Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems UBR900 Firewall, NetRanger Support-IOS Intrusion Detection, Security Features

Models: UBR900

1 138
Download 138 pages 43 b
Page 17
Image 17

Security Features

Firewall

Cisco uBR900 series cable access routers act as buffers between any connected public and private networks. In firewall mode, Cisco cable access routers use access lists and other methods to ensure the security of the private network.

Cisco IOS firewall-specific security features include:

Context-based Access Control (CBAC). This intelligently filters TCP and UDP packets based on the application-layer protocol. Java applets can be blocked completely, or allowed only from known and trusted sources.

Detection and prevention of the most common denial of service (DoS) attacks such as ICMP and UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and deliberate mis-fragmentation of IP packets.

Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP, HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.

Authentication Proxy for authentication and authorization of web clients on a per-user basis.

Dynamic Port Mapping. Maps the default port numbers for well-known applications to other port numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree of control over which users can access different applications.

Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles. When an intrusion is detected, IDS can either send an alarm to a syslog server or to a NetRanger Director, drop the packet, or reset the TCP connection.

User-configurable audit rules.

Configurable real-time alerts and audit trail logs.

For additional information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog, or refer to the sections on Traffic Filtering and Firewalls in the Security Configuration Guide and Security Command Reference available on Cisco Connection Online (CCO) and the Documentation CD-ROM.

NetRanger Support—IOS Intrusion Detection

NetRanger is an Intrusion Detection System (IDS) composed of three parts:

A management console (director) that is used to view the alarms as well as to manage the sensors.

A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect misuse of the network. This is usually in the form of scanning for vulnerabilities or for attacking systems. When a signature is matched, the sensor can track certain actions. In the case of the appliance sensor, it can reset (via TCP/rst) sessions, or enable “shuns” of further traffic. In the case of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.

Communications through automated report generation of standardized and customizable reports and QoS/CoS monitoring capabilities.

Configuring the Cisco uBR900 Series Cable Access Routers 17

Page 16 Page 18
Page 17
Image 17
Cisco Systems UBR900 specifications Firewall, NetRanger Support-IOS Intrusion Detection, Security Features
Page 16 Page 18