Cisco: Flexible packet matching technology is the key to network security

Cisco held a network lecture entitled "define your router with 256 or fewer bytes". The subject of this lecture is: "the accuracy and performance improvement of network security products forces hackers to successfully launch attacks in the first 256 bytes of the Code, so that they can easily intrude into the network without being noticed ". As a result, Cisco developed a technology named Flexible Packet Management (FPM), which is more widely used than Deep Packet Inspection) this method effectively blocks hacker attacks.

I am not an expert, but I think of some related questions. Indeed, Cisco held this network lecture for an implicit purpose, and now there are many packet detection technologies, and fierce competition from vendors in the packet detection field. Hackers are becoming smarter and gradually upgrade their network attacks. manufacturers are also stepping up protection for routers and firewall applications.

If the original data packet suffers the most successful attack, this means that the network does not have time to combine these actions. In this case, tedious analysis is not allowed, and only immediate tracing and protection can be performed.

Let's take a brief look at the two existing technologies. Dr. Thomas Porter briefly described Deep Packet detection technology in an article entitled SecurityFocus in 2005. He pointed out that deep packet detection is performed in firewall applications:

"The DPI engine detects each packet that passes through the firewall (including the payload) and rejects or permits packet passing through based on a set of rules set by the firewall administrator. The Deep Packet detection engine executes these Rule Sets Based on signature comparison, testing, data, or irregular technologies ."

Cisco's explanation of flexible package matching is as follows:

"Flexible packet matching (FPM) is the next generation of read Control List pattern matching tool, and is a more comprehensive and customized package filter ...... FPM is very useful because it allows users to create their own stateless package classification standards and define rules based on multiple actions to quickly block the latest viruses, Trojans, and attacks ."

Finally, I would like to point out that, no matter which method you use, packet detection is a fast-changing field. On the other hand, no technology can protect all data. At the same time, the more detection and analysis you do, the more complex performance you add to the network. Unfortunately, these strict protection restrictions are used by those who are looking for something wrong. That is to say, the security challenges in the future will become increasingly serious.