The invention relates generally to telecommunications access control systems and, more particularly, to a system and method which permits a telecommunications firewall to enforce a security policy based on discrimination between a plurality of call content types and to autonomously terminate the call in enforcement of the security policy.
Data network users in today""s corporations and government agencies can easily add unauthorized modems to their computers to facilitate remote login. This is often done with innocuous intentions, but is a serious network security issue nonetheless. Rogue modemsxe2x80x94modems that are not authorized by the organization, but have been connected to a computer system by an employee, circumvent the traditional Internet firewall, routers and intrusion detection systems.
With a rogue modem having opened the xe2x80x9cback doorxe2x80x9d of the security perimeter, the organization""s network is vulnerable to xe2x80x9chackersxe2x80x9d or xe2x80x9cphreakersxe2x80x9d attempting to access the private data network via the Public Switched Telephone Network (PSTN). Unscrupulous individuals with larcenous or malicious intent can use a war dialer to seek out and identify insecure modems, penetrate their computer systems and gain access to the data network beyond.
An additional vulnerability involves authorized users performing unauthorized activities from within the private network. This is of special concern in high-security environments where outside transmissions are normally carefully monitored to ensure corporate or government secrets are not inadvertently or deliberately transmitted.
Telecommunication firewalls, such as the device described in U.S. Pat. No. 6,249,575 entitled TELEPHONY SECURITY SYSTEM to the same assignee are recently-developed devices that protect an organization""s data network from access via telephony resources. A telecommunications firewall is configured with a user-defined security policy that is downloaded to one or more line sensors installed in-line on the user""s side of the demarcation line. A line sensor determines the plurality of call attributes comprising call source, estimation and call content type from the call passing through the line sensor. Prescribed actions (including that of the line sensor allowing or denying the call) are performed based upon the call attributes determined and the security policy.
Although the line sensor is capable of determining a plurality of call attributes, the call content type (e.g., whether the call content is voice, fax or data), is a pivotal attribute in the security rules that address many of the calls that a telecommunications firewall is designed to detect and/or terminate. For instance, a modem transmission from a line that is designated for only voice use is indicative of a rogue modem. A data transmission to a voice-designated line is indicative of a possible hacking attempt, or again, a rogue modem on the line. An after-hours voice call or modem transmission from a line designated for fax use is indicative of an unauthorized call or possible espionage.
Very clever hackers may attempt to penetrate data networks by emulating one type of call to get past the firewall, then change to another type once the call is allowed. Therefore, changes in call content type are highly suspect and a security policy may require termination of such a call.
However, some government agencies such as the FBI and the CIA, the military and some NATO agencies, use a telephone encryption device known as Secure Telephone Unit-III (STU-III), to conduct classified conversations or transmit classified data. A STU-III may be used as a typical telephone to initiate a call, but when users xe2x80x9cgo securexe2x80x9d by turning an encryption-activation key, the voice conversation is digitized at the unit, encrypted and then transmitted using a standard modem to the receiving STU-III device where the process is reversed. The term xe2x80x9cSTU-III-voicexe2x80x9d is used herein to refer to the call content type of a STU-III encrypted voice transmission.
A STU-III device is also used as a modem to transmit data to another STU-III location. In the xe2x80x9cdata modemxe2x80x9d mode, the data is encrypted before it is sent to the receiving STU-III device. The term xe2x80x9cSTU-III dataxe2x80x9d is used herein to refer to the call content type of a STU-III encrypted data transmission.
Obviously the change in call content type when a STU-III transmission goes from insecure voice to secure data would be permitted in a security policy. Therefore a further discrimination between the voice band data of STU-III encrypted call content types and that of typical data (modem) and fax content types is needed.
A plurality of telecommunications fraud prevention devices exist which use and determine call-type attributes such as if the call is made from a pay phone, if it is cellular originated or terminated, if it is made to/from a number or country code with a high occurrence of billing fraud, if the call is long distance, toll free, a credit card call, etc. However, call-type attributes such as these are not relevant to protecting a private data network from unauthorized access via the telecommunications network. Additionally, devices such as these do not continue to discriminate content type after the call is connected.
