What is what in technologies - part 3

We are continuing in our enterprise security technologies series. Now, you can find our more about DPI.

April 15, 2016
deep packet inspection

Have you been hungry for some more technology information already? Well, we prepared another „dish“ for you as a part of our series. This time, you can get know something more about the DPI.

Deep Packet Inspection (DPI) is recently used in a wide range of areas, e.g. enterprise level, governments or TELCO services providing. It really is surrounding us. But what it actually is? DPI is an advanced method of filtering of packets within computer network. DPI usually finds, identifies, classifies, reroutes or blocks packets with specific data or code payloads which cannot be detected by basic packet filtering; DPI inspects deeper in the data part and in more details. Within the inspection, it mainly searches for protocol non-compliance, viruses, spam, intrusions or other defined criteria and decides what packet may pass or not. It controls multiple headers for packets – IP Header, TCP, UDP etc. Packets can be acquired by multiple ways – e.g. port mirroring (Span Port), optical splitter. It enables also Internet data mining or Internet censorship.

To be even more detailed in the description of DPI, we have to mention the usage of a combination of an intrusion detection system (IDS – you can read more about IDS here) and an intrusion prevention system (IPS) with a more traditional firewall. Thanks to this combination, DPI is able to detect certain attacks. And if detection capabilities of DPI are good, on the other hand, it cannot block such attacks really effectively. It´s powers overlie mainly in the effectivity against buffer overflow attacks, denial of service attacks and certain types of malware. DPI´s classifications of packets vary from redirection, marking/tagging, blocking, rating, reporting (reported packets may be then identified and analysed). It also helps to streamline the traffic flow as it is able to allocate available resources and decide what has a bigger priority within the flow (for example high priority e-mail vs. reading news on the Internet). On the other hand, DPI can reduce a computer speed because of burdeningof the processor.

In general, network administrators evaluate DPI technologies as very beneficial for the network security.

Category: