In conventional access list filtering, this packet would be allowed
because it would check only the Layer 3 and Layer 4 information in the packet. With CBAC packet inspection,
the packet is further examined for known SMTP operations as per RFC standards, and any noncompliance
operation (illegal commands) in the payload is blocked.
Figure 5-1. Application-Aware Traffic Inspection
[View full size image]
Based on this inspection method, several types of network attacks that use the embedding technique to pass
malicious traffic encapsulating in known application protocol packets can be prevented.
Alerts and Audit Trails
In addition to traffic inspection, CBAC can generate real-time event alerts and audit trails for all the session
information maintained in the state table. The enhanced audit trail feature uses SYSLOG to track all network
transactions, recording information such as source/destination host addresses, ports used, and the total number
of transmitted bytes with time stamps. This information can be valuable for advanced session-based reporting,
anomaly identification, or the charting of network baselines. For any suspicious activity, CBAC can send realtime
event alerts using SYSLOG notification messages to a management console.
Pages:
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216