Access Control Lists

April 20, 2009

Access Control Lists (ACL) are used by routers and other networking devices to control traffic that comes in and out of your network. These access lists can be general in nature or specific to certain types of communications. Access Lists are typically used in firewalls to control communications between public and private networks, but they can also be used on internal routers to regulate traffic within the network. An Access List Entry (ALE), which is contained inside the ACL, usually includes where the network packet is coming from, where it’s going, what the protocol is (whether TCP or UDP), the TCP/IP port it uses, and, finally, whether access is allowed or denied. The types of parameters that can be controlled using an access list include the following:

Source Address – This parameter specifies the originating source IP address of a packet. The source address can be an internal or external machine, or an internal address that it proxies to an external address.

Destination Address – The destination IP address specifies where the packet is going. This can be internal or external to the network.

Port Numbers – This parameter specifies the TCP/IP port number the communication is using. Each type of  TCP/IP service uses a standard port.

Protocol – This parameter identifies the protocol being used in the transmission, such as File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), or Dynamic Host Configuration Protocol (DHCP). This is usually used in conjunction with a port number that’s standard to that protocol or service. This parameter can also be used to define whether the protocol is using TCP or UDP.

Permit or Deny – This parameter is used to permit or deny the communication specified in the access list entry.

The following is an example of an ACL entry for a router:

L 8-1        permit source destination tcp port 80

The syntax used by your router or network device will be similar to this entry, but it varies from vendor to vendor. ACLs can be a valuable security tool for locking down access to certain networks or hosts. This type of access control is critical for preventing spoofing attacks, where an unauthorized user tries to masquerade their external host as an internal system by spoofing the IP address to look like it’s coming from the internal network. An ACL can be set up to prevent external traffic coming in as an internal address.

%d bloggers like this: