Web Filtering and Deep Packet Inspection Artyom Churilin

Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011

Web filtering & DPI • Web filtering (content control) is a way control what content is permitted to a user. • Deep Packet Inspection (DPI) is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information.

Web filtering types • Client-side filters (Cyber-Nanny) • Content-limited or filtered ISPs • Server side-filters, proxies (Squid), traffic shapers • Specialized hardware/software (commercial off the shelf solutions)

Specialized systems: • Websense • Mc. Afee Smart Filter • Netsweeper

Web filtering techniques • • • IP URL Keyword File type Database (site categorization)

Websense categories

Mc. Afee Smart. Filter Categories

Web filtering use • Parental control (block adult content from minors) • Content control (i. e. ISP blocking child abuse) • Corporate environment, public libraries • Commercial solutions

Deep Packet Inspection

DPI • DPI has functionality of Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and stateful firewall • Advanced defense from threats • More effective than DPI, DPS and FW • Policies on many layers 3 -7 OSI

Symantec describes DPI • Deep Packet Inspection promises to enhance firewall capabilities by adding the ability to analyze and filter SOAP and other XML messages, dynamically open and close ports for Vo. IP application traffic, perform in-line AV and spam screening, dynamically proxy IM traffic, eliminate the bevy of attacks against Net. BIOS-based services, traffic-shape or do away with the many flavors of P 2 P traffic (recently shown to account for ~35% of internet traffic), and perform SSL session inspection

Use of DPI • • Network management Network security “Lawful intercept” Statistical data for network planning

Misuse of DPI Commercial Propaganda Governments (Censorship) Communist regimes (Censorship, disinformation) • Autocratic regimes (Censorship, disinformation) • Finding political dissidents • •

JUNE 22, 2009 Wall street journal online: Iran's Web Spying Aided By Western Technology • Nokia Siemens • The monitoring center that Nokia Siemens Networks sold to Iran was described in a company brochure as allowing "the monitoring and interception of all types of voice and data communication on all networks. "

NOVEMBER 15, 2010 FORBES. COM: Nokia Siemens Denies Lingering Ties To Iran Surveillance

FEBRUARY 11, 2010 BBC: MEPs condemn Nokia Siemens 'surveillance tech' in Iran Google says its Gmail traffic has dropped sharply in Iran Nokia Siemens told BBC News that it had provided "very basic surveillance" capabilities to Iran Telecom in 2008. The product is called Monitoring Centre and can be used to monitor local telephone calls.

Open. Net initiative • The Open. Net Initiative has documented network filtering of the Internet by national governments in over forty countries worldwide. • Filtering is particularly appealing to governments as it allows them to control content not published within their national borders.

Pros of DPI • Deep Packet Inspection is a promising technology in that it may help to solve security and many other problems.

Cons of DPI • DPI adds complexity to an already complicated solution - firewalls, IDSs, session border controllers, and honeypots/nets etc… • DPI is a powerful technology and is currently insufficiently regulated by law. If unethically and illegally used can bring awful consequences.

https: //www. accessnow. org/page/s/n otonokia

Treedriver. com • in Iran, you could not access postimees bbc cnn facebook only Slõhtuleht