We have not discussed the use of nonstandard application port numbers . It was common for companies to use port 8080 for HTTP instead of the standard port 80. Other applications allow for the use of nonstandard ports, such as FTP, SMTP, and Telnet. However, CBAC expects traffic to be on standard application ports, and it does not inspect applications that use nonstandard ports. Obviously, that is not good. The Cisco solution is PAM.
|