Unlike traditional network ACLs, which define service ports or domain names on a Layer 3 OSI device to which services are allowed or denied access, Stingray platform manages traffic up to Layer 7. This means you can restrict or allow access to specific services, applications, and resources for specific users or user groups.
- Works at all OSI layers using DPI technology.
- Flexible access rule configuration.
- Whitelisting for subscribers.
- Captive Portal (CP) organizations.
Blocking by Name
For https resources, two blocking options are supported: by certificate name (common name) or SNI. This allows a resource to be blocked even if its IP address changes.
Use Cases
Subscriber Access Management with a Zero Balance
When a subscriber’s account runs out of funds, their access to internet resources is restricted until they top up their balance. However, to make a payment, the URLs and protocols of payment systems and online banking services are whitelisted. The provider can also allow access to its own website, internal network resources, certain social networks, and other resources to which it is willing to grant access free of charge.
Subscriber Identification on a Wi-Fi Network
Tightening access rules for public Wi-Fi hotspots on the telecom operator’s network has created the need for subscriber identification by one of several methods: phone number, passport information, or through the government services portal. Stingray enables identification using an access code received by the subscriber on a mobile phone in the form of an SMS message.
Features
Access control at all OSI layers
The DPI platform analyzes all packets passing through it, up to Layer 7 of the OSI model, not just standard port numbers. Using signature and statistical analysis, it identifies applications such as P2P, IM, email, VOIP, streaming video, gaming traffic, and encrypted data, and configures access rules for each of them or any other network resource.
Access whitelists
A whitelist restricts the websites and pages available to the subscriber, redirecting them to a specified page when attempting to leave the whitelist.
Creating a Captive Portal (CP)
A CP in the operator’s network is used to allow subscribers to top up their balance if their account is depleted. Internet access is limited to payment system and banking websites, and the whitelisted websites are combined with restrictions on protocol access.
Flexible access rules
The telecom operator can combine whitelists and blacklists to allow or block access to specific resources (or even a pool of resources) for individual users or groups of users. For example, using a list of prohibited resources for a school.
