DEEP PACKET INSPECTION (DPI)
It is an advanced computer network packet filtering system that inspects every packet of data when it passes a firewall (an inspection point). The packet is scrutinized for viruses, intrusion, spam and protocol non-compliance and based upon a specified set of rules the packet is allowed or rejected.
It enhances the capabilities of firewall as it operates at the L3 – L7 application layer of the OSI model. DPI is considered to be more effective than shallow packet Inspection and Medium Depth Packet Inspection.
Typical Firewalls on your routers read only the labels or headers on the data packets of Internet traffic. Deep Packet Inspection pores beyond the header information of the open system Interconnection OSI model to inspect the payload of the packet in the application layer.
In the application layer it contains the actual massages. The inspection strips off the headers and can identify the program or service being used. Further, it performs the packet analysis happens in real time, which avoids any delay in data traffic.
How secure is DPI?
DPI can be used for allocating resources for streamlining traffic flow. Messages can be prioritized and those considered to be high priority can be provided preference to be routed to its specific destination. DPI helps identify the originator or recipient of the messages and content, and this has publicly raised privacy issues. DPI also provides effective protection against certain malware, denial of service attacks and buffer overflow attacks.
DPI is exploited for attacking through malware, denial of service attacks and buffer overflow attacks (the same mechanisms that it is effective against). Firewalls and other security software are by themselves quite complicated and require considerable skilled monitoring and management. Managing DPI further adds to the burden of managing these complex systems. Just like any other software DPI requires regular updates.
How Deep Packet Inspection Capabilities can benefit you.
More and more companies are providing firewall options that include Deep packet Inspection because, it can help you stay more secure. It usually allows you to:
- Filter and analyze messages
- Open and close ports
- Performance in-line spam screening
- Eliminate attacks against the BIOS
- Proxy your IM Traffic
- Perform SSL session inspections
- Ward off Secure Socket Layer sniffing
It includes IDS (Intrusion Detection System) functionality into your existing firewall application so that, everything is implemented on one device.
While most companies think, a regular firewall is enough, most vulnerabilities occur at the network layer, which isn’t visible to traditional firewalls. Also, because employees are using their personal devices, it can be more difficult to prevent attacks. Hence having a DPI in your infrastructure makes it more secure.