LEA
![Page 20: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/20.jpg)
SPECIAL OFFER: Get your free evaluation of ixEngine at the Qosmos booth!Page 20
Summary: It Is Possible To Accurately Identify Targets!
Base StationSystem (BSS)
Serving GPRSSupport Node(SGSN)
Home LocationRegister (HLR)
Gateway GPRSSupport Node
(GGSN)
IP-basedGPRS / UMTS
Network BRAS
AuthorizationAuthentication& Accounting(AAA) Server
DSLAM
DSLAM
IP-basedDSL, FTTH
Network
Internet
GmailServer
SalesforceServer
YouTubeServer
LiveMailServer
3G Access Network DSL Access Network
AlternatePublic Land
MobileNetwork
![Page 21: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/21.jpg)
Qosmos, Q-Work, Qosmos ixMachine, Qosmos ixEngine are trademarks and registered trademarks in France and other countries. Copyright Qosmos 2008
![Page 22: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/22.jpg)
Network Intelligence: Making Sense out of Network Traffic
Page 22
Structured Network Intelligence
For use in PROTECTION, MONETIZING and OPTIMIZING
solutions
![Page 23: M a nagi ng V irtual Ide nt itie s A c ros s IP Netw orks · 2015. 8. 21. · Ena b lin g T ru e Net w o rk In te llig e n ce Ev e ry w h e re M a nagi ng V irtual Ide nt itie s A](https://reader035.vdocuments.us/reader035/viewer/2022071415/610f813389fe6b2a545cfdd8/html5/thumbnails/23.jpg)
Page 23
Qosmos Product Portfolio
ixMachineHardware appliances that extract extremely fine-grained information from the network to feed third-party systems
Information eXtraction Engine(Software Libraries)
Product Rangex86/32bits
x86/64bits
RMI XLR
Cavium Octeon
Freescale PowerQUICC
Product RangeixM 10 Series: CPE (~ 10s Mbps)
ixM 100 Series: Access (~ 100s Mbps)
ixM 1 000 Series: Edge (~ Gbps)
ixM 10 000 Series: Core (~ tens of Gbps)
ixMOS 10 / 100 / 1 000 / 10 000
ixEngineSoftware suite that enables developers to implement powerful Network Intelligence features in their products
ixEngine Protocol Plugin CreatorSpecially designed for the creation of new/custom protocol plugins
Information eXtraction Machines(Appliances)