You may have heard about the Access Control List or ACL. It is used to control permissions to a computer system or network, but do you know what is Access control list?
As we know, the Internet is a network of networks, and routers play a vital role in having connectivity between different networks. Routers are used in industries, universities, businesses, corporate offices, schools, colleges, etc., to connect their different branches from different locations. As a router sends traffic from one network to another, sometimes we need to monitor and control this traffic for security purposes.
So, we use ACLs, i.e., Access Control List, to control and monitor this traffic. So, let's understand what is Access control list.
What is Access Control List?
ACLs are rules defined for controlling network traffic to reduce network attacks. Using a set of rules specified for the network's incoming or outgoing traffic, ACLs filter this traffic.
Using an ACL is primarily intended to secure your network. Without it, any traffic is allowed to either enter or exit the network. Access control lists are employed on computer networks to forbid or permit particular network traffic. They filter the traffic on the basis of the traffic's origin and destination.
In the current times, Network interfaces and operating systems, like Linux and Windows, are also equipped with ACLs. A user or group of users' names make up one or more access control entries (ACEs) that are contained within each ACL.
The access privileges are specified for each user, group, or role in a string of bits known as an access mask. The person who creates the access control list for an item is often the system administrator or the object owner.
Now that you have a better idea of what is access control list, it is time to understand its purpose.
What is the purpose of Access Control List?
ACLs or Access control Lists can be used for two purposes, namely:
To filter traffic
To identify traffic
As mentioned above, access lists are a set of rules organized in a rule table. A condition, either permit or deny, is provided by each rule or line in an access list.
When an access list is used to filter the traffic -
a permit statement is used to "allow" traffic,
Whereas, to "block" traffic, a deny statement is used.
In a similar way, when identifying traffic with an access list -
a permit statement is used to include traffic
A deny statement, on the other hand, makes it clear that the traffic should "not" be included.
We hope you have a better understanding of what is the purpose of the Access control list. Moving on, let's see the types of Access Control List.
Types of Access Control List in Networking
Two common types of named access lists are available.
1. Standard Access list
These Access-lists were created solely utilizing the source IP address. These ACLs either allow or disallow the whole set of protocols. There is no distinguishing between the IP traffic like TCP, UDP, HTTPS, etc. Using numbers 1-99 or 1300-1999; the router will recognize it as a standard ACL and the provided address as the source IP address.
IP standard access list -
1–99 (normal range)
1300-1999 (Expanded Range)
2. Extended Access list
This ACL makes use of source IP, destination IP, source port, and destination port. With these ACL types, we can also mention which IP traffic should be allowed or denied. These use range from 100-199 and 2000-2699.
IP extended access list -
100-199 (normal range)
2000-2699 (Expanded Range)
These are the two types of ACL. Let's also take a look at categories of Access lists.
Numbered and named access lists are the two types available.
1. Numbered access-list
These are the access list that cannot be modified when created, i.e., if we want to remove any rule from an Access-list, then this is not allowed in the case of the numbered access list. The whole access list gets deleted if we try to delete a rule from the access list. Both standard and extended access lists can use the numbered access list.
2. Named access list
An access list is given a name in this kind of access list so that it may be recognized. It is allowed to modify a named access list, unlike numbered access list. Like numbered access lists, these can also be used with both standards and extended access lists.
If you are still with us, you have seen most of the important aspects of ACL, such as What is Access Control List, what are the types of Access Control List in networking, and their purpose. Now, spare a few more minutes and check out these essential in-depth insights on ACL.
Important rules to understand ACL
Filtering traffic is the primary use of access lists, so when filtering traffic, access lists are applied on interfaces. A packet travels through a router, which checks the top line of the rule list first before moving down the list until a match is found.
Once a match is made, the packet is either permitted or denied.
All access lists have an implied "deny all" at the end.
Either inbound (packets received on an interface before routing) or outgoing (packets leaving an interface after routing), access lists are applied.
Per interface, protocol, and direction, a single access list is permitted.
In general, standard Access-list is used near the target (but not always).
Typically, an extended Access-list is used near the source (but not always).
If we are utilising a numbered Access-list, we are unable to remove a rule from it. The entire ACL will be erased if we attempt to remove a rule. If we use named access lists, we can delete a specific rule.
Before adopting access lists, thoroughly analyse the entire scenario because every new rule that is added will be placed at the bottom of the access list.
Since every access list contains an implicit deny at the conclusion, we need to include a permit statement in our Access-list at the very least to avoid blocking all traffic.
The names of standard and extended access lists must be different.
Go for more reading: Access Control List (ACL) in networking
Comentarios