What are the different types of access control lists?


Top List

What Is an Access Control List

An access control list (ACL) contains rules that grant or deny access to certain digital environments. There are two types of ACLs:

  • Filesystem ACLs━filter access to files and/or directories. Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed.
  • Networking ACLs━filter access to the network. Networking ACLs tell routers and switches which type of traffic can access the network, and which activity is allowed.

Originally, ACLs were the only way to achieve firewall protection. Today, there are many types of firewalls and alternatives to ACLs. However, organizations continue to use ACLs in conjunction with technologies like virtual private networks (VPNs) that specify which traffic should be encrypted and transferred through a VPN tunnel.

Reasons to use an ACL:

  • Traffic flow control
  • Restricted network traffic for better network performance
  • A level of security for network access specifying which areas of the server/network/service can be accessed by a user and which cannot
  • Granular monitoring of the traffic exiting and entering the system

ACL Explained

An access control list is a system of regulations that determines which clients or hosts can use your service. In a few words, ACL is the list that allows you to say who can communicate with what. So in the case of this problem, we have an email address. We might have a host. We might have a port. And we might have a protocol type. And then we say OK. So these people can communicate with this. And we say nobody else can. So that's the access control list.

If you are a bad guy, and you are trying to figure out a way to send an email and have it look like it came from someone else, you are going to have to be able to have some kind of a list that's going to allow you to do that.

And so this is why you are going through this. So you have to know how the mail server works. So we have these mail servers. One of the most common ones is called Sendmail. And if you look at Sendmail, it has something like 250 different configuration files.

And that's not a joke. So you have to know which ones to use for what purpose. But once you have it set up, it's a fairly simple thing. And so what you can do is you can have a little script. You can say, "Let me look at this mail. Let me take this mail, and let me send it to the right folder." So you might say, "I'm going to have this folder for user A, user B, and user C. And I'm going to have this other folder for user D, user E, and user F." And I'm going to have a script that says, "You know what? Let me take this email. I'm going to hand it on to the user A file folder.

Access Control Lists (ACLs) are traffic light records for web channels that may oversee traffic info and surge. ACLs control a bunch of choices that decide if a bundle ought to be progressed or hindered at the switch's interface.

In the same way that a Stateless Firewall restricts, impedes, or authorizes the passage of bundles from source to destination, an ACL does the same.

When you specify an ACL on a directing device for a given interface, every traffic passing through will be distinguished, and the ACL explanation will either hamper or license it.

The source, the level-headed, a specific show, or other material might be used as models for displaying the ACL rules.

Access control records are commonly found in switches and firewalls, but they may also be found in any device that operates in the association, including routers, network devices, and employees.

ACLs on filesystems control access to documents and maybe indexes. Working frameworks use filesystem ACLs to determine which clients have access to the framework and what privileges they have. Access control records are used to monitor who has access to the documents and indexes (ACLs). It ensures that only pre-approved clients have access to catalogs and records.

Administration of computer systems ACLs are used to control who gets into the organization. Administration of computer systems ACLs instruct switches and switches what kind of traffic and movement is allowed inside the organization.

Originally, the best technique to get firewall insurance was to use ACLs. In contrast to ACLs, there are many different types of firewalls and alternatives available today. Nonetheless, enterprises continue to use ACLs associated with technologies such as virtual private networks (VPNs), which specify which traffic should be encoded and routed through a VPN tunnel.

Features of the ACL

  • The described set of rules is coordinated with sequential sequencing, i.e. coordinating with begins with the main line, second, third, and so on.
  • The bundles are carefully coordinated until they match the standard. When a standard is coordinated with, no additional correlation occurs, and the standard is carried out.
  • At the end of each ACL, there is an implicit deny, i.e., if no condition or rule coordinates are present, the parcel will be discarded.
  • ACLs are long and complex, and there is little information available to assist determine why specific ACLs were introduced or updated.
  • ACL modifications aren't always monitored or regulated, resulting in a lack of communication and knowledge with ACL modifications across key groups.
  • As the size and complexity of the ACL grows, the risks of personal time and blackouts grow significantly.
  • When it comes to ACL modifications, there is a lack of accountability. In many organizations, it's nearly impossible to attribute ACL modifications to single designers with any regularity.

