Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network.
Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort of port mirroring built in that can easily function as a "tap". If not, ethernet and fiber taps are fairly cheap ($100-$200 or so on the second hand market). The tap can be hooked into a server running tcpdump or similiar software or various commercially available. This provides complete compliance for a fairly reasonable cost. Having a tap on each wireless access point, etc...needlessly complicates the whole affair and increases cost drastically. If you are doing backhaul via an Internet T1 or similiar, the upstream carrier may be doing some of this for you. However, you do have to analyze carefully to ensure that you are compliant in this situation. Note that this actually is a good idea to have even without CALEA as you can get a good idea as to what traffic is actually running on your network and can better track down virus/hackers/other malicious traffic. -
I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said "why should we care- we are in Latvia". After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=results&sid=723d81c229563812d900d2 0b3a31a900 Ralph -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam ----- Original Message ----- From: "wispa" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org> Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods > On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote >> Mark, >> >> CALEA IS LAW. There are interpretations of that law, but they have >> been upheld by courts. > > YOu're arguing against things I'm not saying. > >> >> CALEA is not the opinion of the DOJ or FCC. It is not far-reaching >> (like say the Patriot Act) or secret and possibly illegal like the >> NSA-AT&T wiretapping / surveillance. > > The whole idea that WE are covered under CALEA is just FCC opinion, which > is > as changeable and variable as the wind. The ruling is capricious and > founded > on VAPOR, not substance. > > I just cannot believe you approve of unfunded federal mandates for public > purposes. CALEA was not. Misapplying CALEA is. > > This is not OSHA mandates. This is not the same as requiring that a tower > service company require their climbers to use a safety system. Not even > close. If the federal government is justified with making us provide, AT > OUR > EXPENSE, law enforcement services, then we're one little itty bitty non- > existent step from from being mandated to do ANYTHING they happen to wish > for, and the wish lists from the swamp on the Potomac are so large they > boggle the mind. > > And don't give me the "we play dead for regulatory favors in the future" > crap. Nothing we do will buy us one MOMENT's worth of consideration, in > EITHER direction. > > -------------------------------------------- > Mark Koskenmaki <> Neofast, Inc > Broadband for the Walla Walla Valley and Blue Mountains > 541-969-8200 > > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
-- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/