Access control list (ACL)
ACL is a list of conditions that are used to filter packets they are helpful in managing
traffic in a network. it defines all the permissions attached to an object in the network
it specifies which users or system processes are granted access to object as well as what
Terms Used in Access control:-
- Object:- A device that contains or receives information. Access to this device possible ibfers access to the data it contains.
Ex, Server
- Subject:- An active device generally in the forme of a person, Process,or system that leads to information flow between object.
Ex, Users
- Operation:- An active process stimulated by a subject.
Ex, Users send information to servers
- Permission:- An approved to execute some action on the system. In most computer security literature, permission denotes some arrangement of object and operation.
Ex, Data access permission for Users.
- Access control matrix:- A MATRIX in which each row denotes a subject, each column denotes an object, and each record is the set of access rights for that subject to that object.
- Separation of Duty:- The norm that no user should be given abundant privileges such that they might misuse that system.
Ex, the rules for authorised and unauthorised users.
- Safety:- Arrangements in place to ensure that the access control confirmation.
Ex, access control mechanisn or model.
- Inbound:- If the access list is inbound, when a packed is delivered to the Router, the Cisco ISO check the standards statements of the access list for a match. If the packet is permissible, the software continues processing the packet. If the packet is denied, the software discards the packet.
- Outbound:- If the access list is outbound, when the software receives and Router a packet to the departing interface, the Cisco ISO check the standards statements of the access list for a match. If the packet is permissible, the Cisco ISO transmits the packet. If the packet is denied, the software permissible discards the packet
Extended Access lists :– with extended access lists, you can be more precise in your filtering. You can evaluate source and destination IP addresses, type of layer 3 protocol, source and destination port… Extended access lists are harder to configure and require more processor time than the standard access lists, but they allow a much more granular level of control.
To demonstrate the concept, we will use the following example.
We have used the standard access list to prevent all users to access server S1. But, with that configuration, we have also disable access to S2! To be more specific, we can use extended access lists. Let’s say that we need to prevent users from accessing server S1. We could place an extended access list on R1 to prevent users from accessing S1. That way, no other traffic is forbidden, and users can still access the other server, S2:
Questions:-
- What is Extended Access Control list
- What is ACLe use for serve
No comments:
Post a Comment