Access Control List
Unlike traditional network ACLs that define service ports or domain names on a third-tier OSI, access to which is allowed or denied, the Stingray platform manages traffic up to the 7th level of OSI. This means that one can restrict or allow access to certain services, applications, resources for specific users or groups of users.
Blocking by the name
Specifics
Access Control on All OSI Levels
Stingray platform analyses all passing through packets up to OSI 7th level, and not only by standard port numbers. Using signature and statistical analysis, one can define such apps as P2P, IM, Email, VOIP, streaming video, gaming traffic, encrypted data, and configure access rules for each of them or any other network resource.
Access Lists
The Access List makes it possible to restrict access to the sites and pages available to the subscriber and redirects him or her to the specified page when trying to go beyond this list.
Creation of Captive Portal (CP)
CP in the carrier’s network is used to provide the subscriber with the opportunity to refill the balance when funds on the account have run out. Access to the Internet is limited to sites of payment systems and banks, and work on the white list of sites is combined with limiting the work on the list of protocols.
Flexible Configuration of Access Rules
The carrier can combine Block and Allow Lists to permit or deny access to certain resources (or even a resources pool) for an individual user or group of users. For example, a list of resources restricted for a school.
Benefits
- Operation on all levels of OSI according to the DPI technology.
- Flexible configuration of access rules.
- Allow lists for the subscribers.
- Organization of Captive Portal (CP).
Examples of Use
Subscriber access control with zero balance
When the subscriber has run out of funds on the account, their access to Internet resources is restricted until the balance is refilled. However, in order to refill, URLs and protocols of payment systems and online banks are entered in the allow-lists. Also, the provider can grant access to its own site, internal network resources, certain social networks, and others at no cost.
Subscriber Identification in Wi-Fi Network
According to the rules of access to the carrier’s network via public Wi-Fi access points, it is necessary to identify the subscriber in one of these ways: by phone number, passport data, or others. Stingray Service Gateway allows identification through access code that the subscriber gets on their mobile phone in SMS.
