“Langraf-C” – monitoring of data streams of local area network section intended for increase of efficiency of counteraction to internal threats of data privacy.
Area of application:
|Protection against confidential information leakage||Complex control of communications in the company||Compliance with legislation and industry standards requirements||Control of the risks related to access to the information|
- The analysis and logging of the operator’s actions at data exchange with external storage devices (Floppy, USB Flash/HDD, SCSI MO, CD/DVD R/RW);
- The passive analysis and logging of network data streams during operators work with DBMS;
- The analysis and logging of printing operations on local or network printers from workplaces of operators;
- Collection and processing of data about state of operators’ workplaces and local network in general;
- Storage and access to the stored elements of information streams.
- The supported monitoring devices:
- storage devices of the USB Flash format;
- the hard disks connected by the USB or Firewire interface;
- the floppy or magnetooptical disks either built in the system either connected via USB or SCSI interfaces;
- record devices on the optical CD/DVD carriers either built in the system either connected via USB, SCSI or Firewire interfaces;
- the local printing devices connected via USB or LPT interfaces;
- the network printing devices using the RAW or LPR protocols;
- computers of a local network for monitoring of their state.
- The supported data formats for display and full text search:
- Internet: (HTTP/HTTPS): web-mail, social networks, sites, forums, etc.;
- E-mail (including attachments): SMTP, POP3, IMAP4, NNTP, MS Exchange server;
- Internet pagers (Skype, ICQ, MSN, AIM, Yahoo, Jabber, Mail.Ru Agent, IRC, Miranda, QIP, etc.);
- File transfer and exchange (FTP, P2P);
- Support of the MS-Office file formats (Word, Excel, Access, PowerPoint), PDF, Plain Text, archives (RAR, ZIP, ARJ, GZIP, TAR), etc.;
- Documents of the OpenOffice.org package of all versions;
- Printing tasks in the formats: EMF, PS, PCL, TEXT;
- The images of disks of the ISO9660/Joliet format which are recorded in the MODE1, 2/HA modes and the multi-session mode;
- Network sessions of queries to Oracle DBMS, MS SQL, My SQL, PostgreSQL;
- Text files (automatic detection of the coding of the text on the basis of frequency information for the Russian and English languages);
- Other data: graphic images in the jpg, bmp, png, gif and other formats, multimedia files in the wav, avi, wmf and other formats.
- Additional opportunities:
- use of the password to enter to the safe Windows mode;
- buffering of events when loading in the safe mode;
- monitoring of remote access to Windows desktop;
- hiding of agents files from the file system of the workstation;
- installation/removal/updating of agents without computer reset, including the way through a local area network;
- two variants of the setup of agents: with the use of the GUI and CLI.
- Type of an operating system of the monitored computer – Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 8, architecture of x32/x64;
- The maximum volume of the stored copies of the transferred information – 5 Tbyte;
- The maximum quantity of the monitored logical subnets – 127;
- The maximum quantity of observed hosts in the logical subnet is not limited (it is defined by physical architecture of the observed network);
- The maximum size of one copy of data is not limited (it is defined by the space left on the storage server);
- Access to servers of the complex: remote with the use of the https protocol;
- Language of the user interface: Russian/English (with the possibility of adding other languages on demand).
The complex basically consists of:
- Network monitoring agent;
- Statistics server;
- Storage server;
- Search server;
- Workplace of the security officer;
- Set of local components (agents) and means of their installation to the operators’ workplaces.
Different variants of the complex:
- All subsystems of the complex are assembled in separate cases for improvement of possibilities of scaling and increasing of reliability of the complex work;
- One 1U/19” multiprocessor server is used for functioning of server subsystems of the complex;
- All elements of the complex are realized on the basis of the personal computer.
The workplace of the security officer provides display of the actual information on the state of the local area network, allows to track the data streams transferred in real time, and full history of data exchange for the specified time period. The system of filters used for selection of required information, and also a set of the built-in visualization tools of the stored elements of data are realized. The choice of color palette, language of the GUI and configuration of the screen are possible to make the work with the complex more convenient.