How it works
ACLs permit specific system objects like directories or file access to authorized users and deny access to unauthorized users. Each item in an ACL specifies a subject and an operation.
Users have different levels of privilege. For example, if a file object has an ACL that contains (John: delete; Jenny: read; Craig: read, write), this would give John permission to delete a file, Jenny permission only to read, and Craig permission to read and write.
Also, ACLs are built into OSes and network interfaces, where they ban or authorize types of traffic to the network.
The source and destination of traffic are the main principles of filtering. ACLs deliver the main objective through the identification and management of network access behaviors, traffic flow management, and granular watching.
What problems ACL solve
ACL is one of the productive ways to protect networks and quality of service in organizations. ACL solves the following problems:
- prevent viruses and malicious code from entering the organization,
- overtaking of network information measure by unsuitable services, thereby denying resources to special services,
- data breaches of counselling.
Types Of ACLs
There are four kinds of ACLs.
- Standard ACLs permits you to solely appraise packet supply information science addresses. They additionally use numbers 1300-1999 or 1-99 in order that the router will determine the precise address because the supply information science address. Standard ACLs are not so powerful as extended ACLs however use less computing power.
- Extended ACLs permits you to dam supply and destination for specific hosts or the entire network. With extended ACLs it’s attainable to filter traffic supported protocols: IP, TCP, ICMP, UDP.
- Reflexive ACLs are referred to as information science session ACLs. They use upper-layer session details to filter traffic.
- Dynamic ACLs are robust with respect to advanced ACLs, Telnet and authentication. They give administrators the flexibility to configure access. For example, allow a user to access a resource temporarily, or deny access to a router from the WAN, but still allow a small group of people access to it.