Careers & Certifications

06:42 PM
Alexander Wolfe
Alexander Wolfe
Commentary
50%
50%

In Packet Inspection Race, Cisco Sees FPM As Key To Network Security

Cisco has an interesting tease for an upcoming Webcast entitled "Defending Your Router in 256 Bytes or Less." The thesis is that "the increase in accuracy and performance of network security products has pushed hackers to create attacks within the first 256 bytes of code that slip into networks under the radar." The upshot is that Cisco is pitching Flexible Packet Management (FPM), a technique it developed as a more effective way to block attacks than the deep packet inspection methods that are

Cisco has an interesting tease for an upcoming Webcast entitled "Defending Your Router in 256 Bytes or Less." The thesis is that "the increase in accuracy and performance of network security products has pushed hackers to create attacks within the first 256 bytes of code that slip into networks under the radar." The upshot is that Cisco is pitching Flexible Packet Management (FPM), a technique it developed as a more effective way to block attacks than the deep packet inspection methods that are widely used.

I'm no expert, but something jumps out at me here. Indeed, it's implicit in the fact that Cisco is holding this seminar, and also that there are multiple packet-examination techniques extant, that we've got something of a packet-inspection arms race going on. Hackers are getting smarter and more focused in their attacks, and vendors have to jump through ever tighter hoops to protect their routers, firewall appliances, etc.

I think the "hoops" analogy is apt, because if the idea now is that the most successful attacks take place in the initial packets, this means that the network doesn't have much (any) time to get its act together. No lengthy analyses allowed; just cut to the chase and protect. Now.

OK, so let's do a short short on the two techniques at hand. Here's a brief description of deep packet inspection (DPI), from a 2005 article by Dr. Thomas Porter, in SecurityFocus. DPI, he notes, is performed in firewall applicances:

"[The] DPI engine scrutinizes each packet (including the data payload) as it traverses the firewall, and rejects or allows the packet based upon a ruleset that is implemented by the firewall administrator. The inspection engine implements the ruleset based upon signature-based comparisons, heuristic, statistical, or anomaly-based techniques, or some combination of these."

Alexander Wolfe was editor-in-chief of InformationWeek.com. In his two decades as a technology editor, he has written for Electronics Magazine, Byte.com, and TechWeb. He spent nine years at CMP's Electronic Engineering Times, where he wrote the "Wolfe's Den" column and broke ... View Full Bio
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
5
Have You Hugged Your Sysadmin Today?
Susan Fogarty, Editor in Chief,  7/25/2014
3
Cisco DevNet Focuses On Developers
Marcia Savage, Managing Editor, Network Computing,  7/21/2014
1
IT Budgets Up In 2015, Hiring Tepid
Robert Mullins 7/25/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed