How it Works
LevelOne
Loading...
ICI-2000
User Manual
181 pgs29.54 Mb0
Table of contents
Loading...

LevelOne ICI-1000, ICI-2000 User Manual

Internet Content Inspect or
ICI-1000 / ICI-2000
User Manual
v1.00
Important Notice
This user manual is delivered subjected to the following terms and conditions. The copyrights, intellectual property rights and trade secrets included in this user manual are owned by ICI. The user manual is provided to ICI customers for the sole purpose of obtaining information with respect to the installation, implementation and function of the ICI system and should not be used for any other purpose. The inform ation contained in this user manual is proprietary to ICI and strictly confidential. It is strictly forbidden to copy, duplicate, reproduce or disclose this user manual or any part of this user manual without prior written permission from ICI.
The Management Team of Digital Data Communications Asia Ltd Copyright © LevelOne 201 1
Copyright
The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission of LevelOne
Disclaimer
LevelOne does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others. LevelOne further reserves the right to make changes in any products described herein without notice. The publication is subject to change without notice.
Trademarks
LevelOne is a registered trademark of Digital Data Communications Group. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Table of Contents
INTRODUCTION ............................................................................................................................................... 6
WHO NEED THE ICI SYSTEM ...................................................................................................................................... 7
APPLICATION AND IMPLEMENTATION ........................................................................................................................... 8
UNPACKING & INSTALLING ............................................................................................................................ 10
PACKING CHECKLIST ............................................................................................................................................... 10
FRONT PANEL ....................................................................................................................................................... 10
REAR PANEL ......................................................................................................................................................... 10
REQUIREMENT ...................................................................................................................................................... 11
INSTALLATION ....................................................................................................................................................... 11
DEFAULT SETTINGS ................................................................................................................................................ 11
GETTING STARTED ......................................................................................................................................... 12
WEB MANAGEMENT INTERFACE ............................................................................................................................... 12
SYSTEM MAIN PAGE .............................................................................................................................................. 13
ICON BAR ............................................................................................................................................................. 14
MAIN PAGE - TOTAL THROUGHPUT STATISTICAL REPORT .............................................................................................. 15
INTERNET CONTENT RECONSTRUCTION ......................................................................................................... 22
EMAIL ................................................................................................................................................................. 22
POP3 ............................................................................................................................................................. 22
IMAP ............................................................................................................................................................. 26
SMTP (Outgoing) .......................................................................................................................................... 28
Webmail Read............................................................................................................................................... 30
Webmail Sent ................................................................................................................................................ 32
INSTANT MESSAGING & CHAT .................................................................................................................................. 34
Windows Live Messenger (aka MSN) ............................................................................................................ 34
ICQ ................................................................................................................................................................ 39
Yahoo Messenger ......................................................................................................................................... 41
QQ Messenger * ........................................................................................................................................... 43
UT Chat Room ............................................................................................................................................... 48
Skype * .......................................................................................................................................................... 49
Gtalk (in HTTP Gmail) ................................................................................................................................... 50
Internet Relay Chat – IRC .............................................................................................................................. 51
FILE TRANSFER ...................................................................................................................................................... 52
File Transfer Protocol - FTP ........................................................................................................................... 52
Peer to Peer File Sharing – P2P ..................................................................................................................... 54
HTTP .................................................................................................................................................................. 55
HTTP Link ...................................................................................................................................................... 55
HTTP Content ................................................................................................................................................ 57
HTTP Reconstruct .......................................................................................................................................... 59
HTTP Upload/Download ............................................................................................................................... 62
HTTP Video Streaming (FLV Video) ............................................................................................................... 64
HTTP Request ................................................................................................................................................ 66
HTTP Social Network Sites ............................................................................................................................ 68
TELNET ................................................................................................................................................................ 69
OTHERS ............................................................................................................................................................... 71
Online Games ................................................................................................................................................ 71
VoIP (Optional Purchase License) ................................................................................................................. 72
Unknown Connection .................................................................................................................................... 74
SYSTEM SETTING ................................................................................................................................................... 75
Network Setting ............................................................................................................................................ 75
Network Setup .............................................................................................................................................. 76
DNS Setup ..................................................................................................................................................... 81
Shutdown and Reboot .................................................................................................................................. 81
System Time Setup ........................................................................................................................................ 82
Filter Setup .................................................................................................................................................... 83
