What is Deep Packet Inspection and How it works?
It is an advanced computer network packet filtering system that inspects every packet of data when it passes a firewall (an inspection point). The packet is scrutinized for viruses, intrusions, spam and protocol non-compliance and based upon a specified set of rules the packet is allowed or rejected.
It enhances the capabilities of a firewall as it operates at the L3-7 application layer (the seventh layer) of the Open System Interconnection (OSI) reference model. DPI is considered to be more effective than Shallow Packet Inspection and Medium Depth Packet Inspection.
Typical firewalls on your routers read only the labels or headers on the data packets of Internet traffic. Deep Pack Inspection pores beyond the header information of the Open System Interconnection (OSI) reference model to inspect the payload of the packet in the application layer. Layer 7 is the application layer that contains the actual messages. The inspection strips off the headers and can identify the program or service being used. Further, it performs the packet analysis happens in real time, which avoids any delay in data traffic.
How Secure is DPI?
DPI can be used for allocating resources for streamlining traffic flow. Messages can be prioritized and those considered to be high priority can be provided preference to be routed to its specific destination. DPI helps identify the originator or recipient of the messages and content, and this has publicly raised privacy issues. DPI also provides effective protection against certain malware, denial of service attacks and buffer overflow attacks.
However, due to their own mechanisms of action DPI appliances can introduce vulnerabilities. DPI can exploited for attacking through malware, denial of service attacks and buffer overflow attacks (the same mechanisms that it is effective against). Firewalls and other security software are by themselves quite complicated and require considerable skilled monitoring and management. Managing DPI further adds to the burden of managing these complex systems. Just like any other software DPI requires regular updates.
How Deep Packet Inspection Capabilities can Benefit You
More and more companies are providing firewall options that include Deep Packet Inspection (DPI) because it can help you stay more secure. It usually allows you to:
- Filter and analyze messages
- Open and close ports
- Perform in-line spam screening
- Eliminate attacks against the BIOS
- Proxy your IM traffic
- Perform SSL session inspections
- Ward off SSL sniffing
It simply includes IDS (Intrusion Detection) functionality into your current firewall appliance so that everything is implemented on one device. However, many products on the market can be vulnerable to exploitations because of software defects. At Comodo, however, we are proud to say that our product withstands all exploits and attacks and can strengthen your network perimeter security instead of weaken it. Our product offers DPI technology to make it more effective against DDOS attacks, overflow attacks and more sophisticated intrusions.
While most companies think a regular firewall is enough, most vulnerabilities occur at the network layer, which isn’t visible to traditional firewalls. Also, because more employees are using their personal devices, it can be more difficult to prevent attacks. Contact us today for more information.