Lawful Intercept concepts

Overview

Lawful Intercept (LI) is a term that describes the interception and monitoring of network subscriber traffic by authorized agencies for law-enforcement purposes. A subscriber whose traffic is intercepted using LI is called a target. The LI target traffic is replicated by a service mirror that uses subscriber information as the match criteria.

Security assurances and restrictions

NFM-P has no native LI functions or legal interception capability, and can only enable, configure, and disable LI functions on NEs that have native LI functions, such as the 7750 SR.

NFM-P acts only as an optional remote LI controller, and has no view of any intercepted traffic; the target address is the only information available to NFM-P.

LI security constraints

LI uses the following constraints to enforce data security.

  • LI is not detectable by a target subscriber.

  • LI traffic is delivered separately from other network traffic.

  • LI alarms are displayed only for authorized LI users.

  • LI configuration information is stored in a separate and encrypted file.

  • LI uses TLS to secure the required communication channels.

LI requirements

LI functions are managed separately from other NFM-P functions. LI mirroring is a special type of service mirroring that requires the following:

  • on each LI NE in a mirror service:

    • SSH user security

    • an LI user profile

    • an NE user account that has LI privileges

  • on the NFM-P:

    • TLS on the single-user GUI clients, client delegate servers, and JMS server

    • an NFM-P user account that has LI privileges

    • an assigned Lawful Interception Management scope of command role

    • an LI mediation policy

Note: The NFM-P blocks the association of LI mediation security with any 7750 SR whose software version descriptor includes -NL. An LI configuration on such an NE cannot be completed because the NE does not support LI mediation security.