The CBAC would inspect packets not denied specifically by any ACLs and then permits or denies such TCP or UDP traffic. A state table would then be maintained by associating new connection requests with existing legitimate connections. As such, since packets are filtered thoroughly, illegitimate connections would not be able to connect easily and hence, preventing DoS attacks.
The advantages of using CBAC is that it is able to generate real time audit trails and alerts. The audit trails are a feature of Syslog that monitors all ongoing network transactions and hence, with CBAC, alerts and audit trail information can be configured on a per-application protocol basis.
How a CBAC works can be explained in the following images:
A summary of the pictures would be that CBAC monitors all incoming and outgoing traffics and is also able to dynamically or automatically create new ACL rules, i.e. allowing return traffic back to the firewall. Furthermore, it also detects when an application ends/ times out and removes all the dynamic ACLs associated with that application. The second image is mainly showing that a user would have packets from both his source and destination IP addresses permitted to enter through the firewall while blocking other traffic.
No comments:
Post a Comment