What is a Network Access Control List (ACL)?

Access management is a critical aspect of managing permissions and access to systems, resources, and applications. Using access control lists we can manage permissions on networks and computer systems. 

Access control lists (ACLs) are a way to manage permissions in a structured manner for systems, files, resources, and applications. Access to network resources and actions associated with that access is specified by ACL.

IP address, port number and protocol are certain criteria used by network access control lists (ACLs) to allow or block network traffic in enterprise networks. Connection establishment is allowed or not is determined by traffic filtering imposed by ACL.

In this article we will learn more in detail about Network Access control list (ACL), their characteristics, why we need them and how they function.

Network Access Control List 

An access control list manages permissions on computer systems and networks in a structured manner. It helps to manage network security, controlled user access, data protection and prevent intrusions by blocking traffic from malicious sources. 

Network data flow in/out for network components such as routers, switches, gateways is controlled by ACL. Network administrators manage network access control lists and grant permissions to read, write, edit, and view rights. IP address, port and protocol are common criteria to enable selective traffic flow control using ACLs.

ACL Components 

ACL has 5 components to manage flow rules as under:

• Actions are allowed or denied to users or groups using individual rules with Access control entities (ACE) 
• Access mask are permission definitions such as view, read, write, edit etc
• Objects are entities on which access control will be imposed such as Directories, files network components etc 
• In what sequence ACL rules will apply is determined by evaluation order 
• Default actions determine denial or allowing traffic based on ruleset and are predefined

How Network Access Control List (ACL) work

Only authorized interactions are allowed by network access control lists to manage access and control network traffic. Routers and switches having access rules defined which governs flow of data throughout the network. Access control entities (ACEs) in ACLs maintain users and groups of users having specific rights and network administrators define the level of permissions such as read, write, edit and view using an access mask. 

ACL allows and denies traffic based on predefined rules and network administrator is responsible to configure the precedence or sequence of rules as per the security policies of the organization. Each data packet is checked against ACL rules to decide whether to allow or deny traffic based on IP address, port and protocol, and packet contents as per established security policy. Each rule has an action associated with it in the ACL. 

Characteristics of Network Access Control Lists (ACLs)

• Enhanced Security – Users’ access is limited only to resources aligned with their assigned roles which minimizes risk of elevated privileges, phishing attacks or credential theft. 

• Improved Efficiency – Access control management is streamlined using ACLs. Network administrators assign users to roles having specific set of privileges as per their role requirements and remove when not required 

• Optimized Network Performance – Based on common criteria such as source, IP address, port or protocol through which traffic will flow and restricting access to resources based on this criteria by network administrator helps in preventing unnecessary traffic generation leading to network congestion. 

• Scalability and Flexibility – Flexible management of roles and permissions is achieved using network access control lists (ACLs). Can be implemented globally in a uniform manner.

• Compliance and Auditing – Network access control lists (ACLs) help in achieving regulatory compliance requirements such as GDPR, HIPAA. For example, imposing access restrictions to customer sensitive data or Personal data using roles and permissions. Auditing is made easier as access requests can be tracked and logged. 

ABOUT THE AUTHOR

Rashmi Bhardwaj

Founder of AAR TECHNOSOLUTIONS, Rashmi is an evangelist for IT and technology. With more than 12 years in the IT ecosystem, she has been supporting multi domain functions across IT & consultancy services, in addition to Technical content making.

You can learn more about her on her linkedin profile – Rashmi Bhardwaj