- 1 -
New, Internet-Based Applications Bring Change andChallenge to Lawul Interception
Customarily seen as disparate areas, network perormancemanagement and lawul interception (LI) have recently begunto converge. In concept this should be no surprise, as the twodisciplines share a common oundation: LI involves examiningnetwork trac to identiy and collect specic content, whilenetwork perormance management examines network tracto identiy specic perormance parameters. However, despite acommon approach, this convergence is relatively recent, as bothdisciplines have begun to draw upon one another or mutualbenet.For clarity and denition, the ollowing is a brie, high-leveloverview o both lawul interception and network perormancemonitoring.Lawul interception has long been regulated by the strictconventions o governments and law enorcement agencies. LI’snon-commercial nature has caused it to evolve largely behindclosed doors, addressing the specic needs o law enorcementin carrier and service provider environments. Historically, LI hasinvolved identiying and inspecting voice trac, i.e., ‘phone-tapping.’ While voice remains a vital component o LI, thechallenges driven by the rise o data now require a new approach.Almost all Internet communication today uses TCP/IP asthe underlying protocol. Recent diversication o Internetcommunication techniques now pose unique challenges to LI.Numerous and varied methods or transerring messages overthe Internet have arisen. Email and instant messaging, alongwith the near-innite array o inormation-sharing and transermechanisms—peer-to-peer networks, web-based le repositories,Voice over IP (VoIP) telephony—and exploding numbers o socialmedia sites such as Facebook and Twitter, all provide an immenseeld or inormation-sharing and communication. The adaptation o LI to this new world o Internet-basedapplications is dicult. Many new Internet-based communicationmethods are no longer point-to-point, meaning that LI cannotsimply examine a known stream o data to identiy and collecttrac. Further, much data is cross-jurisdictional—extending acrossinternational borders—which makes identication o targetsdicult at best. Lastly, applications that transer inormation areoten encapsulated within other protocols in order to conceal theirappearance and bypass traditional lawul interception techniques.
A Snapshot o Network Perormance Management
For its part, network perormance management has historicallyocused on identiying such perormance metrics as throughput,volume and loss o data packets traversing the network. Network equipment vendors supplied detailed statistics in their network elements to allow third-party network monitoring tools to collectand analyze perormance data. This was, and to some extent stillis largely done using dedicated management protocols such asthe Simple Network Management Protocol (SNMP), RMON andNetFlow.O course, the network equipment vendor’s primary concern isto ensure that equipment is operating and perorming optimally.Similarly, carriers and service providers deploy network monitoringto ensure that network bearers and servers are perorming atlevel that avoid service degradation to end users. Accordingly, themajority o network perormance-monitoring tools were designedto assess perormance o network elements and carrier linksregardless o trac type carried over the network. Thus, network perormance monitoring tools typically providedinormation about how much and how ast in regards to trac,as opposed to who or what actually generated the trac—whichwould have interested LI. This disparate ocus distinguishedtraditional network perormance monitoring rom LI, with little orno overlap o techniques.
The Changing Face o Network Perormance Monitoring
Change in application deployment, particularly in the enterprisespace, is now exerting pressure to extend that traditional network monitoring ocus o ‘how much’ and ‘how ast’ to include ‘who’ and‘what’. This trend is driven by the act that most enterprises dependheavily on network inrastructure or delivery o basic business
Application Performance Managementand Lawful Interception
A New Approach Unies Two Disciplines to Drive Mutual Perormance, Efciency and Results