PRODUCT INFORMATION

COMLOG
INTERCEPTION & MEDIATION EQUIPMENT

PAGE 1/12

PAGE 2/12

PRODUCT OVERVIEW

The ComLog interception and mediation equipment ( I.M.E.) supports hybrid (active & passive) interception and mediation in TDM- and IP environments, presently used at most telecom operators and Internet service providers

The ComLog I.M.E. is based upon scalable high performance CPCI and/or PCI servers that can be equipped with a variety of E-1 , Ethernet monitoring cards and specialized DSP-cards that enable Layer 7- packet analysis at full wire line speed of up to 10 Gbps per server

ComLog I.M.E. is compliant with the latest ETSI and CALEA interception standards for IP- and TDM networks.

TARGET CUSTOMER GOUPS Telecom operators (mobile and fixed) and internet service providers who have a legal obligation to provide interception services for the national authorities.

PAGE 3/12

TARGET MANAGEMENT The ComLog target management software offers centralized target management for various network elements e.g. TDM-switches, Routers, Soft switches, CMTSs etc.

Functionality One user interface for centralized target management (placing / prolonging and removing of a tap) for circuit and packet switched targets in a multi-vendor infrastructure. Test calls to Leas monitoring centers. Extensive log files. Billing module. Import of HI-1 electronic warrants. Fax server functionality for electronically attaching fax warrants. Automated fax confirmation to Leas after a tap has been activated. Automatic periodical synchronization of target database at all interception access points .

The ComLog tap management software is build up out of four applications. These applications are client- server based, using secure encrypted connections.

PAGE 4/12

TMS server application The application is installed on a target management server and is responsible for the actual target provisioning of the various interception access points (e.g. MSCs, IP-routers, CMTS, soft switches etc) and mediation equipment. The TMS server application has no user interface and is installed as a service.

TapAdmin client application TapAdmin is used for daily target management activities e.g. setting and deleting taps. The application is user name and password protected and can run simultaneously on multiple workstations

TMSAdmin client application TMS is used for the user- and case administration. For security reasons this application can only run on one workstation with a fixed IP-address.

Tap Billing client application Tap billing is used for generating billing records that can be processed by external billing applications e.g. SAP.

TARGET IDENTIFIERS (*) o o o o o o A-NUMBER B-NUMBER MS-ISDN IMEI IMSI SIP-fields o o o o o o o o o o o o o o o o o o contact f from m p-asserted-identity record-route remote-party-id route sip_request t to

IP address; single, range and subnet Port; single or range Protocol; internet protocol number Email address; TO/FROM/CC/BCC in SMTP, POP3, IMAP4 messages RADIUS; Calling station ID, username, NAS ID, NAS Port DHCP:client MAC address, option-82 MAC address URL: Instant Messaging ID; Google, MSN, Yahoo!, AOL

(*) Depending on infrastructure and available interception access points

PAGE 5/12

CASE BASED TARGET ADMINISTRATION The target administration of the ComLog system is case based, meaning that users are assigned to one or more cases, while targets are assigned to a specific case. This setup enables to configure separate interception management user groups, e.g. one user-group for normal LEA interceptions and one user-group for highly confidential national intelligence interceptions. Both groups have no access to each other target-list.

SECURITY AND INTEGRITY Server services are disabled on the ComLog servers. Thus no disk shares possible. All relevant administrator and user events are logged and encrypted. X-1/2/3 connectivity is encrypted (*) HI-1/2/3 connectivity is SSL-secured (**) Hashing is applied to ensure the integrity of the intercepted data Intercepted data is buffered in case delivery to the monitoring center(s) is not possible. ComLog LI.S complies with the Dutch N.I.I. specifications. These are mandatory security regulations applicable for all L.I. interception equipment that is used in the Netherlands.

(*) This is applicable for ComLog I.M.E. and may also be applied for any other third party L.I. equipment that supports encryption standards. (**) Depending on the applicable L.I. hand-over protocol.

