What is Access?
In Simple terms, access means being able to get to what you require. The ability to obtain entry for specific data on a computer is referred to as data access. Web access is the ability to connect to the World Wide Web through an internet link or an online service provider.
Refer to this YouTube video to understand the concepts of Cyber Security!
What is Access Control List?
Access Control List (ACL) refers to the process of monitoring and comparing data packets that flow in and out of a network.
This allows administrators to ensure that the device cannot gain access unless the proper credentials are presented.
A network access control list (ACL) is a set of rules that either allow or deny access to a computer environment.
An ACL is similar to a guest list at a private club. Only those on the list are authorized entries.
Functions in Access Control List
As the definition implies, the primary function of an ACL is Security
Controlling network traffic flow
- It adjusts the flow control.
- All packets entering or leaving the network are under its control. It makes sure that there aren’t any unnecessary or redundant packets circling the network.
- This can shield the server against DDOS attacks, which take place whenever hackers bombard the connection with the implementation with a high quantity of data packets.
The Network Engineers can only permit local traffic, which enhances the efficiency of the whole connection.
Allocation of an adequate standard of security
- ACL’s primary goal is to secure the network since the administrator has the power to give or refuse access to anybody.
- You may grant permission to packets and limit users, packets from particular networks, or packets that adhere to a specific test.
- ACL used to be the sole method of implementing firewalls, however there are now a variety of choices.
- ACLs are still used by businesses in conjunction with other technologies like VPNs.
Learn more about cyber security check out cyber security tutorial
Components of Access Control List
ACLs are implemented similarly across most routing platforms, and there are certain standard configuration rules.
Remember that an ACL is a group of guidelines or entries. Each entry in an ACL, whether it has one or more, is intended to accomplish a certain task, such as permitting or blocking everything.
When creating an ACL entry, you’ll need some information
Sequence Number
Recognize an ACL violation with a certain number.
ACL Name
ACL entries can be recognized by their names. The use of letters and numbers together rather than a series of numbers is permitted by some routers.
Network Protocol
Permit/allow UDP, ICMP, ICMP, TCP, IPX, IP,NetBIOS, and other protocols.
Statement
Allow or refuse access to a certain source establish on the hostname and universal mask.
Some routers, like Cisco, automatically add an implicitly forbid statement to the conclusion of each ACL.
Source
A single IP address, a CIDR address range, or all ranges can be specified as the Origin or End target.
Some Access points allow you to add comments to an ACL, which is useful for adding explicit details.
Log
Some devices can store logs whenever ACL fixtures are discovered.
Want to Ace your interviews, then check out our Cyber Security Interview Questions!
Access Control List Types
There are four different types of ACLs, each of which has a different use. they are reflexive, extended, dynamic, and standard.
These are the Access-lists specifically developed with the source IP address. These ACLs either permit or prevent access to the whole protocol suite. They make no distinction between IP traffic types such as TCP, UDP, HTTPS, and so on. The router will recognize numbers 1-99 or 1300-1999 as a standard ACL and the specified address as the source IP address.
These are the ACLs that make use of the source IP, the destination IP, the source port, and the destination port. We can specify which IP traffic should be allowed or denied using these types of ACLs. These ranges are 100-199 and 2000-2699.
Dynamic ACL
Dynamic ACLs employ Telnet, extensive ACLs, and authorization. This kind of ACL, commonly referred to as “Lock and Key,” can be applied for certain time periods.
Such lists only provide access to resources or endpoints if the user first establishes Telnet authentication with the device.
Reflexive ACL
- Reflexive ACLs are also known as IP connection ACLs. These ACLs use session information from top layers to filter traffic.
- They enable or prevent outbound traffic in response to sessions started inside the router.
- The router identifies outgoing ACL traffic and adds a new inbound ACL entry.
Want a Cyber Security Certification, so get it. Don’t miss the chance and enroll in Cyber Security Training.
Get 100% Hike!
Master Most in Demand Skills Now!
Access Control List in Network Security
The main goal of using an ACL is to secure your network. Without it, any traffic can enter or exit, leaving it vulnerable to unwanted and dangerous traffic.
An ACL can be used to improve security by denying specific routing updates or providing traffic flow control.
An ACL allows you to filter packets for a single or group of IP addresses, as well as different protocols such as TCP or UDP.
As an example, Instead of restricting only one host in the engineering team, you may limit access to the entire network and only allow one. You might also limit access to host C.
You can only allow port 80 and block everything else if the Engineer from host C wants to contact a web server in the Financial network.
Access Control List Examples
The most common examples of Access Control List include web servers, DNS servers, and remote access or VPN systems. The internal router of a DMZ contains stricter ACLs to protect the internal network from more specific attacks.
Web Access Control (WAC) is a cross-domain independent access control system that allows Linked Data systems to impose permission requirements on HTTP resources using the Access Control List (ACL) model.
Access to information from a DNS server is controlled by an access control list that lists clients that are allowed to obtain IP addresses that match the domain name of a target host.
The process includes fielding a client request for a domain name’s the IP address at the DNS server and verifying the domain name against an access control list.
The client receives a response with the IP address of the domain name if the client is permitted to receive the IP address in the access control list.
If the client is not permitted to receive the IP address, the request is rejected.
Access Control Lists (ACLs) are used to control whether clients may connect to Message VPNs, which topics they can publish to, and which topics and share names they can subscribe to in that Message VPN.
Want to learn more about Ethical Hacking? Enroll in our Ethical Hacking Course Online!
Access Control List Rules and Regulations
- The common Access-list is typically utilised close to the conclusion (but not always).
- The names of standard and extended access lists cannot be the same.
- We can only assign one ACL per interface per protocol per direction, i.e., one internal and one outgoing ACL per interface
- We can only assign one ACL per interface per protocol per direction, i.e., one internal and one outgoing ACL per interface
- Every access list ends with an unclear denial, thus we must add at least a permit statement in our access list to avoid having all traffic turned away.
Conclusion
An organization’s package channels are its ACLs. They may control, permit, or outright forbid traffic, which is essential for security. For a solitary or a collection of IP addresses, as well as for various protocols like UDP, TCP, and ICMP, among others, an ACL can be utilized to control packet flow.
A hardware firewall may slow down the network even if it offers much more protection. Although it still offers a high level of protection, an ACL is positioned directly on the interface and processed by the router utilizing its capabilities.