Stateful Packet Inspection (SPI)
What is a SPI firewall?
SPI is a basic firewalling feature that is included in standard DSL routers (e.g. SpeedTouch routers).
How does SPI work?
SPI works at the network layer by examining a packet's header and footer in addition to ensuring the packet belongs to a valid session.
- When an IP packet arrives at the firewall from the Internet the firewall decides if it should be forwarded to the internal network.
- To do this the firewall inspects the packet to see what connections have been opened from the inside of the network to the Internet.
- If there is a connection open that applies to the packets that have arrived from the Internet then it will be let through – otherwise it will be rejected.
- So instead of permitting any host program to send any kind of traffic on port 80 it ensures it belongs to a current, open session, it looks at the source and destination IP addresses as well as the source and destination ports to make this decision.
How Secure is SPI?
This type of security simply controls incoming traffic, and wouldn't be able to prevent attacks from innocuous Web browsing, spyware, adware, trojans etc.
Deep Packet Inspection (DPI)
What is a DPI firewall?
DPI is an intelligent firewalling feature that forms part of the integrated security suite of a UTM firewall (e.g. FortiGate firewalls).
How does DPI work?
As well as looking at the header, footer, source and destination of incoming packets, DPI also examines the data part of the packet, searching for illegal statements and pre-defined criteria and making a decision on whether or not to let it through based on the content.
- DPI combines signature-matching technology with analysis of the data in order to determine the impact of that communication stream.
- DPI takes the incoming packets apart, examines the data, comparing with set criteria, and then re-assembles the packet.
- The ASIC chip in the FortiGate firewall allows this type of firewalling to be done quickly, efficiently and without degrading the speed of network traffic. Router and software firewalls simply do not have the necessary power to perform this level of deep packet inspection.
How Secure is DPI?
This type of security will guard against attacks from trojans, spyware, and malware etc. which are increasingly common and are obtained through seemingly innocuous Web browsing by end-users.
A firewall of any description is a must for any user connecting to the Internet.
However, for a truly effective platform a dedicated hardware firewall with DPI provides the best all-round solution and goes a long way to securing networks from the more sophisticated and damaging Internet threats.
Want to find out more?
To discuss your managed security requirements further please call us on 0845 058 9000.