Cisco Systems ICS-7750 Manual De Usuario
5-23
Cisco ICS 7750 System Description
78-10360-02
Chapter 5 Summary of Software Applications Features
External Software Applications
•
VPN support—Combining Cisco IOS Firewall with Cisco IOS encryption
and QoS VPN features enables secure, low-cost transmissions over public
networks.
and QoS VPN features enables secure, low-cost transmissions over public
networks.
•
Scalability—Cisco IOS Firewall scales to meet any network’s bandwidth and
performance requirements.
performance requirements.
•
Easier management—Using Cisco ConfigMaker software, network
administrators can configure Cisco IOS security features (including the
Cisco IOS Firewall, network address translation, and Cisco IPSec) from a
central console over the network.
administrators can configure Cisco IOS security features (including the
Cisco IOS Firewall, network address translation, and Cisco IPSec) from a
central console over the network.
Key Features
lists key features supported by the Cisco IOS Firewall.
Table 5-10 Key Features of Cisco IOS Firewall
Feature
Description
Context-based access control
(CBAC)
(CBAC)
Provides internal users secure, per-application-based access
control for all traffic across perimeters, such as perimeters
between private enterprise networks and the Internet.
control for all traffic across perimeters, such as perimeters
between private enterprise networks and the Internet.
Intrusion detection
Provides real-time monitoring, interception, and response to
network misuse with a broad set of the most common attack and
information-gathering intrusion detection signatures.
network misuse with a broad set of the most common attack and
information-gathering intrusion detection signatures.
Authentication proxy
Dynamic, per-user authentication and authorization for
LAN-based and dial-in communications; authenticates users
against industry-standard TACACS+ and RADIUS authentication
protocols; network administrators can set individual, per-user
security policies.
LAN-based and dial-in communications; authenticates users
against industry-standard TACACS+ and RADIUS authentication
protocols; network administrators can set individual, per-user
security policies.
Denial-of-service detection and
prevention
prevention
Defends and protects router resources against common attacks;
checks packet headers, dropping suspicious packets.
checks packet headers, dropping suspicious packets.
Dynamic port mapping
Allows network administrator to run CBAC-supported
applications on non-standard ports.
applications on non-standard ports.
Java applet blocking
Protects against unidentified, malicious Java applets.