Access Control List (ACL) are filters that tell a computer operating system such as Microsoft Windows NT/2000, Novell’s NetWare, Digital’s OpenVMS, and UNIX-based systems which access rights users have to a file, a folder or other items in the software. ACLs are specifically used by the administrator to filter traffic and the purpose of this is to provide extra security for their networks. The ACL table has an entry for each user with different privileges. The privileges vary with the ability to read, write or execute the file if applicable.
Cisco routers allow the implementation of ACLs, for example, allow or deny addresses or network hosts. Also, ACLs can be configured to control network traffic according to the TCP port in use and it can also be configured for all routed network protocols.
The most used ACLs types in Cisco are: standard and extended:
- Standard access lists focus on source addresses and it requires less processor power. It can filter a source network/host but not the destination of a package.
- Extended access lists give administrators more flexibility and control. It allows them to know both the source and the destination of the addresses. The administrators also can check for protocols, port numbers, and other options. Within the extended access lists they can choose from Reflexible ACLs, (also known as IP session filtering ACLs) were once the session ends, the entry in the reflexive ACL is removed, and Dynamic ACLs (also known as lock and key ACLs) which allows the user to access a specific location with user authentication process.
There are also named access lists where you can choose what name to give to the list.
Another option is numbered access lists. These numbered lists also subdivide in two: standard and extended access lists. These lists are either created or deleted, they can not be modified. Every time a new numbered access list is created is added to the bottom of the other lists. This could be difficult to work with and that is why people prefer to use name access lists.
On the other hand, I recently found a post from someone who knows how to modify numbered access lists without deleting everything. That contradicts the information I found on a different website. Here is the post with pictures and explanations.
http://movingpackets.net /2012/08/22/ working-with-numbered-access-lists
From the replies people give to the post, it does not seem to be something many people know about. I am glad to find this piece of information.
I hope this post was helpful. I learned a lot while writing this. It gives me peace of mind to know several layers of security that can be implemented into a system. I read the news every day and with so many cyber attacks there has to be a way to compensate.
References:
Retrieved from: Allied Telesis “ACL feature overview” https://www.alliedtelesis.com/documents/acl-feature-overview-and-configuration-guide
Retrieved from: Search Software Quality “Access Control List”
https://searchsoftwarequality.techtarget.com/definition/access-control-list
Retrieved from: Learn Certification “Describe the types of features and applications of ACLS” http://www.learncertification.com/study-material/describe-the-types-features-and-applications-of-acls
Retrieved from: Moving Packets: “Working with numbered access lists” http://movingpackets.net/2012/08/22/working-with-numbered-access-lists/
Icons/pictures by https://www.autodraw.com/artists in accordance with https://creativecommons.org/licenses/by/4.0/
Bits and Bytes 