deep packet inspection (DPI)

Using DPI, communications service providers can allocate available resources to streamline traffic flow. For example, a message tagged as high priority can be routed to its destination ahead of less important or low-priority messages or packets involved in casual Internet browsing. DPI can also be used for throttled data transfer to prevent P2P (peer-to-peer) abuse, improving network performance for most subscribers. The security implications of DPI are widespread because the technology makes it possible to identify the originator or recipient of content containing specific packets, a capability that has sparked concern among advocates of online privacy.

DPI has at least three significant limitations. First, it can create new vulnerabilities as well as protect against existing ones. While effective against buffer overflow attacks, denial of service attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories. Second, DPI adds to the complexity and unwieldy nature of existing firewalls and other security-related software. DPI requires its own periodic updates and revisions to remain optimally effective. Third, DPI can reduce computer speed because it increases the burden on the processor. Despite these limitations, many network administrators have embraced DPI technology in an attempt to cope with a perceived increase in the complexity and widespread nature of Internet-related perils.

Numerous companies, including such major players as Alcatel, Cisco, Ericsson, IBM, Microsoft, Nokia and Symantec have begun to aggressively market DPI technology as components of hardware and software firewalls.

Read more about deep packet inspection (DPI): - Nate Anderson explains how DPI works. - Thomas Porter discusses DPI evolution and security issues. - Slashdot has a discussion about DPI and privacy issues.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Where can I find a sample security audit report? How can I run my own? IT organization security audit reports aren't for circulation. Our network enterprise security expert explains how professionals can sample a... The firewall remains the network traffic cop, but its role is changing Even as mobile workers connect to the network from a wide variety of devices, the network firewall remains the bedrock of network security. Troubleshooting VLANs: How to monitor 802.1q tagged traffic When troubleshooting a virtual LAN (VLAN), learn how to monitor 802.1q tagged traffic within a network in this advice from our routing and switching...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com)