Difference between revisions of "Netband Project - IOS firewall"
From Teknologisk videncenter
(→Context Based Access Control (CBAC)) |
(→Context Based Access Control (CBAC)) |
||
| Line 9: | Line 9: | ||
*creates temporary openings in the return acl to allow traffic back in. | *creates temporary openings in the return acl to allow traffic back in. | ||
[[Image:Netband-cbac.jpg|thumb|none|600px|CBAC]] | [[Image:Netband-cbac.jpg|thumb|none|600px|CBAC]] | ||
| + | ===Configuration=== | ||
| + | <pre> | ||
| + | |||
| + | </pre> | ||
==Intrusion Detection Protection (IDS)== | ==Intrusion Detection Protection (IDS)== | ||
Revision as of 09:17, 27 April 2009
<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project
Contents
Context Based Access Control (CBAC)
- filters TCP and UDP packets based on application-layer protocol session information.
- more flexible than access control lists, that checks packets at the network layer, or at most, the transport layer
- inspects packet sequence numbers in TCP connections
- detects unusually high rates of new connections and issue alert messages.
- creates temporary openings in the return acl to allow traffic back in.
