Word of the Day: deep packet inspection (DPI)

Word of the Day Daily updates on the latest technology terms | July 17, 2019 deep packet inspection (DPI) Deep packet inspection (DPI) is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect. Usually performed as a firewall feature, deep packet inspection functions at the application layer of the Open Systems Interconnection (OSI) reference model. How deep packet inspection works Deep packet inspection examines the contents of packets passing through a given checkpoint and makes real-time decisions based on rules assigned by an enterprise, internet service provider (ISP) or network manager, depending on what a packet contains. Previous forms of packet filtering only looked at header information, which, to use an analogy, is the equivalent of reading addresses printed on the outside of an envelope. This was due partly to the limitations of technology. Until recently, firewalls did not have the processing power necessary to perform deeper inspections on large volumes of traffic in real time. Technological advancements have enabled DPI to perform more advanced inspections that are more like opening an envelope and reading its contents. Deep packet inspection can examine the content of messages and identify the specific application or service it comes from. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol (IP) address range or a certain online service like Facebook. Common uses of deep packet inspection DPI can be used for benevolent purposes as a network security tool: for the detection and interception of viruses and other forms of malicious traffic. However, it's possible to use DPI for more nefarious activities as well, such as eavesdropping. Deep packet inspection can also be used in network management to streamline the flow of network traffic. For example, a message tagged as high priority can be routed to its destination ahead of less important or low-priority messages or packets involved in casual internet browsing. DPI can also be used for throttled data transfer to prevent peer-to-peer abuse, therefore, improving network performance. Because deep packet inspection makes it possible to identify the originator or recipient of content containing specific packets, it has sparked concern among privacy advocates and opponents of net neutrality. Limitations of deep packet inspection Deep packet inspection has at least three significant limitations. First, it can create new vulnerabilities in addition to protecting against existing ones. While effective against buffer overflow attacks, denial-of-service (DoS) attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories. Second, deep packet inspection adds to the complexity and unwieldy nature of existing firewalls and other security-related software. Deep packet inspection requires its own periodic updates and revisions to remain optimally effective. Third, DPI can reduce network speed because it increases the burden on firewall processors. Despite these limitations, many network administrators have embraced deep packet inspection technology in an attempt to cope with a perceived increase in the complexity and widespread nature of internet-related perils. Quote of the Day "DPI enables IT administrators and security officials to set policies and enforce them at all layers, including the application and user layer, to help combat malware and other threats." - Lee Doyle Trending Terms packet filtering application layer OSI throttled data transfer network intelligence Learning Center How can organizations address VoIP security threats? VoIP security threats can cost an organization time and money, but the right tools can prevent fraud, stolen credentials and intercepted traffic. Learn what security provisions organizations can put in place to better protect against VoIP threats. How to deploy deep packet inspection in the cloud Deep packet inspection in the cloud can help improve enterprises' network security, but it also raises some privacy concerns. Learn about potential problems with DPI and how to get around them. How best to secure cloud computing in this critical era Secure cloud computing first requires an understanding of the nature of the risk and, then, how to apply the best tools and practices to minimize it. This guide collects our recent must-reads to help you outsmart the threats. Deep packet inspection tools: Proxy vs. stream-based Deep packet inspection tools were once used mostly by service providers. Now that enterprise network managers are considering DPI tools, they'll have to determine the strategy that works best for their environments. Where SDN and DPI technology meet: Centralized control and automation When SDN and DPI technology meet, network engineers have the means to apply monitoring and management policy to the overall network instead of to individual components. Quiz Yourself A botnet is a group of computers organized to distribute spam or malware -- _________ the owners are typically unaware of the fact. a. though b. although c. even though Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.