[ad_1]
An ACL network uses routers and switches with predetermined access permissions. Data packets are filtered and evaluated against an access control list (ACL) containing access control entries (ACEs). Planning is crucial to avoid being locked out. ACLs are useful for restricting traffic and monitoring packets.
An ACL network is really like any other computer network, with the exception that the routers and switches running on the network adhere to a predetermined list of access permissions. Network routers are provided with a list of rules, called an access control list (ACL), which can allow basic access to or from a network segment, as well as authorization to access services that may be available through it. they. While an ACL can be used in other computer services, such as authorizing the user to access files stored on a computer, in the case of a network ACL, rules are applied to the network interfaces and ports through which data travels. communication data.
When data packets travel through controlled ports on a network device of an ACL network, they are filtered and evaluated for permissions. In most cases, this occurs on a network router or switch. Some firewall programs built into an operating system, however, can also be viewed as a form of access control list. When a data packet enters or leaves an interface on the network device, it is evaluated for its permissions by comparing it to the ACL. If these authorizations are not met, the package is denied travel.
An ACL is made up of access control entries (ACEs). Each ACE in the list contains pertinent permission information for packets entering or leaving the network interface ACL. Each ACE will contain an allow or deny statement, as well as additional criteria that a package must meet. In most cases, packets are evaluated according to common Internet Protocol (IP) standards such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and others in the suite. Of the most basic types of ACLs, only the source address is checked, while in an extended ACL, rules can be established that control the source and destination addresses, as well as the specific ports from which traffic originates and destinations.
In a network ACL, checklists are built into network routers and switches. Each network hardware vendor may have separate rules about how an ACL should be constructed. Regardless of which hardware manufacturer or software developer created the programming that processes packets against an ACL, the most important aspect of implementing a network ACL is planning. With little planning, it’s entirely possible for an administrator to log into a particular router, start implementing an ACL on that router, and suddenly find themselves locked out of that router or some segment of an entire network.
One of the most common network ACL implementations is built into the proprietary Internetwork Operating System (IOS) created by Cisco Systems®. On Cisco® IOS routers and switches, the ACL is typed manually by an administrator and is automatically implemented as each item in the list is added. The ACL must be implemented incrementally, so that when a single packet matches an entry, the rest that fall under the same permissions can follow suit. Any changes to the list mean it has to be rewritten in its entirety.
While not as secure as a firewall for securing a network, an ACL is useful as an adjunct to a firewall for a number of scenarios. An administrator can restrict traffic to and from certain areas of a larger network or prevent traffic from certain addresses from leaving the network altogether. Packets can be monitored in a network ACL to locate problem areas on the network, identify misbehaving hosts, or track down client computers that may be infected with a virus that is trying to spread. An ACL can also be used to specify traffic to be encrypted between network nodes.