Okay, this week got 2 topics to post on. Access Control Lists and Context-based Access Control.
For Access Control List, here is my info:
Access Control List (ACL) are implemented in routers through the "access-list" command. ACLs are basically packet-classifying mechanisms that define the permissions of network traffic when it is applied to a particular router network.
They can appear in different forms, which is standard and extended access-lists. The difference between these two is that standard access-lists are defined to permit or deny an IP addresses or a range of IP addresses. Whereas extended access-lists define both a source and a destination IP address or IP address range. Extended access-lists can also be defined to permit or deny packets based on TCP, UDP, or ICMP
In summary, the factors that the lists can permit or deny are..
Standard Access-List : 1 IP Address or a Range of IP Addresses.
Extended Access-List : Source & Destination IP Address, TCP, UDP or ICMP and destination port number.
The access-list is only checked after a packet moves in or out of a router interface, other than that, its different from the routing functions of the router.
Having any undefined access-list means that the router would still act as though no access-list has been implemented and accepts all packets.
MOVING ON
__________________________________________________________________________________
Context Based Access Control (CBAC)
CBAC inspects the packets that enter through the firewall only if they are not specifically denied by an ACL. CBAC permit or denies specified TCP and UDP traffic through a firewall.
CBAC actually dynamically creates and deletes ACLs, and it also protects against DoS attacks.
Here's the situation
1) Packet traffic is inspected by CBAC.
2) CBAC creates a dynamic ACL that allows return traffic back through the firewall.
3) It continues to inspect the traffic and create and delete ACLs as required by the application, in addition to monitoring and protecting against application-specific attacks
4) CBAC detects when the application terminates or times out and removes ALL ACLs for that particular session.
Another example would be this:
1) User starts a telnet session
2) Return traffic for user's telnet session is permitted
3) Other telnet traffic is blocked.
CBAC is like the bouncer at a disco party where only invited people can go in.
It dynamically opens holes in the firewall so that invited traffic can pass through.
Many protocols support CBAC, and I would only name a few here.
TCP (Single channel)
UDP (Single channel)
RPC
FTP
TFTP
Unix R-commands
SMTP
HTTP (Java blocking)
and many many more!
CBAC also has other features like generating real-time alerts and audit trails.
Audit trails features use Syslog to track all network transactions.
No comments:
Post a Comment