 - Deep packet inspection (DPI) is an advanced method of packet filtering that functions at the Application layer of the OSI (Open Systems Interconnection) reference model. The use of DPI makes it possible to find, identify, classify, reroute or block packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect.
Using DPI, communications service providers can allocate available resources to streamline traffic flow. For example, a message tagged as high priority can be routed to its destination ahead of less important or low-priority messages or packets involved in casual Internet browsing. DPI can also be used for throttled data transfer to prevent P2P (peer-to-peer) abuse, improving network performance for most subscribers. The security implications of DPI are widespread because the technology makes it possible to identify the originator or recipient of content containing specific packets, a capability that has sparked concern among advocates of online privacy.
DPI has at least three significant limitations. First, it can create new vulnerabilities as well as protect against existing ones. While effective against buffer overflow attacks, denial of service attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories. Second, DPI adds to the complexity and unwieldy nature of existing firewalls and other security-related software. DPI requires its own periodic updates and revisions to remain optimally effective. Third, DPI can reduce computer speed because it increases the burden on the processor. Despite these limitations, many network administrators have embraced DPI technology in an attempt to cope with a perceived increase in the complexity and widespread nature of Internet-related perils.
Numerous companies, including such major players as Alcatel, Cisco, Ericsson, IBM, Microsoft, Nokia and Symantec have begun to aggressively market DPI technology as components of hardware and software firewalls.
 |
Learn more about Network Security Monitoring and Analysis |
| Penetration testing methodology and standards: Penetration testing methodology and standards are key to success for this ethical hacking technique that can help security professionals evaluate information security measures. |
| Types of penetration tests: Learn about different types of penetration tests in part four of our series on this ethical hacking technique that can help security professionals evaluate the effectiveness of information security ... |
| Penetration testing strategies: Learn penetration testing strategies, ethical hacking techniques to help security professionals evaluate the effectiveness of information security measures. |
| Performing a penetration test: Part 2 in our series on penetration testing, an ethical hacking technique, to help security professionals evaluate the effectiveness of information security measures within their organizations. |
| Network penetration testing guide: This network penetration testing guide reveals how to use penetration testing tools and best practices for conducting a penetration test. |
| LAST UPDATED: |
01 Nov 2007
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
 |
 |
| |
RELATED CONTENT
 |
Network penetration testing guide
This network penetration testing guide reveals how to use penetration testing tools and best practices for conducting a penetration test.
|
|
Performing a penetration test
Part 2 in our series on penetration testing, an ethical hacking technique, to help security professionals evaluate the effectiveness of information...
|
|
Penetration testing strategies
Learn penetration testing strategies, ethical hacking techniques to help security professionals evaluate the effectiveness of information security...
|
|
|
Show me everything on 