Privacy Policy Cookie Policy Terms and Conditions Narus - Wikipedia, the free encyclopedia

Narus

From Wikipedia, the free encyclopedia

Narus
Type Private
Founded 1997
Headquarters Mountain View, California
Key people Founder, Ori Cohen
Industry Communication
Products Monitoring systems
Website www.narus.com

Narus is a private company founded in 1997 by Ori Cohen, who had been in charge of technology development for VDONet, an early media streaming pioneer.

It is notable for being the creator of NarusInsight, a supercomputer system which is used by the NSA and other bodies to perform mass surveillance and monitoring of citizens' and corporations' Internet communications in real-time, and whose installation in AT&T's San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T.

Contents

[edit] Management and investors

Whilst Hoover's company factsheet on Narus continues to list Dr. Cohen as Chairman, Narus's own website listing of the Board of Directors no longer mentions Dr. Cohen.

Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term "revenue leakage". Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes. In 2004, Narus engaged the former Deputy Director of the National Security Agency, William Crowell as a director. From the Press Release announcing this:

"Crowell is an independent security consultant and holds several board positions with a variety of technology and technology-based security companies. Since 9/11, Crowell has served on the Defense Advanced Research Projects Agency (DARPA) Task Force on Terrorism and Deterrence, the National Research Council Committee on Science and Technology for Countering Terrorism and the Markle Foundation Task Force on National Security in the Information Age."

Narus has venture funding from companies including JP Morgan Partners, Mayfield, NeoCarta, Presidio Venture Partners, Walden International, Intel, NTT Software and Sumisho Electronics.

[edit] NarusInsight

The capabilities of the NarusInsight system are alarming to many privacy advocates.

[edit] System specification

From the Key Features list of NarusInsight:

  • Universal data collection from links, routers, soft switches, IDS/IPS, databases, etc. provides total network view across the world's largest IP networks.
  • Normalization, Correlation, Aggregation and Analysis provide a comprehensive and detailed model of user, element, protocol, application and network behaviors, in real-time.
  • Seven 9s reliability from data collection to data processing and analysis.
  • Industry-leading packet processing performance that supports network speeds of up to OC-192 at layer 4 and OC-48 at layer 7, enabling carriers to monitor traffic at either the edge of the network or at the core.
  • Unsurpassed and limitless scalability to support the world's largest, most complex IP networks.
  • Unparalleled flexibility -- NarusInsight's functionality can easily be configured to meet any specific customer requirement (Narus SDK).
  • Unparalleled extensibility -- NarusInsight's functionality can easily be configured to feed a particular activity or IP service such as security, lawful intercept or even Skype detection and blocking.

OC-192 carries about 10 gigabits of data per second. Ten billion bits per second, monitored in real-time. Technically, this is an extremely powerful supercomputer.

[edit] System capabilities

  • Packet-mode data intercepts for Service Providers and Carriers.
  • Wireline to wireless and WiFi or dialup to broadband.
  • "Instant Compliance" with CALEA and ETSI for simple, fast and hands-free compliance.
  • Carrier-grade speeds, performance and scalability.
  • Supports all of your services, out-of-the-box.
  • Securely manages resources while simplifying audits and reporting.
  • Network and vendor agnostic.
  • Enables additional application for revenue generation or revenue protection.

This data flows right into NarusInsight Intercept Suite, which enables packet-level, flow-level, and application-level usage information is captured and analyzed as well as raw user session packets for forensic analysis, surveillance or in satisfying regulatory compliance for lawful intercept.

The Lawful Intercept module offers carriers and service providers compliance with regulatory requirements regarding lawful intercept. The Lawful Intercept module provides an end-to-end solution consisting of Administration, Access and Delivery functions. The Lawful Intercept module is compliant with CALEA and ETSI standards. It can be seamlessly integrated with third party products for testing/validation or as a complete law enforcement solution.

