CBAC can be used to inspect packets that are entering the
firewall if they are not specifically denied by an ACL. CBAC is used to permits
or denies specific TCP and UDP traffic through the use of a firewall. A state
table is maintained with session information. CBAC can also protect against DoS
attacks.
Without CBAC, traffic filtering is limited to access list
implementations that examine packets at the network layer, or at most, the
transport layer. However, CBAC examines not only network layer and transport
layer information but also examines the application-layer protocol information
(such as FTP connection information) to learn about the state of the TCP or UDP
session. This allows support of protocols that involve multiple channels
created as a result of negotiations in the FTP control channel. Most of the
multimedia protocols as well as some other protocols (such as FTP, RPC, and
SQL*Net) involve multiple control channels.
This is the steps to configure CBAC:
Step 1: Set audit trails and alerts.
Step 2: Set global timeouts and thresholds.
Step 3: Define Port-to-Application Mapping (PAM)
Step 4: Define inspection rules.
Step 5: Apply inspection rules and also ACLs to interfaces.
Step 6: Test and then verify.
Great post you've got here! Interesting information and its educational. It's a good thing you listed down the steps to configure CBAC. However, it can be much more interesting if you've included pictures. Nonetheless, good job!
ReplyDelete