Context-based access control

Context-based access control (CBAC) is a feature of

application layer protocol session information. It can be used for intranets, extranets and internets.^[1]

CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection. (In other words, CBAC can inspect traffic for sessions that originate from the external network.) However, while this example discusses inspecting traffic for sessions that originate from the external network, CBAC can inspect traffic for sessions that originate from either side of the firewall. This is the basic function of a stateful inspection firewall.^[2]

Without CBAC, traffic filtering is limited to

FTP connection information) to learn about the state of the TCP or UDP session.^[3]

This allows support of protocols that involve multiple channels created as a result of negotiations in the FTP control channel. Most of the multimedia protocols as well as some other protocols (such as FTP, RPC, and SQL*Net) involve multiple control channels.

CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network).

CBAC works through deep packet inspection and hence Cisco calls it 'IOS firewall' in their Internetwork Operating System (IOS).

CBAC also provides the following benefits:

Denial-of-service
prevention and detection
Real-time alerts and audit trails

References

^ "Context-Based Access Control". TechTutsOnline. 2015-09-11. Retrieved 2019-05-22.
^ "Context-Based Access Control (CBAC): Introduction and Configuration". Cisco. Retrieved 2019-05-22.
^ "Context-Based Access Control (CBAC)". Danscourses. 2012-03-09. Archived from the original on 2017-03-27. Retrieved 2019-05-22.

This computer networking article is a stub. You can help Wikipedia by expanding it.

[1] "Context-Based Access Control". TechTutsOnline. 2015-09-11. Retrieved 2019-05-22.

[2] "Context-Based Access Control (CBAC): Introduction and Configuration". Cisco. Retrieved 2019-05-22.

[3] "Context-Based Access Control (CBAC)". Danscourses. 2012-03-09. Archived from the original on 2017-03-27. Retrieved 2019-05-22.

[1]

[2]

[3]

See also

References