The Directed Analysis module seamlessly integrates with NarusInsight Secure Suite or other DDoS, intrusion or anomaly detection systems, securely providing analysts with real-time, surgical targeting of suspect information (from flow to application to full packets). The Directed Analyis module provides industry standard formats and offers tools for archival and integration with third party investigative tools.

These capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. When Narus partners' powerful analytic tools are combined with the surgical targeting and real-time collection capabilities of Directed Analysis and Lawful Intercept modules, analysts or law enforcement agents are provided capabilities that have been unavailable thus far.

[edit] Usage

It is useful to examine the OSI model of seven layers which underpins all communication on the Internet. NarusInsight focuses on two layers: number four, the transport layer, built on standards like TCP and UDP, the physical building blocks of Internet data traffic, and number seven, the application layer, built on standards like HTTP and FTP, which are dependent on the application using them, i.e. Internet Explorer, Kazaa, Skype, etc. NarusInsight monitors 10 billion bits per second at level four and 2500 million bits per second at level seven. For reference, a 256K DSL line equals 0.25 million bits per second (Mbit/s), and a normal modem around 0.05 Mbit/s. So a single NarusInsight machine can monitor traffic equal to the maximum capacity of around 39,000 DSL lines or 195,000 modems. In practical terms 10 Gbps equals the combined traffic of millions of broadband users, so the number of subscribers monitored by one installation is several millions. It can also perform semantic analysis of the same traffic as it is happening, in other words analyse the content, meaning, structure and significance of this entire traffic, as it is happening.

The exact use of this data is not fully documented. A starting point is the Internet Protocol Detail Record, used to record information about usage activity within the telecom infrastructure (such as a call completion). NDM-U stands for "Network Data Management - Usage". It refers to a functional operation within the Telecom Management Forum's Telecom Operations Map. The NDM function collects data from devices and services in a service providers network. Usage refers to the type of data which is the focus of this document. These standards were built into Narus' systems.

"IPDR.org has been in existence since 1999 and more than a dozen vendors have actual IPDR implementations "etched in code". Their systems are actually able to talk to each other and interoperate. Version 2.5 and up of the NDM-U represents a stable basis for development. IPDR.org's Interoperability Pavilion is a working demonstration of multiple companies exchanging service usage data in that format."

Service usage data. That would be data on the actual usage of the Internet. And what kind of data would this be? Way back in 1999, this article stated:

"In an effort to provide more complex network traffic analysis, Narus is introducing its semantic network traffic service. The company cites research which predicts the fast-growing ISP sector will become stagnant without the ability to offer differentiated services. In order to gain significant revenues from these services, a technology was necessary to allow usage based pricing.
"We realized that, at the heart of the data that is needed to accurately measure usage and enable 'pay-as-you-go' business models for Internet service providers, is what we call the 'semantics' of network traffic," said Ori Cohen, Narus' founder and chief executive officer.
"In short, by seeing the 'semantics' of network traffic, service providers can see 'inside' the data, providing much more detailed insight about the use of the Internet and the perceived value of specific applications than existing technologies allow."
"Semantic Traffic Analysis uses network technology to consistently capture and analyze all IP data streams on heavily trafficked networks remotely and non-invasively. In addition, the semantics of the data stream are determined also, as well as the protocol used and the application taking place. A variety of other data is available as well."

In this context, semantics is not just the data, but rather the meaning of the data. It looks at the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time.

One website calls this "the biggest invasion of privacy in history by several orders of magnitude."

From Narus' Lawful Intercept and Regulatory Compliance page:

"Explosive Internet growth in recent years has transformed worldwide communications, yielding tremendous efficiencies and benefits, as well as many risks."
"For example, terrorist attacks around the globe have been carefully orchestrated through Internet-based forms of communications such as e-mail, messaging, hidden Web pages and now VoIP, forcing governmental organizations and law enforcement agencies to re-evaluate how they are providing public security as it becomes so much easier and faster to communicate electronically."
"Recent mandates and the resulting standards referenced under CALEA in the United States and ETSI in Western Europe aim to preserve the right of law enforcement agencies to conduct authorized electronic surveillance in an effort to protect the public and its right to privacy. However, these mandates create IT headaches for carriers as they struggle to meet the requirements."
"With a suite of products targeted at meeting lawful intercept requirements, Narus simplifies lawful intercept tasks helping carriers and agencies meet requirements without experiencing any degradation in service quality."

