Group:

Shamir Ruilova A. / Joel Alvarado / Jorge Galarza

DPI / DCI
1) General aspects (state of the art).

DPI
DEFINITION:
Packet Inspection – looking at the header portion of a packet for security or analysis
purposes. Packet Inspection (DPI) – Removes the header information from a packet to
inspect the actual contents of the packet.
It secures networks by matching the IP packet sequences against a known set of offending
patterns. However, to be effective, DPI must match the packet information to these
patterns in real-time wire speed, which presents two limitations.

DPI-Potential Uses

Marketing Load Balancing

Virus/Spam Protection Copyright Enforcement

Surveillance Tiered Internet Access

Tabla1. Potential Uses of DPI

LIMITATIONS:
 At any given time, a DPI chip is capable of holding only a limited number of packets
for pattern matching and if the number of IP packets exceeds the number of packets
a DPI system can inspect, the malware embedded in large application payloads will
pass through.
 The limited amount of memory available for pattern matching: The packet data
obtained from a DPI system must be matched against a known malware threat, as a
result, unsupported application types as well as nested, ZIPped, or archived files will
easily slip through a DPI security solution and onto the network undetected.
Group:
Shamir Ruilova A. / Joel Alvarado / Jorge Galarza

DCI
You will be able to verify the trust of container images even after local administrators or
developers have made modifications. Mostly every Company has their own DCI.

 DCI technology performs full content-based inspection in real time.

Figure1. Diagram of DCI ’ structure

 DCI is able to perform a reputation search and behavior analysis on structured or

packed data.
 DCI is able to discover and evaluate signatures that cross packet boundaries.

Figure2. Deep Content Inspection

Group:
Shamir Ruilova A. / Joel Alvarado / Jorge Galarza

Uses
 Use Case 1: Inspect Policy in the User Space
Since container images provide a simplified method for packing up and shipping the user
space around, developers and administrators need to understand what programs and
configuration files have been embedded inside the user space.
 Use Case 2: Inspect Policy in the Metadata
The metadata in the container image is another interesting area for developers and
administrators. This information includes things like Architecture, Build Host, Docker
Version, and even arbitrary key-value information embedded in labels.
 Use Case 3: Policy Decisions
Once developers and administrators begin to use data in the container image and the
container image metadata to make manual decisions, the next step in DCI is to make
automated decisions based on codified policy.

2) Configurations (not necessarily commands).

Inspection engines are required for services that embed IP addressing information in the
user data packet or that open secondary channels on dynamically assigned ports.
There are different ways to configure DPI and DCI, the following security services and
features are capable of utilizing DPI and DCI:
Gateway Anti-Virus
Gateway Anti-Spyware
Intrusion Prevention
Content Filtering
Application Firewall
Packet Capture
Packet Mirror

Most of this configurations are made by access-lists and policy maps, this last one
is the preferred by next-generation network devices where the IT expert can
configure it via commands that include many parameters such as websites, IP
address, protocols flags and values, protocols states, etc. Starting by an overview,
then the configuration and finally the verification and monitoring
Group:
Shamir Ruilova A. / Joel Alvarado / Jorge Galarza

3) Deployment scenario comparative.

Comparative
Meanwhile the DPI goes and inspect packet by packet that is ingressed through the router
and classify it according to the rules established beforehand by the admin of the network,
on the other hand the DCI does it on a larger scale with stacks of packets which on the same
pattern as before, is established by the admin.
DCI is an advanced form of network filtering that reassembles, decompresses, and/or
decodes network traffic packets into their constituting application-level objects (often
referred to as MIME objects). It functions as a fully transparent device at a more
comprehensive level than DPI; as such, it does more than simply check the body or header
of data packets moving through a network. Instead, a DCI solution examines the entire
object so that any malicious or non-compliant intent is detected.

4) Conclusions / Recommendations.
 We must recognize the flow of information from our network in order to choose the
best technology for us

 Currently the protection of our business data should have a higher priority, we must
protect our information and equipment in several ways to prevent a leak of
information

 We must bear in mind that the use of one technology or another implies a change
in the speed of our network

 Although these security measures are oriented for the protection of very high
information flows, we can also apply them in our homes or small businesses