NAT translates these private IP addresses into legal
registered addresses as packets traverse through the NAT device. This provides a basic low-level security
by effectively hiding the internal network from the outside world.
Zone-Based Policy Firewall (ZFW): ZFW is a new enhanced security tool available in the Cisco IOS
Software-based firewall feature set. ZFW offers a completely revamped configuration syntax that offers
network protection that uses intuitive policies and increased granularity to control unauthorized network
access.
Several other security solutions are available on Cisco IOS. These include Lock-and-Key, Reflexive access list,
TCP Intercept, IPsec, and AAA support. This chapter focuses primarily on the CBAC and ZFW solutions available
in the IOS Firewall feature set.
Context-Based Access Control (CBAC)
CBAC is the Cisco IOS Firewall feature set??”an advanced firewall engine that provides traffic-filtering
functionality and can be used as an integral part of the network. The main features of CBAC include the
following:
CBAC protects internal networks from external intrusion.
CBAC provides denial of service (DoS) protection.
CBAC provides a per-application control mechanism across network perimeters.
Pages:
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213