Introduction

Presently, the need to protect your Data from outsiders has risen due to the amount of illegal hacking performed. Regardless of type, size, scope, or industry, every company that wants to survive must always be ready to defend and protect its essential data.

ACL in networking is a crucial element used in the Security of computer networks.

ACL full form in networking is Access Control lists.

ACL means keeping an eye on the data packets that flow in and out the network and compares it with a set of standards.

In this article, let us try to answer  What is ACL? We will also discuss its types and components. Additionally, we will learn how to implement it in a Router.,

In this article let us look at:

  1. What is ACL
  2. Why Use ACL
  3. Where Can You Place ACL
  4. Components of ACL
  5. Types of Access Control List
  6. How to implement ACL on a Router

1) What is ACL

Access Control lists are a kind of Stateless Firewall that monitors every packet flowing in the network and forwards the packet or blocks it based on the rules mentioned. It either allows, restricts, or blocks the packet in the system.  Accordingly, decisions are made. The analysis can evolve from, the destination address, source, protocols implemented, or any other information. It can be implemented in any networking device like a router, firewalls, hubs, etc.

2) Why Use ACL

As the definition suggests,the  Its primary purpose of an ACL is Security. Others include-

  • Traffic flow control in the network: –

It controls the flow by regulatingIt controls every packet that leaves or enters the network,. It makes sure that no unnecessary or irrelevant packet floats  in the network. This can also save the host from attacks like DDOS (Denial of Service Attacks), as these attacks occur when hackers overflow the host network with lots of data packets.

  • Better  performance of the network:

As there is only the local traffic that was allowed by the Network Engineers, it leads to better performance of the overall network.

  • Supply of an  adequate level of Security:- 

The main objective of ACL is to provide Security to your network, as Admin can give access and deny access to anyone. You can restrict users, packets from specific networks, or packets following a particular protocol, in the same way, permission to packets can also be given.

Earlier, ACL was the only way to implement Firewalls, but now there are many other options available. Companies still use ACL along with others like VPN.

  • Monitoring of the packet flow –

Access Control lists also help in monitoring the network packets that are entering and exiting the network.

3) Where Can You Place ACL

entering the system. One way is to put it at the edge of the router. A router is typically placed between the DMZ and the Internet. Here, DMZ is a Demilitarized Zone, which acts as a barrier between the private network and public network.

DMZ is divided into two devices, the one that is private and is trusted and the other public one, The Internet.

4) Components of ACL

The implementation of the Access control List is simple and easy. You can define rules and guidelines for multiple entries. For every guideline, you have to specify the following details –

  • Sequence Number: An ACL is identified using its sequence number. This is the first entry you have to submit.
  • ACL Name: You can also define the ACL using an ACL Name, instead of ACL Sequence Number. Some routers allow for ACL Name to have a combination of letters and digits, whereas some only allow letters.
  • Remark: Remarks can also be added to some routers. This helps the Network Engineer to add details about the ACL.
  • Statement: Here statements can be denied or provide access to a particular address, network, or Protocol. Users can also be provided access or denial to enter or exit the network.
  • Network Protocol: Here, you can specify whether to deny or to permit network protocols like TCP, UDP, IP,  ICMP, IPX, NetBIOS, and other protocols.
  • Source or Destination: Here, you can specify if you want to mention rules for a specific Source address or Destination address.
  • Log: Some networking devices are capable of maintaining logs about all the matches ACL found. This can be used in the betterment of the performance.
  • Other Criteria: Here you can mention details that are allowed by advanced ACL like, differentiated services codepoint (DSCP) priority, IP precedence, and Type of Service (ToS).

5) Types of Access Control List

There are four types of Network ACL-

  • Standard ACL – This is the simplest one that provides very little security. It permits or denies the network only based on the Source Address. Here different rules cannot be written for protocol or any other detail. The configuration is as follows
  • Extended ACL –Extended ACL provides more options for writing rules like permitting or denying source and destination for a single host or an entire network. You can also mention rules for protocols like UDP, TCP, etc. The configuration is as follows.
  • Dynamic ACL – Dynamic ACLs depend upon the above type of ACLs as well as upon authentication through Telnet. These sorts of ACLs are frequently alluded to as “Lock and Key” and can be utilized for exact time spans. These rundowns license admittance to a client to a destination or source just if the client verifies to the gadget through Telnet. 

The configuration is as follows.

  • Reflexive ACL – Reflexive ACLs are additionally alluded to as ‘IP session ACLs’. These kinds of ACLs are, channel traffic dependent on upper-layer information, i.e., from the session layer. They respond to sessions that began inside the switch to whether grant outbound traffic or limit approaching traffic. The switch perceives the outbound ACL traffic and makes another ACL list section for the inbound.It gets taken out upon the completion of the session. The configuration is as follows 

6) How to implement ACL on a Router

The configuration for how to implement Access Control List is as follows:

Getting entrance and departure traffic (or inbound and outbound) in a router, is essential for appropriate ACL usage. When setting rules for an ACL, all traffic streams depend on the perspective of the router’s interface (not different systems). As should be evident from the image beneath, entrance traffic is the stream originating from a system, regardless of whether it is outer or inward, into the router’s interface. The departure traffic, then again, is the stream from the interface going out into a system. For an ACL to work, apply it to a router’s interface. Since all directing and sending choices are produced using the router’s equipment, the ACL proclamations can be executed a lot quicker. 

When making an ACL section, the source address goes first, and the objective follows. When you make a Deny/Permit rule, you should initially characterize the source, and afterward the objective IP. 

Conclusion

Access Control List is firewalling, that can protect your network from irrelevant packets and traffics. If used carefully, it is very efficient. For this, you need to understand the flow of incoming and outgoing data. If an ACL list is placed in the wrong place, it can badly affect the performance of the network. If you would like to build a career in Cybersecurity, then do check out the Master Certificate in Cyber Security (Blue Team) offered by Jigsaw Academy. This extensive online course is 520-hour-long, and is India’s first program primarily focusing on defensive Cybersecurity technology. 

SHARE