1G and 10G Safe Harbor Probe
For Broadband, LTE, UMTS and VoIP Networks
The Safe Harbor Probe is an easy-to-install, self-contained system that provides interception, administration, and VPN security independent of specific equipment used in the network. As a passive “out-of-line” solution the probe can be connected to the network with network taps or span/mirror ports. Upon receipt of a court order, intercepts are configured or provisioned in the probe through a secure VPN. The probe then examines network traffic, and provides advanced capabilities to intercept a wide variety of protocols including DHCP, RADIUS, GTP, SIP and RTP. The probe can also discover and track dynamic IP assignments.
Features and Benefits of the Safe Harbor Probe
- Provides CALEA compliance for Internet access providers, VoIP providers, LTE operators
- Supports ATIS and 3GPP CALEA standards
- Full IPv6 support
- 1G version – two to eight 1G “listening” inputs
- 10G version – up to 12 1G or six 10G “listening” inputs
- Integrated provisioning requires no separate mediation or administrative system
- Integrated VPN reduces installation complexity
- Email alerts and notifications
- Buffering options selectable for each intercept
- Manages lawful intercept in physical, virtual or cloud networking environments
How the Safe Harbor Probe Works
Data Intercepts: The Safe Harbor Probe performs data intercepts on broadband, LTE, and UMTS networks. A wide range of identifiers can be provisioned for a target, including:
- IPv4 static address or subnet
- IPv6 static address, prefix, interface identifier, or MAC-to-EIU-64 identifier
- DHCP identifiers (MAC address, client identifier, client name, option 82)
- RADIUS identifiers (user name, calling station ID, NAS port)
- PPPoE IPCP MAC address
- MSISDN, IMSI, IMEI
- S-VLAN and C-VLAN tags
Case-by-case, the intercept can be specified as a pen register intercept or full content intercept, with optional location reporting. For LTE, the probe is connected to the S5 interface, or the S11 and SGi interfaces. Also, because courts often require “service separation,” meaning that VoLTE/VoIP cannot be included in a data intercept, the Probe has optional filtering functions to remove VoIP signaling and content from a data intercept.
VoIP Intercepts: Without reliance on any other network equipment, the Safe Harbor Probe also provides complete SIP/RTP VoIP intercepts, including over-the-top VoIP and VoLTE. The identifiers that can be provisioned for a VoIP or VoLTE intercept include:
- Phone numbers, including partial or wild-carded phone numbers
- MSISDN, IMSI, IMEI
As it listens to SIP traffic, the probe looks for the provisioned identifiers in a number of possible places, such as To/From/Contact/P-Asserted-Identity headers. Options, which are typically specified in the court order, include DTMF (dialed digits) reporting and location reporting. Options exist to ask the probe to detect and remove duplicate calls.
Industry Standard Setter
The Safe Harbor Probe supports an array of features that take lawful intercept to the next level of reliability and control. The solution comes with built-in buffering to prevent data loss, a critical requirement for guaranteeing the integrity of evidence. Advanced filtering capabilities optimize throughput and reduce costs by giving law enforcement the ability to eliminate content and signaling from extraneous sources such as YouTube or Netflix.
The Safe Harbor Probe also raises the bar on security, using the highest levels of protection for system interfaces and deploying a proven firewall that limits access to pre-approved IP addresses. A specific client certificate is required to access the SSL-based provisioning interface. The delivery interface is protected with VPN capability, and information within the probe such as buffer files and the Probe’s database is encrypted.
As the networking world evolves to virtual and cloud technologies, the Safe Harbor Probe will play an important role in helping service providers meet their CALEA compliance obligations reliably and cost-effectively. The probe is already the proven engine for CALEA solutions that reach the cloud or meet the unique requirements of a virtual environment.