Why you should utilize ACLs

  • A level of security for network access stating which areas of the worker/organization/administration may and cannot be accessed by a client:

The guideline considered while utilizing an ACL is to provide security to your organization. Without it, any traffic can enter or exit, rendering it impotent against unwanted and harmful traffic.

An ACL can be used to strengthen security by, for example, denying explicitly coordinated modifications or granting traffic stream control.

  • Granular monitoring of traffic exiting and entering the framework:

An ACL allows you to channel groups for a single or social event of IP addresses or various shows, such as TCP or UDP.

As an example, rather than upsetting just one host in the planning group, you may reject permission to the entire group and only permit one. Alternatively, you can limit the authorization to have C in the same way.

  • Limited network traffic for better organization execution:

For example, if an Engineer from Have C has to connect to a web worker in the Financial organization, you can merely allow port 80 and ignore the rest.

Access-Lists (ACL)

Access-list (ACL) is a set of rules defined for controlling network traffic and reducing network attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or outgoing of the network.

ACL features –

  1. The set of rules defined are matched serial wise i.e matching starts with the first line, then 2nd, then 3rd, and so on.
  2. The packets are matched only until it matches the rule. Once a rule is matched then no further comparison takes place and that rule will be performed.
  3. There is an implicit deny at the end of every ACL, i.e., if no condition or rule matches then the packet will be discarded.

Once the access-list is built, then it should be applied to inbound or outbound of the interface:

  • Inbound access lists –
    When an access list is applied on inbound packets of the interface then first the packets will be processed according to the access list and then routed to the outbound interface.
  • Outbound access lists –
    When an access list is applied on outbound packets of the interface then first the packet will be routed and then processed at the outbound interface.

Types of ACL –
There are two main different types of Access-list namely:

  1. Standard Access-list –
    These are the Access-list that are made using the source IP address only. These ACLs permit or deny the entire protocol suite. They don’t distinguish between the IP traffic such as TCP, UDP, HTTPS, etc. By using numbers 1-99 or 1300-1999, the router will understand it as a standard ACL and the specified address as the source IP address.
  2. Extended Access-list –
    These are the ACL that uses source IP, Destination IP, source port, and Destination port. These types of ACL, we can also mention which IP traffic should be allowed or denied. These use range 100-199 and 2000-2699.

Also, there are two categories of access-list:

  1. Numbered access-list – These are the access list that cannot be deleted specifically once created i.e if we want to remove any rule from an Access-list then this is not permitted in the case of the numbered access list. If we try to delete a rule from the access list then the whole access list will be deleted. The numbered access-list can be used with both standard and extended access lists.
  2. Named access list – In this type of access list, a name is assigned to identify an access list. It is allowed to delete a named access list, unlike numbered access list. Like numbered access lists, these can be used with both standards and extended access lists.

Rules for ACL –

  1. The standard Access-list is generally applied close to the destination (but not always).
  2. The extended Access-list is generally applied close to the source (but not always).
  3. We can assign only one ACL per interface per protocol per direction, i.e., only one inbound and outbound ACL is permitted per interface.
  4. We can’t remove a rule from an Access-list if we are using numbered Access-list. If we try to remove a rule then the whole ACL will be removed. If we are using named access lists then we can delete a specific rule.
  5. Every new rule which is added to the access list will be placed at the bottom of the access list therefore before implementing the access lists, analyses the whole scenario carefully.
  6. As there is an implicit deny at the end of every access list, we should have at least a permit statement in our Access-list otherwise all traffic will be denied.
  7. Standard access lists and extended access lists cannot have the same name.

Advantages of ACL –

  • Improve network performance.
  • Provides security as the administrator can configure the access list according to the needs and deny the unwanted packets from entering the network.
  • Provides control over the traffic as it can permit or deny according to the need of the network.

Article Tags :

Computer Networks

Practice Tags :

Computer Networks

Access Control List

Access Control List (ACL) refers to a specific set of rules used for filtering network traffic, especially in computer security settings. ACLs also allow specific system objects such as directories or file access to authorized users and denies access to unauthorized users.

ACLs are mainly found in network devices with packet filtering capabilities including routers and switches.