What Does CBAC Inspect?


A number of applications use multiple ports to exchange data. You are surely familiar with the HTTP protocol, which uses port 80. The client transmits data from a randomly chosen higher-level port to the HTTP server's port 80. The HTTP server sources traffic from port 80 to whatever higher-level port the user initiated a connection from.

However, applications such as FTP and H.323 use more than one port. One port is used for a control channel, and another port is used for a data channel. To further complicate issues, some applications might redirect a user to an entirely different IP address for a data connection. An application might also redirect a user to an entirely different port to set up a control channel. Additionally, multiple protocols might be used along with multiple data channels.

Wow, CBAC must track a lot of information. And CBAC does so by inspecting and monitoring session traffic.

graphics/alert_icon.gif

CBAC inspects and monitors the control channels of sessions. CBAC only monitors the data channels of sessions.


Protocols Supported by CBAC

CBAC must be told what protocols and applications to inspect. If you do not specify a protocol or applications, CBAC does not inspect the unspecified protocol or applications. For example, if you configure CBAC inspection for SMTP but not CBAC inspection for TCP, CBAC inspects SMTP only and not generic TCP sessions. If it does not perform the inspection, CBAC does not populate the state table entries or create dynamic ACEs.

If you configure CBAC to inspect nonspecific TCP or UDP traffic, then all TCP or UDP single-channel session traffic is inspected. CBAC can also inspect specific application layer protocols, including some multichannel protocols. Currently, CBAC inspects the following protocols in addition to generic TCP and UDP:

  • FTP

  • H.323

  • Java

  • Microsoft NetShow

  • Microsoft Remote Procedure Call (RPC)

  • Sun RPC

  • Real-Time Streaming Protocol (RTSP)

  • SMTP

  • SQL*Net

  • Stream Works

  • Trivial File Transfer Protocol (TFTP)

  • Unix R commands

  • VDO Live



CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net