|
|
|
|
Dial 1-800 plug Holes
|
 |
|
November 1, 2002
By Joe Hernick, Dean Ellerton and Jim Wiggs
|
>> continued from previous page
Product Details
Our ETM hardware setup comprised three rack-mounted Dell Windows 2000 servers and two rack-mounted ETM hardware appliances (one for analog lines, one for PRI circuits), connected via a private 100-Mbps Ethernet switch. The ETM Applications Suite includes the TeleView Infrastructure Manager client, a user-friendly GUI for monitoring trunk circuits and call activity, controlling security policies and consolidating alerts; the TeleWall Telecom Firewall, a policy-based firewall application; and the TeleAudit Usage Manager call reporting app. An additional ETM component, the TeleSweep Secure Scanner, a war-dialer/vulnerability scanner, was not tested as a part of this review because we focused our efforts on TeleWall functionality.
A typical implementation includes a Linux-based ETM Communications Appliance connected to voice lines and the ETM Management Server providing base application functionality.
SecureLogix provides PC-based training modules to walk admins through the ETM Suite, explaining environmental definitions and clearly leading neophytes through the steps required to set up policies, rules and reporting options. Anyone with a solid understanding of telecom environments and information-protection methodologies should have a very easy time working through the training materials. The modules will even allow less knowledgeable folks to get up to speed on the app (and on security concepts) with four to 10 hours of effort.
|
|
The metaphor for the TeleWall component is a traditional IP firewall. The administrator organizes, configures and implements a set of rules/policies to govern what is and is not allowed to occur in the environment. Examples of policies include restriction by:
Call origin, such as local extension, area code range or international;
Call destination, such as long-distance, international or 900-number;
Call time, with admin-definable business hours or maintenance windows; and
Call type--voice, data, fax, STU or video.
TeleWall provides real-time in-band monitoring of call content, allowing dynamic monitoring of call type as well. Using a proprietary technique, the ETM continuously monitors the frequency and energy content of audio data on all voice circuits in real time, looking for discrete tones, such as STU-III, fax T.30 or 1,800 hertz. This detected sequencing of audio tones/flags and audio data classification allow the system to derive call type as either voice, fax, STU, modem, wideband (videoconferencing), undetermined (for very brief calls that disconnect before identification) or unanswered. The in-band monitoring will detect call-type change mid-stream.
The TeleWall identified every call by type (though, not being a secured federal facility, we were unable to test STU functionality), and all rules were followed as structured in the policies. For example, a "no voice calls on ext. x" rule terminated a connection in less than a second when we picked up the receiver during a fax transmission and attempted to converse, while a "log inbound voice calls from 212 area code" rule flagged NYC calls.
While voice and fax calls were quickly identified (in 0 to 2 seconds), the ETM had difficulty identifying modem "energy" (often in the 25 to 30 second range). The system essentially waited through the connection "interrogation/negotiation" phase, then identified the call type as "modem" and implemented any appropriate rules as soon as data began to pass (again, in less than 2 seconds). This delay in modem identification raised flags, but SecureLogix says the problem has been addressed in version 4.0 (see "Sneak Peek at ETM 4.0").
As with any firewall product, the site admin must clearly define and verify security policies, call groups, extensions and rules prior to implementation. Policy criteria can be based on direction, call source and/or destination number, call type, time parameters and duration. Available actions include allow/terminate, log call, and alert via e-mail or pager. The ETM can determine an inbound call's number via Caller ID, ANI (Automatic Number Identification) or CPN (Calling Party Number).
|
|
|
|
|
|
|
|
RSS
