Context-based Access Control

Context-based Access Control(also refereed to as CBAC)is a control that intelligently filters TCP and UDP packets based on the application layer of the OSI Model. Such examples are packets sent through applications such as the World Wide Web(TCP packets) and Skype(using UDP packets). CBAC can be configured to allow or deny certain TCP or UDP packets through the firewall by the network needing the protection and being a stateful inspection firewall, it can inspect session traffic passing through the firewall on either sides.

Although access lists can help to filter traffic that passes through the firewall, it can only filter packets that work on the network and transport layer of the OSI Model (using protocols such as IP protocol). CBAC on the other hand can filter network and transport layer protocol packets as well as application layer packets.

CBAC also has its benefits. Not only does it filters packet and deny or allow packets to pass through based on the configuration, it can also detect and prevent Denial-of-Service attacks and provide real-time alerts and provide audit trails which makes it easier to track the activities of users or the chain of events taking place in the network.