What are the basic features of an access control list?

Access Control List [ACL] Feature Overview and Configuration Guide

An Access Control List is one filter, or a sequence of filters, that are applied to an interface to either block or pass [or when using QoS, apply priority to] packets that match the filter definitions. ACLs are used to restrict network access by hosts and devices and to control network traffic.

Access Control Lists used in AlliedWare Plus are separated into two different types, software ACLs and hardware ACLs. Hardware ACLs are applied directly to interfaces, or are used for QoS classifications. Software ACLs are applied to Routing and Multicasting.

This guide describes Access Control Lists [ACLs], and general ACL configuration information.

ACL Feature Overview and Configuration Guide [Rev L]

What Is an Access Control List

An access control list [ACL] contains rules that grant or deny access to certain digital environments. There are two types of ACLs:

• Filesystem ACLs━filter access to files and/or directories. Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed.
• Networking ACLs━filter access to the network. Networking ACLs tell routers and switches which type of traffic can access the network, and which activity is allowed.

Originally, ACLs were the only way to achieve firewall protection. Today, there are many types of firewalls and alternatives to ACLs. However, organizations continue to use ACLs in conjunction with technologies like virtual private networks [VPNs] that specify which traffic should be encrypted and transferred through a VPN tunnel.

Reasons to use an ACL:

• Traffic flow control
• Restricted network traffic for better network performance
• A level of security for network access specifying which areas of the server/network/service can be accessed by a user and which cannot
• Granular monitoring of the traffic exiting and entering the system

Access-Lists [ACL]

Access-list [ACL] is a set of rules defined for controlling network traffic and reducing network attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or outgoing of the network.

ACL features –

1. The set of rules defined are matched serial wise i.e matching starts with the first line, then 2nd, then 3rd, and so on.
2. The packets are matched only until it matches the rule. Once a rule is matched then no further comparison takes place and that rule will be performed.
3. There is an implicit deny at the end of every ACL, i.e., if no condition or rule matches then the packet will be discarded.
   

Once the access-list is built, then it should be applied to inbound or outbound of the interface:

• Inbound access lists –
  When an access list is applied on inbound packets of the interface then first the packets will be processed according to the access list and then routed to the outbound interface.
  
• Outbound access lists –
  When an access list is applied on outbound packets of the interface then first the packet will be routed and then processed at the outbound interface.
  

Types of ACL –
There are two main different types of Access-list namely:

1. Standard Access-list –
   These are the Access-list that are made using the source IP address only. These ACLs permit or deny the entire protocol suite. They don’t distinguish between the IP traffic such as TCP, UDP, HTTPS, etc. By using numbers 1-99 or 1300-1999, the router will understand it as a standard ACL and the specified address as the source IP address.
   
2. Extended Access-list –
   These are the ACL that uses source IP, Destination IP, source port, and Destination port. These types of ACL, we can also mention which IP traffic should be allowed or denied. These use range 100-199 and 2000-2699.

Also, there are two categories of access-list:

1. Numbered access-list – These are the access list that cannot be deleted specifically once created i.e if we want to remove any rule from an Access-list then this is not permitted in the case of the numbered access list. If we try to delete a rule from the access list then the whole access list will be deleted. The numbered access-list can be used with both standard and extended access lists.
   
2. Named access list – In this type of access list, a name is assigned to identify an access list. It is allowed to delete a named access list, unlike numbered access list. Like numbered access lists, these can be used with both standards and extended access lists.
   

Rules for ACL –

1. The standard Access-list is generally applied close to the destination [but not always].
2. The extended Access-list is generally applied close to the source [but not always].
3. We can assign only one ACL per interface per protocol per direction, i.e., only one inbound and outbound ACL is permitted per interface.
4. We can’t remove a rule from an Access-list if we are using numbered Access-list. If we try to remove a rule then the whole ACL will be removed. If we are using named access lists then we can delete a specific rule.
5. Every new rule which is added to the access list will be placed at the bottom of the access list therefore before implementing the access lists, analyses the whole scenario carefully.
6. As there is an implicit deny at the end of every access list, we should have at least a permit statement in our Access-list otherwise all traffic will be denied.
7. Standard access lists and extended access lists cannot have the same name.
   

Advantages of ACL –

• Improve network performance.
• Provides security as the administrator can configure the access list according to the needs and deny the unwanted packets from entering the network.
• Provides control over the traffic as it can permit or deny according to the need of the network.

Article Tags :

Computer Networks

Practice Tags :

Computer Networks

Read Full Article

Access Control List: Everything To Know in 6 Easy Points

Introduction

Presently, the need to protect your Data from outsiders has risen due to the amount of illegal hacking performed. Regardless of type, size, scope, or industry, every company that wants to survive must always be ready to defend and protect its essential data.

ACL in networking is a crucial element used in the Security of computer networks.

ACL full form in networking is Access Control lists.

ACL means keeping an eye on the data packets that flow in and out the network and compares it with a set of standards.

In this article, let us try to answer What is ACL? We will also discuss its types and components. Additionally, we will learn how to implement it in a Router.,

In this article let us look at:

1. What is ACL
2. Why Use ACL
3. Where Can You Place ACL
4. Components of ACL
5. Types of Access Control List
6. How to implement ACL on a Router

1] What is ACL

Access Control lists are a kind of Stateless Firewall that monitors every packet flowing in the network and forwards the packet or blocks it based on the rules mentioned. It either allows, restricts, or blocks the packet in the system. Accordingly, decisions are made. The analysis can evolve from, the destination address, source, protocols implemented, or any other information. It can be implemented in any networking device like a router, firewalls, hubs, etc.

2] Why Use ACL

As the definition suggests,the Its primary purpose of an ACL is Security. Others include-

• Traffic flow control in the network: –

It controls the flow by regulatingIt controls every packet that leaves or enters the network,. It makes sure that no unnecessary or irrelevant packet floats in the network. This can also save the host from attacks like DDOS [Denial of Service Attacks], as these attacks occur when hackers overflow the host network with lots of data packets.

• Better performance of the network:

As there is only the local traffic that was allowed by the Network Engineers, it leads to better performance of the overall network.

• Supply of an adequate level of Security:-

The main objective of ACL is to provide Security to your network, as Admin can give access and deny access to anyone. You can restrict users, packets from specific networks, or packets following a particular protocol, in the same way, permission to packets can also be given.

Earlier, ACL was the only way to implement Firewalls, but now there are many other options available. Companies still use ACL along with others like VPN.

• Monitoring of the packet flow –

Access Control lists also help in monitoring the network packets that are entering and exiting the network.