PAGE 6/12

REDUNDANCY Thee ComLog Interception & Mediation equipment can be equipped with several levels of redundancy depending on the requirements of Hardware redundancy Each server is equipped with Raid- hard disk pack, redundant power supplies, temperature and fan monitoring. Application redundancy All vital ComLog applications are mirrored on at least two separate servers and monitor each other performance over secure IP-channels. In case of failure of an application, the mirrored application will take over the functionality, thus ensuring the availability of the application. Site redundancy By setting up two or more ComLog interception & mediation equipment at different physical location, site redundancy can be achieved. In the event of a site failure, the interception process will still continue without loss of functionality.

PAGE 7/12

SYSTEM MONITORING AND ALARM FUNCTIONS

As the proper working of a ComLog L.I.S depends on many (third party) hard- and software applications, vital components are therefore monitored by the status console application (StatCon).

In case of malfunctioning of a component, the corresponding icon will recolor from green, yellow, gray to red (severest alarm level). An Email or SMS-message, containing details about the error, will then be sent to a system engineer. Detailed status information can also be viewed by clicking on the corresponding icon.

Optionally StatCon can be equipped with a SMTP-interface for integration with existing (SMTP-compatible) system monitoring applications.

StatCon runs on any PC having (secure) IP-connectivity with the ComLog interception & mediation equipment.

PAGE 8/12

Furthermore the ComLog L.I.S has extensive logging capabilities for administrative and application events e.g. Tracing of changes made in the target database (e.g. which user has set or deleted a target).

On-line status overview of incoming and outgoing intercepted TDM / IP traffic. Up time S-2 en S-1 applications Number of connected S-1s Number of taps defined in tap database Number of taps to be activated. Number of activated taps Number of closed taps Total number of packets , received from S-1s Number of packets sent to T1 or buffered before sending. Number of packets received by S-1 which could not be send to T-1 and/or buffered. Errors in tap database. Tap errors (how many taps are in error status, info on S-1s and S-2 and/or S2 and T-1 Uptime, downtime, unavailable, failed T1s Uptime / downtime S1 and S2 application Bandwidth statistics connection between S-1 en T-

Per tap following error reports No, incomplete, or incorrect T-1 connection information in the tap database for this tap. Tap could not set up connection with T-1 Tap has lost connection with T1 and could not be restored Per tap and per T1 tunnel , status: Connected, disconnected. All possible errors can be found in the log files with date and time stamp. Log file connection sessions between S-1 / S-2 and T-1 . Log file of changes in tap database

PAGE 9/12

PAGE 10/12

SUPPORTED INTERFACES & HAND-OVER PROTOCOLS (*) HI-1/2/3 INTERFACES ETSI ES 201 671 ETSI ES 101 671 ETS TS 102 232 ETSI 102 233 ETSI TS 102 234 ETSI-NL (Dutch variant on ETSI ES 201 671 specifications) JTS ( Dutch inband signaling protocol) Calea J-STD-025 ( USA variant of ETSI ES 201 671 specifications) T.I.I.T. (Netherlands) (Dutch handover protocol for intercepted IP-traffic) DFD (Italy) Packet Cable 1.5 Specifications

X-1/2/3 INTERFACES Active interception on TDM & Soft switches from Nortel, Alcatel, Nokia, Siemens, Marconi and Ericsson. Active interception on IP-switches ( SII) of e.g. o o o o Cisco Broad soft Juniper Extreme

Passive interception on o o o o Ethernet (up 10 Gb ) ATM STM- 1/16 DS1/3

(*) Please note that new interfaces can be developed at customers request.

PAGE 11/12

TECHNICAL SPECIFICATIONS & CAPACITY OVERVIEW

Circuit switched interception & mediation server E-1 Maximum Nr. of targets L.I. protocol stacks Nr of servers support for clustering Max buffering capacity :Max 32 E-1 trunks per server :100.000 :99 :Virtually no limits :Yes : 4 TB

Number of concurrent LEA-MC : 99

Packet switched interception & mediation Layer 2/L7 filtering/decoding Nr of targets L.I. Protocol stacks Nr of servers support for clustering. Max buffering capacity :Max. 10 Gbps per server :100.000 :99 :Virtually no limits :Yes : 4 TB

Number of concurrent LEA-MC : 99

PAGE 12/12