Scribd Logo
Upload

Welcome to Scribd!

  • 217 views

    (CCSP Self-Study) Context-Based Access Control (CBAC)

    Uploaded by

    huydvt01
    This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    (CCSP Self-Study) Context-Based Access Control (CBAC)

    Uploaded by

    huydvt01
    217 views4 pages
    This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

    Original Description:

    Original Title

    [CCSP Self-Study]Context-Based Access Control (CBAC)

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    217 views4 pages

    (CCSP Self-Study) Context-Based Access Control (CBAC)

    Uploaded by

    huydvt01
    This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    Context-Based Access Control (CBAC)

    Objective
     Define the Cisco IOS Firewall
     Define CBAC
     Configure CBAC with dynamips virtual lab

    Cisco IOS Firewall


    The Cisco IOS Firewall Feature Set is a suite of features for Cisco IOS routers that provide
    network protection on multiple level using following:

     CBAC (firewall)
     Authentication proxy
     Intrusion detection

    Define CBAC

     Packet are inspected entering the firewall by CBAC if they are not specifically denied by
    an ACL
     CBAC permit or denies specified TCP and UDP traffic through a firewall
     A state table is maintained with session information
     ACLs are dynamically created or deleted
     CBAC protects against DoS attacks

    Cisco Access Control List and Limitation

    Provide traffic filtering by:


     Source and destination IP address
     Source and destination ports
    Can be used to implement a filtering firewall
     Ports are opened permanently to allow traffic, creating a security vulnerability
     Do not work with applications that negotiate ports dynamically

    How CBAC works

    Example notes:
     A Client creates a telnet session with source port 2447 and destination port 23.
     Access-list permits TCP port 23 from Client to Server but block random port 2447 if the
    packet coming back.
     You cannot create an access-list to permanent open these random port because of
    Security so CBAC will have you to create a dynamic access-list.
    CBAC – supported protocols

    Context-Base Access Control (CBAC) virtual lab

    Topology & Objectives


    HQ WAN Branch

    WAN Router
    HQ Router Branch router
    .2 30.1.1.x/24 .1 .1 30.2.2.x/24 .2
    F0/0 F0/0 F0/1 F0/0

    F0/1 .1

    .3 Web Server

    10.10.0.x/24

    Simulate Topology
    Start-up Configuration
     BGP routing protocol between 3 routers
     IP nat static webserver (10.10.0.3) to public IP (30.1.1.3) on HQ router
     All username or password: cisco/cisco123

    Configuration Task
    Configure Access-List permit BGP protocol and Telnet from inside to outside. Deny
    other traffic.

    Download Simulated File & Document


    Dynamic net file and running config: http://www.mediafire.com/?j9i2ymkjzv8w7v2

    PDF version of this topic:

    You might also like