What is an Access Control List (ACL)?

 

An Access Control List (ACL) is a rule set that defines which users, systems, or processes are granted or denied access to specific resources. ACLs are fundamental to information assurance (IA) because they enforce the principle of least privilege, ensuring that only authorized entities can access or modify sensitive systems, files, or network traffic.

In networking, ACLs are commonly associated with routers, firewalls, and switches where they control packet flow based on criteria like source/destination IP, protocol, or port. In operating systems and applications, ACLs define which users or groups can read, write, or execute files and services.

Types of ACLs

  1. File System ACLs (Host-Based ACLs)
    • Used by operating systems (e.g., Windows NTFS permissions, Linux chmod/setfacl) to control access to files and directories.

 

A screenshot of a computer AI-generated content may be incorrect.

 

  1. Network ACLs (Router/Firewall ACLs)
    • Define traffic rules at the interface level (inbound or outbound).
    • Examples:
      • Permit HTTP (TCP 80) from subnet 192.168.1.0/24.
      • Deny ICMP echo requests from outside networks.

 

Cisco Packet Tracer - listy ACL – Systemy operacyjne i sieci komputerowe

 

 

  1. Switch Port ACLs (Layer 2 ACLs)
    • Applied on switch ports to filter traffic before it’s forwarded.
    • Often used in campus networks to enforce VLAN security.

 

  1. Directory Service ACLs (e.g., Active Directory)
    • Define what users/groups can access objects in a directory (like user accounts, groups, printers).
    • Example: only administrators can reset passwords or modify group memberships.
  2. Application ACLs
    • Control access within specific software applications or databases.
    • Example: A database ACL restricting access to certain tables or views.
  3. Cloud ACLs
    • Used in cloud platforms like AWS, Azure, and GCP.
    • Example: AWS S3 bucket ACLs specify who can read/write objects.
    • Often combined with Identity and Access Management (IAM) policies.

How ACLs Are Used

  • Network security: Filter malicious or unauthorized traffic (e.g., blocking known bad IPs).
  • Segmentation: Control communication between internal subnets or VLANs.
  • Access governance: Enforce role-based access to files, directories, and databases.
  • Regulatory compliance: Ensure sensitive data is accessible only to approved entities.
  • Intrusion prevention: Drop traffic based on suspicious patterns (e.g., known attack ports).

How ACLs Are Configured

  1. On Routers and Firewalls
    • Syntax depends on vendor (Cisco IOS, Juniper, pfSense, etc.).
    • Example (Cisco standard ACL):

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 10 deny any

interface g0/0

   ip access-group 10 in

    • Example (extended ACL):

access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80

access-list 100 deny ip any any

 

  1. On Operating Systems (File ACLs)
    • Windows: GUI (Properties → Security Tab) or icacls command.
    • Linux: setfacl -m u:alice:rwx file.txt.

 

  1. On Applications/Databases
    • SQL:

GRANT SELECT ON Customers TO AnalystUser;

DENY DELETE ON Customers TO AnalystUser;

Summary

ACLs are versatile security controls used at multiple layers of IT infrastructure:

  • Filesystem (OS-level security)
  • Routers, firewalls, switches (network traffic filtering)
  • Directories and databases (user rights and privileges)
  • Cloud platforms (object and service access control)

They are configured differently depending on the platform but always serve the same function: restricting access to protect confidentiality, integrity, and availability (CIA triad).