Context-based access control

Context-based access control: Context-based access control (CBAC) intelligently filters TCP and UDP packets based on application layer protocol session information and can be used for intranets, extranets and internets. CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection. (In other words, CBAC can inspect traffic for sessions that originate from the external network.) However, while this example discusses inspecting traffic for sessions that originate from the external network, CBAC can inspect traffic for sessions that originate from either side of the firewall. This is the basic function of a stateful inspection firewall.

Without CBAC, traffic filtering is limited to access list implementations that examine packets at the network layer, or at most, the transport layer. However, CBAC examines not only network layer and transport layer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session. This allows support of protocols that involve multiple channels created as a result of negotiations in the FTP control channel. Most of the multimedia protocols as well as some other protocols (such as FTP, RPC, and SQL*Net) involve multiple control channels.

CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network).

CBAC does the deep packet inspection and hence it is termed to be a IOS Firewall.

CBAC also provides the following benefits:

Denial-of-Service prevention and detection

Real-time alerts and audit trails

See also

Role hierarchy

Role-Based Access Control

Cisco Secure Integrated Software

v · d · eFirewall software

Application firewall · Context-based access control · Personal firewall · Stateful firewall · Unified threat management · Virtual firewall

Windows

Commercial

Check Point Integrity · Jetico Personal Firewall · Kaspersky Internet Security · McAfee Personal Firewall Plus · Microsoft Forefront Threat Management Gateway · Norton 360 · Norton Personal Firewall · Norton Internet Security · Online Armor Personal Firewall · Outpost Firewall Pro · Sunbelt Personal Firewall · Symantec Endpoint Protection · Windows Firewall · Windows Live OneCare · WinGate · WinRoute · ZoneAlarm

Freeware

Comodo Internet Security · Online Armor Personal Firewall · PC Tools Firewall Plus · ProtoWall · ZoneAlarm

Open-source

PeerBlock · PeerGuardian

Mac OS X
NetBarrier X4 · VirusBarrier X6 · PeerGuardian

Unix-like
Arptables · ClearOS · Endian Firewall · FireHOL · Firestarter · IPCop · IPFilter · IPFire · ipfirewall · iplist · iptables · L7-filter · M0n0wall · MoBlock · Netfilter · NuFW · PF · pfSense · Sentry Firewall · Shorewall · SmoothWall · Untangle · Zentyal · Zeroshell

Appliances
Novell BorderManager · Vyatta · ZoneAlarm Z100G · Zorp firewall

Comparison of firewalls · List of router or firewall distributions

This computer networking article is a stub. You can help Wikipedia by expanding it.

Academic Dictionaries and Encyclopedias

Context-based access control

See also

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Context-based access control

See also

Look at other dictionaries:

Share the article and excerpts

Direct link