Storage.......................................................................................................................................................... 84
Services ......................................................................................................................................................... 85
Edit Password ............................................................................................................................................... 96
Backup Data.................................................................................................................................................. 97
Disk Space Control ...................................................................................................................................... 101
SYSTEM STATUS .................................................................................................................................................. 102
Port Number ............................................................................................................................................... 102
Online IP ...................................................................................................................................................... 104
Login List ..................................................................................................................................................... 112
Update ........................................................................................................................................................ 113
Maintenance ............................................................................................................................................... 114
Domain ....................................................................................................................................................... 116
SYSTEM TOOLS .................................................................................................................................................... 117
Delete Data ................................................................................................................................................. 117
Authority ..................................................................................................................................................... 119
Storage Alert ............................................................................................................................................... 123
Throughput Alert ........................................................................................................................................ 124
AD Import ................................................................................................................................................... 126
REGISTRATION .................................................................................................................................................... 129
DATA SEARCH ..................................................................................................................................................... 131
Full Text Search ........................................................................................................................................... 131
Similar Search ............................................................................................................................................. 133
Data Search – Conditional or Parameter Search ........................................................................................ 134
Association Search ...................................................................................................................................... 145
Captured File List ........................................................................................................................................ 147
Bookmark .................................................................................................................................................... 148
SEND MAIL SERVICE ............................................................................................................................................. 151
Alert with Content ....................................................................................................................................... 151
Alert Mail Box ............................................................................................................................................. 152
Alert Sensitive File ....................................................................................................................................... 153
Report Management .................................................................................................................................. 154
Event Management .................................................................................................................................... 155
Event Trigger Management ........................................................................................................................ 157
STATISTICAL REPORTS ........................................................................................................................................... 158
Conditional Reports (Single Report) ............................................................................................................ 158
Conditional Report (Group Report) ............................................................................................................. 161
Network Services Usage Report .................................................................................................................. 162
Network Services Usage Weekly Report ..................................................................................................... 163
Top Websites Report ................................................................................................................................... 164
Online Users Report .................................................................................................................................... 165
Last Month Key Word Trend Report ........................................................................................................... 167
Daily Report (Excel Log Report) .................................................................................................................. 168
APPENDIX A: P2P SUPPORTED ..................................................................................................................... 169
APPENDIX B: ONLINE GAMES SUPPORTED ................................................................................................... 170
APPENDIX C: RETRIEVE DATA LOG VIA FTP .................................................................................................. 171
APPENDIX D: FIELD DEFINITION OF FULL-TEXT SEARCH FUNCTION .............................................................. 172
EXTENSION – QUERY SYNTAX DEFINITION ................................................................................................... 176
OVERVIEW ......................................................................................................................................................... 176
TERMS ............................................................................................................................................................... 176
FIELDS ............................................................................................................................................................... 176
TERM MODIFIERS ................................................................................................................................................ 177
Wildcard Searches ...................................................................................................................................... 177
Fuzzy Searches ............................................................................................................................................ 177
Proximity Searches ...................................................................................................................................... 178
Range Searches ........................................................................................................................................... 178
Boosting a Term .......................................................................................................................................... 178
BOOLEAN OPERATORS .......................................................................................................................................... 179
AND ............................................................................................................................................................. 179
+ .................................................................................................................................................................. 179
NOT ............................................................................................................................................................. 179
- ................................................................................................................................................................... 180
GROUPING ......................................................................................................................................................... 180
FIELD GROUPING ................................................................................................................................................. 180
ESCAPING SPECIAL CHARACTERS ............................................................................................................................. 180

