Login
    Contents x
    Deep Packet Inspection
    • 13 Feb 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF
    Contents

    Deep Packet Inspection

    • Updated on 13 Feb 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF
    Article summary

    Alongside OS and App DLP controls, many organizations wish to implement additional inspection of network traffic to ensure compliance policies are not being circumvented.

    With Deep Packet Inpection (DPI), IT administrators are able to implement policies that filter traffic based upon the content being passed between the user's endpoint and services they are connecting to. Common policies include:

    • PII Data Flow: Detecting and blocking of sensitive information (credit card numbers, social security numbers, etc.)
    • Sensitive Data Exfiltration: Detecting and blocking the transmission of sensitive content to unauthorized cloud services or destinations.

    Deep Packet Inspection and Remote Browser Isolation can be used selectively on traffic, devices, or users to augment additional policy controls.

    Partner Subscription Required

    Jamf does not provide TLS decryption, which is required for deep packet inspection to be effective.

    To help customers achieve DPI in a high performance cloud-native way, Jamf has partnered with Cloudflare to deliver this capability to our shared customers.

    If you are not yet a Cloudflare customer and you would like to trial these capabilities, contact cloudflare@jamf.com.

    Prerequisites

    Deep Packet Inspection

    DPI allows for the inspection of HTTP and HTTPS traffic for the presence of sensitive data such as social security numbers and credit card numbers. DPI scans the entire HTTP body, which may include uploaded or downloaded Microsoft Office documents (Office 2007 and later), PDFs, chat messages, forms, and other web content. Visibility varies depending on the site or application. DPI does not scan non-HTTP traffic such as email, nor does it scan any traffic that is not configured to use Private Access and egress via your Cloudflare integration.

    Steps

    1. In Jamf Security Cloud, configure an Access policy to redirect domains for DPI to your Cloudflare egress tunnel
      • Specify domains or hostnames you would like to subject to Cloudflare DPI policies.
      • If you would like to subject all traffic that doesn't match another Jamf Access Policy, define * as the hostname to route all remaining traffic to Cloudflare
    2. Configure a DLP policy in your Cloudflare One portal.

    Examples

    API example convenience scripts:

    curl --request GET \
  --url https://api.cloudflare.com/client/v4/accounts/(accountid)/dlp/profiles \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer APITOKEN"

    curl --request POST \
  --url https://api.cloudflare.com/client/v4/accounts/{accountid}/gateway/rules \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer APITOKEN" \
  --data '{
  "action": "block",
  "description": "Test DPI API",
  "enabled": true,
  "filters": [
    "http"
  ],
  "name": "dlptest",
  "traffic": "any(dlp.profiles[*] in {\"DLPID\"})"
}'
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout