Filter
Top Products
1-105
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
OL-2239-05
Chapter1 Overview of Cisco uBR7200 Series Software
cops tcp window-size
• Dynamic port mapping that maps the default port numbers for well-known applications to other port
numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree
of control over which users can access different applications.
• Configurable alerts and audit trail.
• Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles.
When an intrusion is detected, IDS can either send an alarm to a syslog server or to NetRanger
Director, drop the packet, or reset the TCP connection.
• User-configurable audit rules.
• Configurable real-time alerts and audit trail logs.
For general information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product
Catalog. For detailed information, refer to these documents on Cisco.com:
• Cisco IOS Firewall Feature Set documentation
• In particular, refer to the “Security Configuration Guide, “Traffic Filtering” chapter:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
Dynamic Mobile Hosts
This feature addresses a security hole that occurs when the Cisco uBR7200 series router supports mobile
hosts. (Mobile host are hosts that can move from one modem to another modem.) Anyone who knows
the MAC address of a mobile host can “fake” the mobile host, thereby causing denial of access for the
real mobile host.
To avoid this security hole, the Dynamic Mobile Hosts feature pings the mobile host on the old service
identifier (SID) to verify that the host has indeed been moved.
A DHCP server is used to verify addresses and can be configured with the cable source-verify dhcp
command; the no cable arp command should be configured in the CMTS to prevent it from sending ARP
requests.
For additional information, refer to the Cisco Broadband Cable Command Reference Guide on
Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/cable/bbccmref/index.htm
Dynamic Shared Secret for DOCSIS
The Dynamic Shared Secret feature provides service providers a way of providing higher levels of
security for their Data-over-Cable Service Interface Specifications (DOCSIS) cable networks, by using
randomized, single-use shared secrets to verify the DOCSIS configuration files that are downloaded to
each cable modem. The Dynamic Shared Secret feature is enabled using the cable dynamic-secret
interface configuration command.
The Dynamic Shared Secret feature automatically creates a unique DOCSIS shared secret on a per-modem
basis, creating a one-time use DOCSIS configuration file that is valid only for the current session. This
ensures that a DOCSIS configuration file that has been downloaded for one cable modem can never be used
by any other modem, nor can the same modem reuse this configuration file at a later time.
This patent-pending feature is designed to guarantee that all registered modems are using only the
quality of service (QoS) parameters that have been specified by the DOCSIS provisioning system for
that particular modem at the time of its registration.