Introduction

LevelOne Internet Content Inspector, ICI empowers your business security and operations teams
by providing granular data m onitor ing and prec ise packet and session reconstruction capabilities. The solution is designed to combine process and technology into a single effective system for network forensics. Business can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. ICI offers real innovation by enabling unprec e dent ed vis ibi lity and control of applications and content with no performance degradation. It identify applications accurately - regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage.
It intercepts, captures and reconstruct Internet activities such as Email (POP3, SMTP, IMAP), Webmail Read and Sent (Yahoo Mail, Gmail, Windows Live Hotmail, Seednet etc.), Instant Messaging or Chat (Yahoo, Windows Live Messenger or MSN, ICQ, AOL, QQ, UT Chat Room, IRC, Gtalk, Skype Voice Call Duration Log), HTTP (URL Link, Content, Upload and Download, Vide o Streaming), File Transfer (P2P File Sharing, FTP), Online Games, VoIP (Yahoo Messenger) and Webcam (Yahoo Messenger and Windows Live Messenger - MSN), VoIP (RTP Voice Call) and Telnet sessions. ICI system encourages efficiency, prevents company network resource from abuses by employees, tracing culprits of information and confidential data leakage, and monitors activities and online behaviour of employees.
Ethernet LAN interception is an important approach to gather information of communications and digital evidence. Ethernet LAN interception solutions capture all the traffic on the LAN network and monitor the Internet activities. It is capable of live intercepting with real time capturing and decoding/reconstruction, category classifying, behaviour analysing, data mining, reporting with statistics etc.
ICI comes with wide variety of management and administrative functions. It provides you various types of report with Top-Down View. Reports that can be created include Total Throughput Statistical Report, Network Service Report (Daily, Weekly basis), Top Websites etc. All statistics can be displayed in per IP Address or per User Account basis.
ICI also provides varieties of search functions. It provides Free Text Search (search by Key Words with Boolean suppor t), C on dit ion al Sear ch, Similar Search and Association with Rela tions hi p Searc h. It also comes with Alert and Notification (Throughput, Conditional and Key Words Alert) functions that allow the network Administrator to setup different alert rules and parameters. This allows alert to be triggered (email to be sent to Administrator) once the specified content is found in the captured and reconstructed content.
Backup function allows user to back up the captured raw data files or reconstructed contents. User can setup auto backup to backup these files to external drive (NAS or SAN) through FTP upload method. Besides, user can opt for manually backup these files by burning them into CD/DVD or even downloaded them to a local hard drive/PC.
Other functions available are like Bookmark, Capture File List (Comparing the content of two files), Online IP List, Authority Assignment, Syslog Server etc. Others functions include hashed export (backup), file content comparison etc.

Who Need the ICI System

Financial, Banking and Inves tment Organisations where all Internet transactions and communications need to be archived (Record Keeping).
Marketing organizations, design house, h igh tec hn ol o g y and R&D firms where critical confidential information need protected.
Schools, colleges, institutions and universities that would like to monitor students and staffs online activities and behaviour.
Government agencies and ministries such as Police Intelligence, Military Intelligence, Secret Service Agencies, National Security Agencies, Criminal Investigation Agencies, C o unter Terrorism Agencies etc.
Any company or organization that wants to monitor, backup and archive their daily Internet transaction and data.

Application and Implementation

The diagram below is a common ICI application and implementation diagram which can be applied to any organization networks. ICI uses sniffer technology to sniff or capture network Internet packets through a port-mirroring capable switch (normally a smart switch or layer 2/3 switch; a HUB can be used too as HUB broadcast traffic to all ports). It then parses (decodes and reconstructs) the captured raw data packets, store them in system database and displays the reconstructed data with reports in original and readable format in the Web GUI.
Ethernet LAN Organization Network Monitoring and Interception
ICI can also be implementation at network with huge volume of traffic throughput such as mass interception and lawful interception at Telco or ISP networks. This implementation is normally for lawful enforcement agencies (LEA) such as cyber sec u rit y agenc ies, national security agencies, criminal investigation bureau, police and military intelligence. Please contact LevelOne sales team for more details
sales@level1.com
Telco or ISP lawful Internet Interception

Unpacking & Installing

1 2 1 2 3 4 5
6

Packing Checklist

19 inch 1U Rack mountable Server x 1 Quick Installation Guide x 1 CD Manual x 1 Mounting Bracket set x 1 Power Cord x 1

Front Panel

1. Power LED
2. HDD LED

Rear Panel

1. Power Socket
2. Power Supply Unit
3. PS/2 KB & Mouse (for local console)
4. VGA Display (for local console)
5. Monitor Ethernet Port
6. Management Ethernet Port

Requirement

IP
192.168.1.60
Username
root
Password
000000 (six zero)
In order to get the ICI to capture your network activities successfully, a Port-Mirroring feature on the network Ethernet switch is must. User can monitor traffic from any source port to a target port for real­time analysis. Attach the ICI to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Most the Web Smart and fully Managed Layer2 Ethernet switches support the Port-Mirroring feature
Web Smart or Fully Managed Layer2/3 Switch with Port-Mirroring feature
For the best performance and keep disruption minimal, we introduce the Mirror mode implementation only which provides the Real-time Reconstruction and keep disruption minimal at the same time. The captured packets are saved in PCAP format

Installation

1. Connect the power cord to ICI power socket on the rear panel
2. Patch lead between Switch Mirror port and ICI Monitor port
3. Patch lead between Switch port (any available port) and ICI Management port

Default Settings

Note: Internet Explorer (IE ver6, 7 and 8) are recommended web browser for Web GUI management access of ICI system.

