Context-Based Access Control

from Wikipedia, the free encyclopedia

As context-based access control (CBAC) is known in the network technology an intelligent filter for TCP - and UDP packets to control access and control to files or services, the connection-specific protocol information ( "stateful") on the OSI model - Application layer (layer 7) used. In contrast to the RBAC method, CBAC can act in a context-dependent manner, e.g. depending on the requesting network.

A network filter without CBAC is limited to checking data packets from the network layer (layer 3) or at most the transport layer (layer 4) as well as processing access control lists . However, CBAC not only examines these levels, but also the information of the application layer protocol (e.g. FTP connection information). This enables protocols to be supported in which multiple channels are created as a result of negotiations with the control channel. Most of the multimedia protocols, as well as some other protocols (such as FTP, RPC and SQL * Net), span multiple channels.

CBAC also offers the following benefits:

  • Denial of service prevention and detection
  • Real-time alerts