Filter
Top Products
Configuring Subscriber-End Broadband Access Router Features
Subscriber-End Broadband Access Router Security Features
MC-624
Cisco IOS Multiservice Applications Configuration Guide
Triple Data Encryption Standard
DES is a standard cryptographic algorithm developed by the United States National Bureau of Standards.
The Triple DES (3DES) Cisco IOS software release images increase the security from the standard 56-bit
IPSec encryption to 168-bit encryption, which is used for highly sensitive and confidential information
such as financial transactions and medical records.
Firewall
Cisco uBR900 series cable access routers act as buffers between any connected public and private
networks. In firewall mode, Cisco cable access routers use access lists and other methods to ensure the
security of the private network.
Cisco IOS firewall-specific security features include the following:
• Context-based Access Control (CBAC). This intelligently filters TCP and UDP packets based on the
application-layer protocol. Java applets can be blocked completely, or allowed only from known and
trusted sources.
• Detection and prevention of the most common denial of service (DoS) attacks such as ICMP and
UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and
deliberate misfragmentation of IP packets.
• Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP,
HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.
• Authentication Proxy for authentication and authorization of web clients on a per-user basis.
• Dynamic Port Mapping. Maps the default port numbers for well-known applications to other port
numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree
of control over which users can access different applications.
• Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles.
When an intrusion is detected, IDS can either send an alarm to a syslog server or to a NetRanger
Director, drop the packet, or reset the TCP connection.
• User-configurable audit rules.
• Configurable real-time alerts and audit trail logs.
For additional information, see the Cisco IOS Firewall Feature Set description in the Cisco Product
Catalog, or refer to the sections on traffic filtering and firewalls in the Cisco IOS Security Configuration
Guide and Cisco IOS Security Command Reference available on CCO and the Documentation CD-ROM.
NetRanger Support—Cisco IOS Intrusion Detection
NetRanger is an Intrusion Detection System (IDS) composed of the following three parts:
• A management console (director), used to view the alarms and to manage the sensors.
• A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect
misuse of the network. This is usually in the form of scanning for vulnerabilities or for attacking
systems. When a signature is matched, the sensor can track certain actions. In the case of the
appliance sensor, it can reset (via TCP/rst) sessions, or enable “shuns” of further traffic. In the case
of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.
• Communications through automated report generation of standardized and customizable reports and
QoS/CoS monitoring capabilities.