TeleWall provides real-time in-band monitoring of call content, allowing dynamic monitoring of call type as well. Using a proprietary technique, the ETM continuously monitors the frequency and energy content of audio data on all voice circuits in real time, looking for discrete tones, such as STU-III, fax T.30 or 1,800 hertz. This detected sequencing of audio tones/flags and audio data classification allow the system to derive call type as either voice, fax, STU, modem, wideband (videoconferencing), undetermined (for very brief calls that disconnect before identification) or unanswered. The in-band monitoring will detect call-type change mid-stream.
The TeleWall identified every call by type (though, not being a secured federal facility, we were unable to test STU functionality), and all rules were followed as structured in the policies. For example, a "no voice calls on ext. x" rule terminated a connection in less than a second when we picked up the receiver during a fax transmission and attempted to converse, while a "log inbound voice calls from 212 area code" rule flagged NYC calls.
While voice and fax calls were quickly identified (in 0 to 2 seconds), the ETM had difficulty identifying modem "energy" (often in the 25 to 30 second range). The system essentially waited through the connection "interrogation/negotiation" phase, then identified the call type as "modem" and implemented any appropriate rules as soon as data began to pass (again, in less than 2 seconds). This delay in modem identification raised flags, but SecureLogix says the problem has been addressed in version 4.0 (see "Sneak Peek at ETM 4.0").
As with any firewall product, the site admin must clearly define and verify security policies, call groups, extensions and rules prior to implementation. Policy criteria can be based on direction, call source and/or destination number, call type, time parameters and duration. Available actions include allow/terminate, log call, and alert via e-mail or pager. The ETM can determine an inbound call's number via Caller ID, ANI (Automatic Number Identification) or CPN (Calling Party Number).
The ETM application interface, the TeleView Client, is fairly straightforward, providing a single interface for management of local and remote ETM installations across the enterprise. All security information and policies need to be keyed in at a central location; they can then be distributed to remote ETM platforms. A multi-window screen displays monitored equipment/span trees, providing access to all security, management and real-time visibility functions. Selecting a specific circuit brings up the policy list on the right of the display. Policies and rules can be applied across single or multiple spans. Rules are processed in sequence; when a call matches set criteria, the rule "fires," executing the specified action. Additional TeleView features are available for status reviews and diagnosing problems.