Cisco IOS Firewall Context-Based Access Control
Context-based Access Control (CBAC)

Context-based Access control (CBAC) intelligently filters TCP and UDP packets based on application-layer protocol session information. CBAC can inspect traffic for sessions that originate on any interface of the router. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the ACLs that are configured on the router. These temporary openings allow return traffic and additional data connections for permissible sessions.

Inspecting packets at the application layer and maintaining TCP and UDP session information provides CBAC with the ability to detect and prevent certain types of network attacks, such as SYN flooding. CBAC also inspects packet sequence numbers in TCP connections to see if they are within expected ranges. CBAC drops any suspicious packets. Additionally, CBAC can detect unusually high rates of new connections and issue alert messages. CBAC inspection can help protect against certain denial of service (DoS) attacks involving fragmented IP packets .


Interactive Media Activity

Demonstration Activity: Cisco IOS Firewall versus PIX Security Appliance

In this activity, students will compare the Cisco IOS Firewall to the PIX Security Appliance.

Interactive Media Activity

Demonstration Activity: Corporate Extranet

In this activity, students will examine the corporate Extranet.

Interactive Media Activity

Demonstration Activity: Corporate Internet Perimeter

In this activity, students will examine the corporate Internet perimeter.

Interactive Media Activity

Demonstration Activity: Corporate Intranet

In this activity, students wil examine the corporate Intranet.

Interactive Media Activity

Demonstration Activity: Regional/Branch Office Perimeter

In this activity, students will examine the regional/branch office perimeter.

Interactive Media Activity

Demonstration Activity: Telecommuter/Home Office

In this activity, students will examine the telecommuter/home office.

Web Links