An ACL network is really just like any other computer network, except that the routers and switches running on the network adhere to a predetermined list of access permissions. Network routers are given a list of rules, called an access control list (ACL), that may allow basic admission to or from a network segment, as well as permission to access services that may be available through the network. they. While an ACL can be used in other computing services, such as allowing a user to access files stored on a computer, in the case of a network ACL, the rules apply to network interfaces and ports through which the communication data travels.
ACL networks have a series of routers and switches that restrict access permissions.
As data packets travel through controlled ports on a network device in a network ACL, they are filtered and evaluated for permissions. In most cases, this is a network router or switch. However, some firewall software built into an operating system can also be viewed as a form of access control list. When a data packet enters or leaves an interface on the network device, its permissions are evaluated against the ACL. If these permissions are not met, the package will be denied travel.
As data packets travel through controlled ports on a network device in a network ACL, they are filtered and evaluated for permissions.
An ACL is made up of access control entries (ACEs). Each ACE in the list contains pertinent information about permissions for packets entering or leaving the network interface’s ACL. Each ACE will contain a permit or deny statement, as well as additional criteria that a packet must meet. In most cases, packets are evaluated against common Internet Protocol (IP) standards, such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and others in the suite. Of the most basic types of ACL, only the source address is checked, whereas in an extended ACL, you can set rules that check the source and destination addresses, as well as the specific ports from which the message originated and is destined. traffic.
In a network ACL, control lists are built into the network’s routers and switches. Each network hardware vendor may have separate rules for how an ACL should be constructed. Regardless of which hardware manufacturer or software developer created the program that processes the packets in an ACL, the most important aspect of implementing a network ACL is planning. In cases of poor planning, it’s quite possible that an administrator logs into a specific router, begins to implement an ACL on that router, and then suddenly gets locked out of that router or some segment of an entire network.
One of the most common network ACL implementations is built on the proprietary Internetwork Operating System (IOS) created by Cisco Systems®. On Cisco® IOS switches and routers, the ACL is manually entered by an administrator and is automatically enforced as each item is added to the list. The ACL should be implemented incrementally, so that when an individual package matches an entry, the rest under the same permissions can follow suit. Any change to the list means that it must be rewritten in its entirety.
While not as secure as a firewall in protecting a network, an ACL is useful in addition to a firewall for various scenarios. An administrator can limit traffic to and from certain areas of a larger network or prevent traffic originating from certain addresses from leaving the network altogether. Packets can be monitored in a network ACL to locate problem areas in the network, identify malfunctioning hosts, or track down client computers that may be infected with a virus trying to spread. An ACL can also be used to specify the traffic that should be encrypted between nodes on the network.