Getting Started

This chapter shows how to manage the ICI system via standard Web Browser over local network, also a quick guide about each function button from menu bar, as well as the examples of feature-rich of report feature.

Web Management Interface

1. Use Internet Explorer (IE) Web Browser to access ICI system web management site. ICI system uses port 443 for secure web access. Please remember to key in https://x.x.x.x, for example
https://192.168.1.60 (which is the default login).
2. Before you use this system, please make sure you have Java applet installed. Read the instruction on “Before You Use This System” at the login page.
3. Username: root & Password: 000000 (six zero)
4. Choose your preferred language [Traditional Chinese] or [English] and then click on the login button.
Note: Internet Explorer (IE ver6, 7 and 8) are recommended web browser for Web GUI management acc ess of ICI system.

System Main Page

The navigation icon bar is on the top section of the Web Management GUI. ICI Homepage provides information on the Total Throughput Statistical Report (as shown in diagram below) with Top-Down and Drilled-Down capabilities.

Icon Bar

Icon
Function
EMAIL RECORD
CHAT
RECORD
FILE TRANSFER
OTHERS
HTTP
TELNET RECORD
RECORD
RECORD
RECORD
Icon
Function
SYSTEM S
SYSTEM TOOLS
RE
GIS
DATA SEARCH
ALERT SERVICE
REPORT
TER
TATUS
SYSTEM S
ETTING
HOMEPAGE/LOGOUT

Main Page - Total Throughput Statistical Report

Total Throughput Statistical Report provides Dail y, W eek l y and Total Traffic statistic of different Internet service categories for the organization network. It shows the total traffic amount usage by the entire network as well as breaks them out into different service categories. Online User List will show the List of users (IP Address and Account).
Mail Report allows Administrator to send different reports such as Total Throughput Statistical Report, Online IP List etc. to the specific Email account immediately or either by hour l y, dail y, weekl y or monthly basis as shown below.
Example 1:
Click on the Email - POP3 Quantity of Daily Traffic, it will List down the entire POP3 Emails in the database.
Example 2:
Click on the HTTP – HTTP Content weekly traffic throughput (KB), it will display the bar chart of the HTTP Content traffic for the entire week (7 days). By clicking bar chat (specific day), it will lead you to that day details content.
Example 3:
Click on the Daily Traffic – Summary Report, it will pop out Statistical Report List window and you can select to click Throughput Statistical Report or Top N report. Click on the Top N, it will display the User Daily Traffic Top N by Listing the top user IP with information such as Who is?, Throughput (KB) and Statistical Report which includes Protocol Daily, Weekly and Summary Report.
Click on Who is ? This will display the user (IP) relationship with username, user login etc. Click on Protocol, it will display all applications and throughput (KB) used by this user (IP).
Besides generating report by IP, Administrator can also generate report by Account basis.
Click on the Daily, Weekly or Summary Statistical Report of the particular user (IP), it will pop out a window display statistical on bar chart.

Internet Content Reconstruction

Email

ICI system captures and reconstructs Email content back to its original content view format. Various Email protocol types supported are as follow:
1. POP3 (Incoming)
2. IMAP (Incoming)
3. SMTP (Outgoing)
4. Webmail (Read)
5. Webmail (Sent)

POP3

Post Office Protocol 3 or POP3 (Incoming) Email obtainable information includes Date-Time, Account (with IP/MAC), Sender, Receiver, CC, Subject with Email content (with attachment if any) and Size.
Features in this POP3 GUI:
POP3: Refresh the page content.
Delete: Delete the Email (that has been checked or ticked).
Account List: This section shows all the Email Account List.
Search: Search for Email based on the specified parameters such as Date, Time, IP, Receiver,
Sender, CC, Subject and Account.
Source, Destination IP Address and MAC Address by pointing the mouse to the account column.
Display the number of record per page
[•] Source Code: Shows the Email source and path.
[•] Convertor: Convert the subject name to another language to be readable. T his conver t or
Subject: Click on Email subject to view the content of the Email.
Checkbox: Check or tick the checkbox for deleting
Attachment: This symbol shows there is attachment in the Email
Shows the IP address
Forward Email: Forward the Email to a specific Email account
coverts the character in different coding formats such as zh-ch (Chinese), zh-sg (Singapore), zh­tw (Taiwan), en (English), utf-8, JP (Japanese).
Similar Search: Search for Email with similar content
Whois: Provide information of Source and Destination IP and Hostname. It allows you to
search for the IP Address information through the Internet.
View Email Content
Click on the Email subject and Administrator can choose to open and view the Email content or save it into the hard drive of the Administrator PC.

