IOS IPS is an inline intrusion detection sensor that scans packets and
sessions flowing through the router to identify any of the Cisco IOS IPS signatures that protect the
network from internal and external threats.
Authentication proxy: The authentication proxy feature (also known as Proxy Authentication) allows
security policy enforcement on a per-user basis. Earlier, user access and policy enforcement was
associated with a user's IP address or a single global policy applied to an entire user group. With the
authentication proxy feature, users can now be authenticated and authorized on a per-user policy with
access control customized to an individual level.
Port-to-Application Mapping (PAM): PAM allows you to customize TCP or User Datagram Protocol
(UDP) port numbers for network services or applications to nonstandard ports (for example, HTTP service
using TCP port 8080 instead of the default port 80). CBAC inspection leverages this information to
examine nonstandard application-layer protocols.
Network Address Translation (NAT): NAT hides internal IP addresses from networks that are external
to the firewall. NAT was designed to provide IP address conservation and for internal IP networks that use
the unregistered private address space per RFC 1918.
Pages:
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212