About: Context-based access control

An Entity of Type: work, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Context-based access control (CBAC) is a feature of firewall software, which intelligently filters TCP and UDP packets based on application layer protocol session information. It can be used for intranets, extranets and internets. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network).

Property Value
dbo:abstract
  • Als Context-Based Access Control (CBAC) bezeichnet man in der Netzwerktechnik einen intelligenten Filter für TCP- und UDP-Pakete zur Zugriffssteuerung und -kontrolle auf Dateien oder Dienste, der verbindungsspezifische Protokoll-Informationen („stateful“) auf der OSI-Modell-Anwendungsschicht (Schicht 7) verwendet. Im Gegensatz zum RBAC-Verfahren kann CBAC kontextabhängig, etwa in Abhängigkeit vom anfragenden Netzwerk, agieren. Ein Netzwerkfilter ohne CBAC ist auf die Prüfung von Datenpaketen der Vermittlungsschicht (Schicht 3) bzw. höchstens der Transportschicht (Schicht 4) sowie die Verarbeitung von Zugriffssteuerungslisten beschränkt. Allerdings untersucht CBAC nicht nur diese Ebenen, sondern auch die Informationen des Anwendungsschicht-Protokolls (z. B. FTP-Verbindungs-Informationen). Dies ermöglicht die Unterstützung von Protokollen, bei denen mehrere Kanäle als Ergebnis der Verhandlungen mit dem Kontroll-Kanal erstellt werden. Die meisten der Multimedia-Protokolle sowie einige andere Protokolle (z. B. FTP, RPC- und SQL * Net) umfassen mehrere Kanäle. CBAC bietet außerdem die folgenden Vorteile: * Denial-of-Service-Prävention und Detektion * Echtzeit-Warnungen (de)
  • Context-based access control (CBAC) is a feature of firewall software, which intelligently filters TCP and UDP packets based on application layer protocol session information. It can be used for intranets, extranets and internets. CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network needing protection. (In other words, CBAC can inspect traffic for sessions that originate from the external network.) However, while this example discusses inspecting traffic for sessions that originate from the external network, CBAC can inspect traffic for sessions that originate from either side of the firewall. This is the basic function of a stateful inspection firewall. Without CBAC, traffic filtering is limited to access list implementations that examine packets at the network layer, or at most, the transport layer. However, CBAC examines not only network layer and transport layer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session. This allows support of protocols that involve multiple channels created as a result of negotiations in the FTP control channel. Most of the multimedia protocols as well as some other protocols (such as FTP, RPC, and SQL*Net) involve multiple control channels. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network). CBAC works through deep packet inspection and hence Cisco calls it 'IOS firewall' in their Internetwork Operating System (IOS). CBAC also provides the following benefits: * Denial-of-service prevention and detection * Real-time alerts and audit trails (en)
dbo:wikiPageID
  • 2004122 (xsd:integer)
dbo:wikiPageLength
  • 3832 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID
  • 1060665718 (xsd:integer)
dbo:wikiPageWikiLink
dbp:wikiPageUsesTemplate
dcterms:subject
gold:hypernym
rdf:type
rdfs:comment
  • Als Context-Based Access Control (CBAC) bezeichnet man in der Netzwerktechnik einen intelligenten Filter für TCP- und UDP-Pakete zur Zugriffssteuerung und -kontrolle auf Dateien oder Dienste, der verbindungsspezifische Protokoll-Informationen („stateful“) auf der OSI-Modell-Anwendungsschicht (Schicht 7) verwendet. Im Gegensatz zum RBAC-Verfahren kann CBAC kontextabhängig, etwa in Abhängigkeit vom anfragenden Netzwerk, agieren. CBAC bietet außerdem die folgenden Vorteile: * Denial-of-Service-Prävention und Detektion * Echtzeit-Warnungen (de)
  • Context-based access control (CBAC) is a feature of firewall software, which intelligently filters TCP and UDP packets based on application layer protocol session information. It can be used for intranets, extranets and internets. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network). (en)
rdfs:label
  • Context-Based Access Control (de)
  • Context-based access control (en)
owl:sameAs
prov:wasDerivedFrom
foaf:isPrimaryTopicOf
is dbo:wikiPageDisambiguates of
is dbo:wikiPageRedirects of
is dbo:wikiPageWikiLink of
is foaf:primaryTopic of
Powered by OpenLink Virtuoso    This material is Open Knowledge     W3C Semantic Web Technology     This material is Open Knowledge    Valid XHTML + RDFa
This content was extracted from Wikipedia and is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License