CBAC Functions
CBAC provides networkwide protection by using the following functions:
Traffic filtering
Traffic inspection
Alerts and audit trails
Traffic Filtering
CBAC is a software-based firewall feature that offers dynamic traffic filtering capabilities to filter TCP and UDP
packets based on upper-layer application protocols such as HTTP, SMTP, and FTP to name a few. For CBAC to
function, the network must be divided in two logical segments: "trusted or protected" and "untrusted or
unprotected." The principal of CBAC traffic filtering is to allow any traffic that originates from the trusted
network and goes out to the untrusted network through the firewall.
Traffic Inspection
CBAC inspects traffic that traverses through the firewall and manages state information for all the TCP and UDP
sessions. This state information is used to create temporary openings through the firewall to allow return traffic
and additional data connections for permissible sessions.
With the application-level awareness, CBAC maintains TCP and UDP connections, which provide all the necessary
information to perform deep packet inspection in the data payload for any malicious activity. For example, as
shown in Figure 5-1, an intruder could craft a malicious, unauthorized, non-SMTP activity packet encapsulated
in an SMTP packet destined on TCP port 25.
Pages:
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215