Meeting government surveillance
requirements without performance
There’s been a wealth of attention regarding the National Security Agency’s (NSA) collection of Americans’ phone and data records. NSA programs such as PRISM and BLARNEY exist to collect metadata—IP packets, device signatures, call logs and other information from emails, file transfers, videos, pictures and login information. It’s part of Big Data; a term used to describe the collection and analysis of vast amounts of information collected from mobile devices, Web browsers or sensor networks. NSA analysts use powerful computers to capture, store, search, share, transfer and analyze exabytes of data in order to detect trends and trace digital footprints.
The Communications Assistance for Law Enforcement Act (CALEA) and the Foreign Intelligence Surveillance Act (FISA) aid law enforcement in efforts to conduct criminal investigations that require network wiretaps. These Acts oblige telecommunications companies to enable law enforcement to monitor phone or data communications carried out over its networks. In order to collect all this data, governments require that service providers and network equipment manufacturers design their networks and equipment to ensure built-in surveillance capabilities, and records of activities are available for federal agencies to monitor and analyze.
Granting Lawful Intercept
Governmental requirements for monitoring data traffic as it crosses carrier networks are what make surveillance compliance and Lawful Intercept (LI) a crucial issue for service providers. As concern over everything from terrorism to electronic fraud grows, the ability to catch traffic and isolate it for in-depth analysis has taken on greater importance. With authorities requiring the capability to focus on individual subscriber flows—to monitor where data traffic is coming, where it’s headed and what it contains—carriers have no choice but to implement technology that allows this kind of inspection, but they need to do so without impacting the performance or integrity of customer traffic.
For telecommunications companies, complying with regulations can be expensive and burdensome. Without the proper tools, service providers will see an increase in OPEX and an impact on performance. To minimize the impact on network performance, service providers need to deploy routers that feature highly granular packet filtering for selecting only those flows under surveillance, port mirroring for replicating that traffic, and forwarding capabilities for sending it to specialized mediation platforms for analysis. They also need tools like service cards for network address translation (NAT), firewalls and encryption.
The need for network address translation has become increasingly critical due to the growing number of devices connecting to the Internet that have to be monitored. The migration from IPv4 to IPv6 addresses to accommodate this growth has introduced hurdles, and compounds the expense and burden of regulatory compliance. Carrier Grade Network Address Translation (CGNAT) is a first step in the transition to IPv6. However, because it allows the sharing of IP addresses, it makes monitoring and tracking user logins more complex because service providers need to trace each NAT session to a specific subscriber. Keeping track of and storing millions of connection logs is expensive, time consuming and difficult because there are two syslog messages (start, stop) for every session. In large networks the number of sessions per second can be in the hundreds of thousands.
Port Block Allocation (PBA) is one of the newest tools to help manage that volume of data and reduce costs. PBA decreases log generation, processing and storage requirements. Also, because subscriber traffic comes in bursts, preallocating blocks of ports improves performance because it can match traffic patterns. And the size of the port block determines the tradeoff between your keenness to maintain granular visibility and security vs. the amount of storage and cost of the overall solution. PBA reduces the financial burden placed on service providers imposed by regulatory logging and log retention requirements. And in countries that don’t have legislation that explicitly require each session to be logged, it’s particularly applicable.
Comprehensive Lawful Intercept capabilities and log retention requirements have become a crucial concern as law enforcement seeks to expand the monitoring and examination of data traffic on service provider networks. As countries enact laws and develop data surveillance programs, carriers must be able to demonstrate that their equipment incorporates the necessary functions to prove compliance—while protecting customer security, minimizing costs and preventing performance loss.