Other devices are capable of detecting calls that violate a security policy, but cause time delays and a drain on manpower resources because they require notices to be sent to supervisory personnel for either approval to terminate or for manual follow-through by personnel to ultimately terminate the call.
Still other devices include components for classifying telephone signals, but none of these devices comprise the comparable arrangement of single, combined transmit and receive signal processing, continuous content discrimination and autonomous call termination capabilities needed for the specialized task of protecting a private data network from unauthorized access via the telecommunications network.
Therefore, what is needed is a system and method by which an in-line sensor continuously discriminates between call content types comprising voice, fax, data (modem), STU-III voice and STU-III data (modem) using inputs derived from analysis of the call passing through the sensor, and then autonomously enforces a security policy.
The present invention, accordingly, provides a system and method for an in-line sensor to enforce a security policy by discriminating between call content types including voice, fax, data (modem), STU-III voice and STU-III data (modem), and to continue to enforce the security policy against an allowed call, discriminating content type changes after the call is connected. Inbound and outbound calls are allowed or denied (i.e., blocked or xe2x80x9chung-upxe2x80x9d) according to a security policy that is managed by a security administrator. If the call violates security policy at any time, the call is autonomously terminated.
To this end, in one embodiment, the line sensor processes the combined signal from both the transmit and the receive side of the communication channel as one single signal. Filtered tonal events as well as raw signal frequency and energy indices are used to discriminate between voice and voice band data (VBD) content type. Voice band data is considered herein to be any modulated data output by devices such as a fax, modem, or a secured STU-III. Further discrimination between voice and a plurality of VBD content types (fax, data modem and STU-III), is provided by a content type discrimination state machine which uses tonal event notices, the output of the previously mentioned frequency and energy statistical analysis between voice and VBD, and demodulated signal analysis. The line sensor operates in a continuous processing loop, continuing to discriminate call content type after the call is connected.
A system and method for discriminating call content types for individual telephone lines at a plurality of user sites outside of a Public Switched Telephone Network (PSTN) is described. The system may include: a database containing security rules for each of a plurality of extensions, the rules specifying actions to be taken based upon a call content type of the call on the extension, wherein the call content type is determined at the user sites outside the PSTN; and a line sensor within the user sites outside the PSTN for determining the call content type of the call. The line sensor continuously checks the call content type to determine if the call content type changes.
Alternate embodiments are contemplated whereby other VBD content types such as transmissions from a teletypewriter (TTY) device (used by deaf or speech-impaired individuals), are discriminated from fax, data (modem), STU-III voice and STU-III data to allow additional content type-specific security policy rules to be implemented.
In another alternate embodiment it is contemplated that discrimination of fax and data (modem) content type is further refined to discriminate transmission protocols and/or host-based applications, thereby allowing implementation of protocol-dependent or application-dependent security policy rules. Such rules require use of an xe2x80x9corganizationapprovedxe2x80x9d or more highly secure protocols and applications in order for calls to be allowed.
An additional alternate embodiment is contemplated whereby the information from the transmit side and the receive side of the communication channel is processed separately instead of being combined into one single signal.
A technical advantage achieved with the invention is the ability to discriminate between call content types comprising voice, fax, data modem, STU-III voice and STU-III data, thereby providing call attributes that are critical to protecting a data network from access via telecommunications resources.
Another technical advantage achieved with the invention is the ability to discriminate if the call type changes after the call is connected, thereby providing protection from hackers emulating one call type and later changing once the call is connected, while still allowing STU-III calls.
Another technical advantage is the ability to autonomously terminate a call if it is in violation of the security policy, thereby eliminating unacceptable time delays or manpower requirements.
Yet another technical advantage achieved with the invention is the ability to process a single, combined transmit and receive signal, thereby achieving efficient and minimal use of processing resources.