Context-Based Access Ascendancy (CBAC)
CBAC is the Cisco IOS Firewall affection set—an avant-garde firewall agent that provides traffic-filtering
functionality and can be acclimated as an basic allotment of the network. The capital appearance of CBAC accommodate the
following:
CBAC protects centralized networks from alien intrusion.
CBAC provides abnegation of account (DoS) protection.
CBAC provides a per-application ascendancy apparatus beyond arrangement perimeters.
CBAC examines the carriage layer, arrangement layer, and upper-layer application-protocol information,
keeping clue of the flows and the accompaniment of anniversary affair (for example, HTTP, Simple Mail Transfer Protocol
(SMTP), and FTP).
CBAC maintains accompaniment advice for every affiliation casual through the firewall in a affair table (also
called the accompaniment table). The affiliation advice from the accompaniment table is acclimated to accomplish intelligent
decisions about whether packets should be acceptable or denied, thereby dynamically creating temporary
openings in the firewall.
CBAC generates real-time accident alerts and assay trails. Alerts and assay aisle advice can be configured
on a per-application agreement basis.
Upon audition apprehensive activity, the real-time accident active affection sends SYSLOG absurdity letters to
central administration consoles for notification.
Enhanced assay aisle appearance use SYSLOG to clue all arrangement affairs acclimated for beforehand assay and
reporting.
Note
CBAC is actuality replaced with the new ZFW agreement archetypal in the new Cisco IOS Software releases.
ZFW will additionally be covered in this chapter. All new appearance will be offered in the new ZFW configuration
model. There is no end-of-life plan (as of this writing) for CBAC, but there will be no new appearance added
into CBAC.