Deep Packet Inspection in the Cloud
When looking at network traffic in a very simplified way, network packets are made up of headers and data (or code). While the headers are mostly used to direct the traffic to the right destination in the right manner, the data inside the packet is the reason the traffic exists in the first place.
For instance, imagine an SQL query to update a database record on a server. The headers within the many OSI layers of the packet make sure the data inside arrives at the listening port of the SQL database server, where the application takes over and processes the SQL query (the data) itself.
Traditional security controls such as firewalls relied heavily on these headers in order to filter out malicious content, think of IP addresses and ports being blocked. Modern security tools, such as most Intrusion Detection and Prevention Systems and next-generation or application layer firewalls, inspect the data part of the network packets in order to determine the contents. That earlier-mentioned SQL query, for instance, could be malicious and could intend to drop an entire database or return its passwords, requiring it to be blocked, instead of successfully delivered for processing. Other packets might contain malware or shellcode which needs to be correctly identified and actioned.
This technology is called Deep Packet Inspection (DPI), and although it comes with some processing and latency costs, it is an essential part of a secure environment.
Why in the Cloud?
Many cloud services are accessible to the entire Internet, after all, and an important driver for cloud migrations is the improved accessibility of the systems. This means cloud servers and applications are regularly attacked using a very broad range of methods from anywhere on the globe. Deep Packet Inspection is essential in keeping the bad traffic out but letting (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Frank Siemons. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/2NRKe9XrWNc/