Escolar Documentos
Profissional Documentos
Cultura Documentos
DPI / DCI
1) General aspects (state of the art).
DPI
DEFINITION:
Packet Inspection – looking at the header portion of a packet for security or analysis
purposes. Packet Inspection (DPI) – Removes the header information from a packet to
inspect the actual contents of the packet.
It secures networks by matching the IP packet sequences against a known set of offending
patterns. However, to be effective, DPI must match the packet information to these
patterns in real-time wire speed, which presents two limitations.
DPI-Potential Uses
LIMITATIONS:
At any given time, a DPI chip is capable of holding only a limited number of packets
for pattern matching and if the number of IP packets exceeds the number of packets
a DPI system can inspect, the malware embedded in large application payloads will
pass through.
The limited amount of memory available for pattern matching: The packet data
obtained from a DPI system must be matched against a known malware threat, as a
result, unsupported application types as well as nested, ZIPped, or archived files will
easily slip through a DPI security solution and onto the network undetected.
Group:
Shamir Ruilova A. / Joel Alvarado / Jorge Galarza
DCI
You will be able to verify the trust of container images even after local administrators or
developers have made modifications. Mostly every Company has their own DCI.
Uses
Use Case 1: Inspect Policy in the User Space
Since container images provide a simplified method for packing up and shipping the user
space around, developers and administrators need to understand what programs and
configuration files have been embedded inside the user space.
Use Case 2: Inspect Policy in the Metadata
The metadata in the container image is another interesting area for developers and
administrators. This information includes things like Architecture, Build Host, Docker
Version, and even arbitrary key-value information embedded in labels.
Use Case 3: Policy Decisions
Once developers and administrators begin to use data in the container image and the
container image metadata to make manual decisions, the next step in DCI is to make
automated decisions based on codified policy.
Most of this configurations are made by access-lists and policy maps, this last one
is the preferred by next-generation network devices where the IT expert can
configure it via commands that include many parameters such as websites, IP
address, protocols flags and values, protocols states, etc. Starting by an overview,
then the configuration and finally the verification and monitoring
Group:
Shamir Ruilova A. / Joel Alvarado / Jorge Galarza
Comparative
Meanwhile the DPI goes and inspect packet by packet that is ingressed through the router
and classify it according to the rules established beforehand by the admin of the network,
on the other hand the DCI does it on a larger scale with stacks of packets which on the same
pattern as before, is established by the admin.
DCI is an advanced form of network filtering that reassembles, decompresses, and/or
decodes network traffic packets into their constituting application-level objects (often
referred to as MIME objects). It functions as a fully transparent device at a more
comprehensive level than DPI; as such, it does more than simply check the body or header
of data packets moving through a network. Instead, a DCI solution examines the entire
object so that any malicious or non-compliant intent is detected.
4) Conclusions / Recommendations.
We must recognize the flow of information from our network in order to choose the
best technology for us
Currently the protection of our business data should have a higher priority, we must
protect our information and equipment in several ways to prevent a leak of
information
We must bear in mind that the use of one technology or another implies a change
in the speed of our network
Although these security measures are oriented for the protection of very high
information flows, we can also apply them in our homes or small businesses