Careers & Certifications

06:42 PM
Alexander Wolfe
Alexander Wolfe
Commentary
50%
50%

In Packet Inspection Race, Cisco Sees FPM As Key To Network Security

Cisco has an interesting tease for an upcoming Webcast entitled "Defending Your Router in 256 Bytes or Less." The thesis is that "the increase in accuracy and performance of network security products has pushed hackers to create attacks within the first 256 bytes of code that slip into networks under the radar." The upshot is that Cisco is pitching Flexible Packet Management (FPM), a technique it developed as a more effective way to block attacks than the deep packet inspection methods that are

Cisco has an interesting tease for an upcoming Webcast entitled "Defending Your Router in 256 Bytes or Less." The thesis is that "the increase in accuracy and performance of network security products has pushed hackers to create attacks within the first 256 bytes of code that slip into networks under the radar." The upshot is that Cisco is pitching Flexible Packet Management (FPM), a technique it developed as a more effective way to block attacks than the deep packet inspection methods that are widely used.

I'm no expert, but something jumps out at me here. Indeed, it's implicit in the fact that Cisco is holding this seminar, and also that there are multiple packet-examination techniques extant, that we've got something of a packet-inspection arms race going on. Hackers are getting smarter and more focused in their attacks, and vendors have to jump through ever tighter hoops to protect their routers, firewall appliances, etc.

I think the "hoops" analogy is apt, because if the idea now is that the most successful attacks take place in the initial packets, this means that the network doesn't have much (any) time to get its act together. No lengthy analyses allowed; just cut to the chase and protect. Now.

OK, so let's do a short short on the two techniques at hand. Here's a brief description of deep packet inspection (DPI), from a 2005 article by Dr. Thomas Porter, in SecurityFocus. DPI, he notes, is performed in firewall applicances:

"[The] DPI engine scrutinizes each packet (including the data payload) as it traverses the firewall, and rejects or allows the packet based upon a ruleset that is implemented by the firewall administrator. The inspection engine implements the ruleset based upon signature-based comparisons, heuristic, statistical, or anomaly-based techniques, or some combination of these."

Alexander Wolfe was editor-in-chief of InformationWeek.com. In his two decades as a technology editor, he has written for Electronics Magazine, Byte.com, and TechWeb. He spent nine years at CMP's Electronic Engineering Times, where he wrote the "Wolfe's Den" column and broke ... View Full Bio
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed