A network access control list (ACL) is a set of rules that specify which users or systems have access to a specific item or system resource. Enter control lists are also put in routers and switches, where they serve as filters, determining which traffic is allowed to access the network.
Each system resource has a security attribute that identifies the access control list for that resource. Every user who has access to the system is represented on the list. The most common rights for a file system ACL are the ability to read a file or all the files in a directory, write to the file or files, and execute the file if it is an executable file or application. ACLs are also included in network interfaces and operating systems (OSes), such as Linux and Windows. Access control lists are used on computer networks to ban or allow specific types of network traffic. They frequently filter traffic based on the origin and destination.
How does ACL Works?
Depending on what they do, different ACLs have distinct working mechanisms. File system ACLs function by constructing tables that tell the operating system of the access capabilities granted to specific system subjects. Each object has a distinct security property that serves as an identifier in its access control list. Some privileges include read/write access, file execution, and a variety of others.
Unix-based systems, Windows NT/2000, and Novell’s Netware are among the popular operating systems that use this method.
In the case of Networking ACLS, they are put in networking devices (Routers and switches) just for traffic filtering. This is accomplished by employing pre-defined rules that determine which packets are sent. The source and destination IP addresses are also important considerations in this selection.
Packet filtering increases network security by limiting device and user access to the involved network and reducing network traffic access.
Access lists are ordered and comprise two key components: permit and deny statements. Access lists are identified by a name and a number.
Where can an ACL be placed?
Many administrators choose to deploy ACLs on a network’s edge routers. This allows them to filter traffic before it enters their system. To accomplish this, deploy an ACL-enabled routing device between the demilitarised zone (DMZ) and the internet. Devices such as application servers, web servers, VPNs, and Domain Name System (DNS) servers may exist within the DMZ.
You can also use an ACL to separate the DMZ from the rest of your network. If you employ an ACL between the internet and the DMZ, as well as between the DMZ and the rest of your network, each option is designed to safeguard the devices and users that follow after the ACL.
Components of an access control list
ACL entries are made up of numerous separate components that indicate how the ACL treats various sorts of traffic.
SequenceNumber:- The sequence number identifies the object in the ACL entry.
Name of the ACL:- This identifies an ACL by name rather than the number. Some ACLs let the use of both numbers and letters.
Comments:- Some ACLs allow users to include comments, which are additional descriptions of the ACL entry.
Network Protocol:- Protocol for networking Administrators can use this to accept or reject traffic depending on a network protocol, such as IP, Internet Control Message Protocol, TCP, User Datagram Protocol, or NetBIOS.
Origin and the destination:- Based on Classless Inter-Domain Routing, this defines a specific IP address to block or allow, as well as an address range.
Log:- Some ACL devices preserve a log of objects recognised by the ACL.
Types of ACL
ACLs are classified into two types:
- Filesystem ACLs
- Networking ACLs
Filesystem ACLs:- These function as filters, controlling access to directories or files. A filesystem ACL instructs the operating system on which users are permitted to access the system and what privileges they are granted while inside.
Networking ACLs:- ACLs in networking govern network access. To accomplish this, they inform switches and routers of the types of traffic that are permitted to interface with the network. They also specify what each user or device can do once inside.
ACLs can also be classified based on how they identify traffic:
- Standard Access-list
- Access-list Expansion
Standard Access-list:- These are the Access-lists that are created solely with the source IP address. These ACLs allow or limit access to the whole protocol suite. They make no difference between various IP traffic types like TCP, UDP, HTTPS, and so on. The router will recognise numbers 1-99 or 1300-1999 as a regular ACL and the given address as the source IP address.
Access-list Expansion:- The ACLs that use the source IP, the destination IP, the source port, and the destination port are listed below. We can specify which IP traffic should be allowed or refused using these types of ACLs. These ranges are 100-199 and 2000-2699.
Applications of ACL
Cyber security risks have always been on the rise, and ACL is one of many measures put in place to protect networks and the quality of service in enterprises. ACLs are used to handle a variety of issues, including:
- Breach of confidential information data
- Irrelevant services consume network bandwidth, depriving critical services of resources.
- Viruses and malicious code are prevented from entering the organization.
ACLs accomplish their main goal by identifying and controlling network access behaviors, traffic flow control, and granular monitoring.
Advantages of Access Control Systems
- Enhance network performance.
- Provides security by allowing the administrator to configure the access list to meet their needs and prevent undesirable packets from entering the network.
- Controls traffic by allowing or denying access based on network requirements.