Word Notes 12.1.20
Ep 26 | 12.1.20

deep packet inspection (DPI) (noun)


Rick Howard: The word is: DPI.

Rick Howard: Spelled: D as in deep, P as in packet, and I as in inspection, also known as information extraction, also known as IX and also known as complete packet inspection.

Rick Howard: Definition: A network monitoring and filtering technique that examines both the header information and the payload of every packet traversing a network access point.

Rick Howard: Example sentence: Deep packet inspection is the fundamental technology underlying all next generation firewalls. It enables blocking decisions at the application layer, and makes possible logical segmentation rules that facilitate an organization's zero trust policy.

Rick Howard: Origin and context: In the early Internet days, Check Point introduced the idea of stateful inspection firewalls circa 1994. These firewalls could track end-to-end connection states based on network packet header information, the metadata that describes the type of service, packet size, protocol, checksums, source and destination IP addresses, and other things essential to keep the packets flowing. In 2003, a new firewall company Netscreen introduced the idea of application layer blocking in which they not only looked at the header information, but also examine the payload. Today, modern day next-generation firewalls all offer a version of this feature: it facilitates monitoring and prevention rules based on applications flowing through the firewall connected to the authenticated user. In other words, you can make next-generation firewall rules like the marketing department can go to Facebook, but the development team can't. This allows network defenders to logically segment their networks at the firewall based on deep packet inspection.

Rick Howard: Nerd reference: Nir Zuk is the founder of Palo Alto Networks, but back in the day, he was one of the original design engineers at Check Point when they introduced the stateful inspection firewall. But he had this idea for a deep packet inspection firewall, a layer seven firewall. He formed his own company in 1999, OneSecure, to build it.

Netscreen, bought OneSecure in 2002 and implemented some of the first versions of deep packet inspection, which, according to Marcus Ranum, combined that stateful inspection firewall, some IDS signatures, and some application protocol anomaly detection rules. 

In 2004, Juniper bought Netscreen. And Nir decided to build his own firewall company in 2005 to pursue the deep packet inspection idea. But Nir is not enamored with administration. He's more of a big thinker and before he formed the company, he kept putting off the decision to name it. Finally, his lawyers called him at his house in Palo Alto, California, and told him that he couldn't delay naming the new company any longer. Nir looked around his kitchen, noticed some unopened mail, and chose Palo Alto networks as the name. And the rest, as they say, is history. Today, all firewalls in the market had some capability to do deep packet inspection and are really next-generation firewalls.