IMAP

Internet Message Protocol (IMAP) obtainable information includes Date-Time, Account (with IP/MAC), Sender, Receiver, CC, Subject with Email content (with attachment if any) and Size.
Features in this IMAP GUI:
IMAP: Refresh the page content.
Delete: Delete the Email (that has been checked or ticked).
Account List: This section shows all the Email Account List. (Refer to 2.1.1)
Search: Search for Email based on the specified parameters such as Date, Time, IP, Receiver,
Sender, CC, Subject and Account.
Source, Destination IP Address and MAC Address by pointing the mouse to the account column
Display the number of record per page
Checkbox: Check or tick the checkbox for deleting
Attachment: This symbol shows there is attachment in the Email
Shows the IP address
Forward Email: Forward the Email to a specific Email account
[•] Source Code: Shows the Email source and path.
[•] Convertor: Convert the subject name to another language to be readable. This convertor
coverts the character in different coding formats such as zh-ch (Chinese), zh-sg (Singapore), zh­tw (Taiwan), en (English), utf-8, JP (Japanese).
Subject: Click on Email subject to view the content of the Email.
Similar Search: Search for Email with similar content
Whois: Provide information of Source and Destination IP and Hostname. It allows you to
search for the IP Address information through the Internet.
View Email Content
Click on the Email subject and Administrator can choose to open and view the Email content or save it into the hard drive of the accessing PC.

SMTP (Outgoing)

Simple Mail Transfer Protocol or SMTP (Outgoing) obtainable information includes Date-Time, Account (with IP/MAC), Sender, Receiver, CC, BCC, Subject with Email content ( with attac hment if any) and Size.
Features in this SMTP GUI:
SMTP: Refresh the page content.
Delete: Delete the Email (that has been checked or ticked).
Account List: This section shows all the Email Account List. (Refer to 2.1.1)
Search: Search for Email based on the specified parameters such as Date, Time, IP, Receiver,
Sender, CC, Subject and Account.
Source, Destination IP Addr es s and MAC Addr es s by pointing the mouse to the account column
Display the number of record per page
Checkbox: Check or tick the checkbox for deleting
Attachment: This symbol shows there is attachment in the Email
Shows the IP address
Forward Email: Forward the Email to a specific Email account
[•] Source Code: Shows the Email source and path.
[•] Convertor: Convert the subject name to another language to be readable. This convertor
coverts the character in different coding formats such as zh-ch (Chinese), zh-sg (Singapore), zh­tw (Taiwan), en (English), utf-8, JP (Japanese).
Subject: Click on Email subject to view the content of the Email.
Similar Search: Search for Email with similar content
Whois: Provide information of Source and Destination IP and Hostname. It allows you to
search for the IP Address information through the Internet.
View Email Content
Click on the Email [Subject] link and you can choose to open and view the Email content or save it into the hard drive of your PC.

Webmail Read

Webmail supported includes Yahoo Mail, Windows Live Hotmail, Gmail etc. Webmail (Read) obtainable information includes Date-Time, Account (with IP/MAC), Sender, Subject (with content) and Webmail Type.
Features in this Webmail (Read) GUI:
Webmail (Read): Refresh the page content.
Delete: Delete the Email (that has been checked or ticked).
Account List: This section shows all the Email Account List. (Refer to 2.1.1)
Search: Search for Webmail based on the specified parameters such as Date, Time, IP, Receiver,
Sender, CC, Subject and Account.
Source, Destination IP Address and MAC Address by pointing the mouse to the account column
Display the number of record per page
Checkbox: Check or tick the checkbox for deleting
Attachment: This symbol shows there is attachment in the Email
Shows the IP address
Forward Email: Forward the Email to a specific Email account
[•] Source Code: Shows the Email source and path.
[•] Convertor: Convert the subject name to another language to be readable. This convertor
coverts the character in different coding formats such as zh-ch (Chinese), zh-sg (Singapore), zh­tw (Taiwan), en (English), utf-8, JP (Japanese).
Subject: Click on Email subject to view the content of the Email.
Similar Search: Search for Email with similar content
Whois: Provide information of Source and Destination IP and Hostname. It allows you to
search for the IP Address information through the Internet.
Loading...
+ 151 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use