CBAC inspection leverages this information to
examine nonstandard application-layer protocols.
Network Address Translation (NAT): NAT hides internal IP addresses from networks that are external
to the firewall. NAT was designed to provide IP address conservation and for internal IP networks that use
the unregistered private address space per RFC 1918. NAT translates these private IP addresses into legal
registered addresses as packets traverse through the NAT device. This provides a basic low-level security
by effectively hiding the internal network from the outside world.
Zone-Based Policy Firewall (ZFW): ZFW is a new enhanced security tool available in the Cisco IOS
Software-based firewall feature set. ZFW offers a completely revamped configuration syntax that offers
network protection that uses intuitive policies and increased granularity to control unauthorized network
access.
Several other security solutions are available on Cisco IOS. These include Lock-and-Key, Reflexive access list,
TCP Intercept, IPsec, and AAA support. This chapter focuses primarily on the CBAC and ZFW solutions available
in the IOS Firewall feature set.
Chapter 5. Cisco IOS Firewall
Security is no longer a straightforward product or technology enabler, but a core system in a network design.
Pages:
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208