Knowledge

What is an Access Control List (ACL)?

Access Control Lists (ACLs) are among the most common forms of network access control. Simple on the surface, ACLs consist of tables that define access permissions for network resources. ACLs are built into network interfaces, and operating systems such as Linux and Windows NT, as well as enabled through Windows Active Directory. Despite their apparent simplicity, ACL systems get quite complex as the network architecture and user population grows.

What is an Access Control List (ACL)?

An access control list (ACL) is a list of rules that specify which users or systems are granted or denied access to a particular object or system resource. Access control lists are also installed in routers or switches, where they act as filters, managing which traffic can access the network.

Each system resource has a security attribute that identifies its access control list. The list includes an entry for every user who can access the system. The most common privileges for a file system ACL include the ability to read a file or all the files in a directory, to write to the file or files, and to execute the file if it is an executable file or program. ACLs are also built into network interfaces and operating systems (OSes), including Linux and Windows. On a computer network, access control lists are used to prohibit or allow certain types of traffic to the network. They commonly filter traffic based on its source and destination.

access control list

How does ACL work?

ACLs work by enforcing the specified access rules to permit or restrict access. These rules can be defined based on criteria such as source and destination IP address, protocols, etc. Depending on the type of ACL, the rules ensure that only authorized entities have access to sensitive information assets.

Let us see two cases of how ACLs work here:

  • Case 1: Filesystem ACLs contain access control entries with permissions defined for users, groups, or other entities that can access files. These permissions define the actions that users or groups can perform on files or directories, such as read-only, write, execute, delete, etc. So, whenever access to a file is requested, the operating system matches any corresponding ACL entry to allow or deny access.
  • Case 2: Network ACLs are installed in network gateways such as routers and switches to deny or allow traffic based on the rules defined. Each time a data packet requests access to networks, the router scans these predefined rules, and if the packet matches the ‘permit’ criteria, it is allowed access. So, if there is a simple access control rule to deny all traffic from the public internet, the network device will block it accordingly.

Why use an Access Control List?

An ACL can provide network security by determining which users can do what within a system and who has access. This can help to keep the system more secure and keep the network running smoothly due to restricted traffic around a secured object. Less traffic can mean better network performance.

An ACL directs the traffic flow, keeping out what should not be there and letting in what should. It can also help to monitor traffic entering and exiting the system.

ACLs can be set up to be specific or broad. The ACL can be made to allow only certain users into the system and determine the privileges the user has within the system. An ACL can help to minimize the risk of a security breach by dictating who has rights within the system.

Benefits of using ACLs

With an access list, you can simplify the way local users, remote users, and remote hosts are identified. This is done using an authentication database configured to ensure that only approved users are allowed access to the device.

An access list also allows you to prevent unwanted users and traffic. If you set up parameters that dictate which source or destination addresses and which users are allowed to access a network, you can prevent all others from getting inside. You can also categorize the kinds of traffic you want to allow to access the network and then apply those categories to the ACL. For example, you can create a rule that enables all email traffic to pass through to the network but blocks traffic that contains executable files.

What are the types of ACLs?

There are five different types of access control lists.

  • Standard ACL: Standard lists are the most common type of access lists used for simple deployments. They allow you to filter only the source address of the data packet. Moreover, they are less processor-intensive.
  • Extended ACL: Although extended lists are complex in configurations and resource-intensive, they provide a granular level of control. Using these lists, you can be more precise while filtering data packets. You can also evaluate the packets based on different factors such as source and destination IP addresses, source, and destination port, and type of protocol (ICMP, TCP, IP, UDP), and more.
  • Dynamic ACL: Dynamic ACLs are often known as Lock and Key, and they can be used for specific attributes and timeframes. They rely on extended ACLs, authentication, and Telnet for their functionality.
  • Reflexive ACL: Reflexive ACLs are also known as IP session ACLs. They filter IP traffic based on upper-layer session information. These ACLs can only be used to permit IP traffic generated within your network and deny the IP traffic generated from an external or unknown network.
  • Time-based ACL: Time-based ACLs are similar to extended ACLs. However, they can be implemented by creating specific times of the day and week.

access control list

Common use cases for Access Control Lists

ACLs can be implemented in a variety of situations to manage traffic and bolster security.

Network Security

ACLs can be deployed to improve network security through the granular control of access to network resources. Administrators can specify which users, IP addresses, and protocols are allowed to access network resources and prevent unauthorized access.

Firewall Rules

Firewalls employ ACLs to filter incoming and outgoing traffic based on specified criteria. Network administrators can create ACL rules to block specific IP addresses, restrict access to certain access points, or enforce policies to only allow secure traffic.

Virtual Private Networks (VPNs)

ACLs control the traffic flow between VPN clients and servers. Network administrators can use ACL rules to permit or deny VPN connections based on factors like user authentication and source IP address, helping implement security policies for access to networks.

Intrusion Prevention Systems (IPS)

ACLs are employed to detect and prevent unauthorized activities within the network. By refining ACL rules to block known malicious IP addresses and unexpected traffic patterns, IPS systems can defend against cyber threats and attempts at unauthorized access.

How to implement an ACL on your router

To properly implement ACL on your router, you have to understand how traffic flows in and out of it. You set the rules based on the point of view of the interface of the router. This is different than that of the networks. For example, if traffic is flowing into a router, it is flowing out of a network, so the perspective makes a big difference as to how the traffic’s motion is described.

To make an ACL perform its intended function, it needs to be applied to the interface of the router. The forwarding and routing decisions are executed by the router’s hardware, which makes for a faster process.

While creating an ACL entry, put the source address first and the destination address after. The router knows to read the entry when it is presented in this format. The source is where the traffic is coming from, and this is to the “outside” of the router. The destination is a point past the router, where the data packets will end up.

Knowledge

Other Articles

What is a Peer to Peer VPN (P2P VPN)?

Peer-to-peer servers have acquired a somewhat unsavory... Oct 3, 2024

Site to Site VPN: Do you need one?

Imagine a multinational corporation sharing confidential data... Oct 2, 2024

What is a Remote Access VPN?

Hybrid and remote work have now firmly... Oct 1, 2024

What is an Access Control List (ACL)?

Access Control Lists (ACLs) are among the... Sep 30, 2024

What is a Remote Access Trojan (RAT)?

Trojan attacks are some of the most... Sep 29, 2024

Remote Access: Everything you need to know

Connections matter for every business and individual,... Sep 28, 2024

VPN Kill Switch: Why do you need it?

Virtual private networks — more commonly known... Sep 27, 2024

What is a Dynamic Multipoint VPN (DMVPN)?

A dynamic multipoint VPN offers organizations an... Sep 26, 2024

Related posts

What is a Peer to Peer VPN (P2P VPN)?

Peer-to-peer servers have acquired a somewhat unsavory reputation over the years. A Peer to Peer...

Site to Site VPN: Do you need one?

Imagine a multinational corporation sharing confidential data between its headquarters in New York and its...

What is a Remote Access VPN?

Hybrid and remote work have now firmly established themselves in the work patterns of companies...