In light of the recent NSA warrantless surveillance controversy, one technical IT news source commented:

"Imagine how great a tool "instant compliance" with the Communications Assistance for Law Enforcement Act could be with this kind of reach and detail. Especially if a secret Presidential Directive allows it to be used without the warrants required under the Act. That's what it appears we are up against, folks. Real-time semantic data monitoring on a huge scale. A scale beyond what most of us can even comprehend. It's scary."

[edit] See also

[edit] External links

THIS WEB:

aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - be - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - closed_zh_tw - co - cr - cs - csb - cu - cv - cy - da - de - diq - dv - dz - ee - el - eml - en - eo - es - et - eu - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gd - gl - glk - gn - got - gu - gv - ha - haw - he - hi - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mg - mh - mi - mk - ml - mn - mo - mr - ms - mt - mus - my - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - rm - rmy - rn - ro - roa_rup - roa_tara - ru - ru_sib - rw - sa - sc - scn - sco - sd - se - searchcom - sg - sh - si - simple - sk - sl - sm - sn - so - sq - sr - ss - st - su - sv - sw - ta - te - test - tet - tg - th - ti - tk - tl - tlh - tn - to - tokipona - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu

Static Wikipedia 2008 (no images)

aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - bcl - be - be_x_old - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - co - cr - crh - cs - csb - cu - cv - cy - da - de - diq - dsb - dv - dz - ee - el - eml - en - eo - es - et - eu - ext - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gan - gd - gl - glk - gn - got - gu - gv - ha - hak - haw - he - hi - hif - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kaa - kab - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mdf - mg - mh - mi - mk - ml - mn - mo - mr - mt - mus - my - myv - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - quality - rm - rmy - rn - ro - roa_rup - roa_tara - ru - rw - sa - sah - sc - scn - sco - sd - se - sg - sh - si - simple - sk - sl - sm - sn - so - sr - srn - ss - st - stq - su - sv - sw - szl - ta - te - tet - tg - th - ti - tk - tl - tlh - tn - to - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu -

Static Wikipedia 2007:

aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - be - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - closed_zh_tw - co - cr - cs - csb - cu - cv - cy - da - de - diq - dv - dz - ee - el - eml - en - eo - es - et - eu - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gd - gl - glk - gn - got - gu - gv - ha - haw - he - hi - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mg - mh - mi - mk - ml - mn - mo - mr - ms - mt - mus - my - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - rm - rmy - rn - ro - roa_rup - roa_tara - ru - ru_sib - rw - sa - sc - scn - sco - sd - se - searchcom - sg - sh - si - simple - sk - sl - sm - sn - so - sq - sr - ss - st - su - sv - sw - ta - te - test - tet - tg - th - ti - tk - tl - tlh - tn - to - tokipona - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu

Static Wikipedia 2006:

aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - be - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - closed_zh_tw - co - cr - cs - csb - cu - cv - cy - da - de - diq - dv - dz - ee - el - eml - en - eo - es - et - eu - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gd - gl - glk - gn - got - gu - gv - ha - haw - he - hi - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mg - mh - mi - mk - ml - mn - mo - mr - ms - mt - mus - my - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - rm - rmy - rn - ro - roa_rup - roa_tara - ru - ru_sib - rw - sa - sc - scn - sco - sd - se - searchcom - sg - sh - si - simple - sk - sl - sm - sn - so - sq - sr - ss - st - su - sv - sw - ta - te - test - tet - tg - th - ti - tk - tl - tlh - tn - to - tokipona - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu