Lawful Intercept Solutions

Home  /  HSIA & LI Solutions  /  Solutions  /  Lawful Intercept Solutions

first

Lawful Interception

Faced with heightened use of the internet in organized crimes such as data theft, pedophilia and in particular terrorism, governments around the world have introduced “Lawful Intercept” directives which require providers of Internet services to keep records of all the communications that take place over their Internet service and attempt to identify and record the user. The required information must be collected, stored for a specified period of time and made available to authorities at any time.

What this means is that as a hospitality service provider providing Internet access for your guests, you need to be responsible for knowing who accesses the internet or emails via your server and requires you to store information on user IDs, IP addresses and the date and time of communication.

InnGate 3 Supports Lawful Intercept

InnGate 3 supports lawful intercept out-of-the-box by providing a Syslog readable trace of information such as:

  • Source IP address – This is the IP address of the user. We store both the internal and external addresses.
  • Destination IP address – This is the IP address of the site that the user is connecting to.
  • Connection type – This shows whether it is a HTTP connection or TCP/UDP connection.
  • Connection time – This is the time at which the connection is made.
  • MAC address – The MAC address of the user’s device.
  • User ID – Depending on the authentication type, this can be the Radius User ID, the PMS room number or credit card transaction ID.

With such detailed information, lawful intercept requirements are met, allowing authorities to identify the user if the need arises.

Network Address Translation

Most users in a hospitality Internet service deployment will be making connections via Network Address Translation to maximize the limited IP address pool and the InnGate naturally supports NAT.

However, NAT poses a problem to tracking because all users within the premises will connect through the same pool of IP addresses so many users will share the same IP address.

nw add trans

In addition, the InnGate 3 supports SNAT which is a feature designed to overcome VPN over NAT connection issues. Basically the InnGate will detect VPN connections and try to assign each VPN user a unique IP address from the NAT IP pool. This prevents some types of VPN servers from rejecting the connection because 2 users are connecting to it via the same IP.

Despite these NAT challenges, the InnGate is still able to uniquely track each user because it stores both the internal and outgoing IP address and port number. In this manner, authorities can translate the NAT address to an actual internal IP address and thus uniquely identify the user.

Syslog Reporting

The connection information that is captured by the InnGate to support lawful intercept can be sent to a Syslog server. This standardizes the way that this information is stored for future retrieval.

syslog

The connection information that is captured by the InnGate to support lawful intercept can be sent to a Syslog server. This standardizes the way that this information is stored for future retrieval.

Instant Lawful Interception Compliance

With the growing prevalence of Lawful Intercept requirements by governments worldwide, it is a good thing for businesses that the InnGate 3 comes with features that enable them to comply with requirements right out-of-the-box.

This means hospitality service providers need not incur additional costs to buy more equipment or make significant changes to their infrastructure because their current gateway does not support Lawful Intercept requirements.

And because the InnGate Lawful Intercept feature is designed to interface with different authentication methods like Local Authentication, Radius and PMS, hospitality service providers can retain their preferred authentication methods with no changes to the infrastructure and even point it to the Syslog server to have a fully integrated solution at minimal cost.

With these advanced features, it is no wonder InnGate 3 is a popular choice amongst hoteliers who want to offer Internet services for its guests.