The EVETM Lawful Interception Solution
The EVE solution consists of a number of building blocks, each designed with a special network function in mind. Most of the EVE components can be used to passively intercept the production network. This offers a higher security level (no need for engineers to be involved with lawful interception) and a lower impact on the production network (no need for special software images or high cpu loads on your network components).
The modular design of the EVE solution makes it extremely scalable and thus suitable for the largest ISP environments. The Role-Based Authorization module even allows a single EVE solution to be used by multiple (virtual) ISPs. The modular design makes it possible to place multiple Interception Functions within a network. These IFs can be utilized to cover specific areas of the network and/or for specific functions (e.g. SMTP, Cisco SII capable devices, or 10gbit Ethernet interception). Depending on the load, one or multiple Delivery Functions can be deployed to collect the intercepted traffic from the IFs. A single Management Function can be deployed to administer all IF and DF modules.
The following table lists the currently available EVE components:
| Component | Description |
|---|---|
| EVE-MGMT | EVE-MGMT handles the management function of the LI system. It provides the user-interface for warrant entry and system configuration |
| EVE-DF | EVE-DF collects traffic from the Interception Function(s) and hands the traffic over to the Law Enforcement Monitoring Facility. |
| EVE-IP | EVE-IP handles the interception of a full-duplex ethernet links. It processes RADIUS and/or DHCP traffic to identify the target and encapsulates the intercepted traffic in any available handover format. |
| EVE-PF | EVE-PF handles the interception of up to multiple 10gbit links, in combination with an Extreme Networks SummitTM or Cisco Catalyst layer 3 switch. The layer3 switch is dynamically provisioned with filter rules by EVE-PF, based on the target's current IP address as found in the RADIUS or DHCP traffic stream. |
| EVE-SIP | EVE-SIP acts as a probe for the interception of the Session Initiation Protocol (SIP) on the voice network. Using a passive copper/fibertap or a mirror port, a copy of the SIP stream is sent to EVE-SIP. EVE-SIP maintains a list of active targets, and dynamically decides if a certain call has to be intercepted. |
| EVE-SMTP | EVE-SMTP intercepts e-mail messages from an ethernet traffic flow. It can also act as a standalone SMTP server so an ISP can "bounce" e-mail messages to EVE-SMTP. EVE-SMTP performs re-assembly of the original TCP stream before inspecting the message for the RCPT TO: |
| EVE-CMED | EVE-CMED mediates between the Cisco PacketCable formats and any available handover format. It provisions Cisco equipment over SNMPv3 using Cisco's SII provisioning method. EVE-CMED implements both Cisco SII version 1, version 2 and Packetcable SII. |
| RBA | The Role Based Authorization (RBA) add-on provides a separation layer between multiple user groups on the EVE-MGMT. It provides securely segregated access to multiple administrators for managing the system settings of the IFs that they are responsible for. |