Access control lists are used in almost every security device on your network. In this video, you’ll learn how ACLs are used to provide secure access to your important resources.
<< Previous Video: Secure Router ConfigurationNext: Port Security and 802.1X >>
Another way to allow or disallow access to resources, is through something called an access control list. You may hear this referred to as ACLs, or as ack-ulls. The access control lists are things that you would assign to an object, or a network, that would allow permission to that object, or that network.
You see access control lists used in many different environments– in file systems, network devices, operating systems. It’s a very, very common way of setting up permissions to particular resources.
For instance, this is the way you do an access control list, to be listing out permissions of a file, for instance. In this access control list, Bob can read the files, Fred can access the network, James can access the network, 192.168.0.1/24, using TCP ports 80, 443, and 8088. So you can have very generalized access controls in your access control list, or very specific access controls in your access control list.
Here’s a good example of an access control list that might be inside of a firewall. Here’s access list. All of this is a member of the first access list in the firewall.
Here’s a deny access control that says, if you are on 172.16.5.2 with this mask– which means, really, this IP address– we’re going to deny any traffic from that IP address. So that locks it out. Here’s another one, access control list we’re going to deny 172.16.5.3. So the first two of these rules in this access control list are denying traffic to individual IP addresses.
And here’s the last access control– that says, permit any. Which means, if you aren’t 172.16.5.2, 172.16.5.3, everybody else is allowed to communicate.
That’s a very simple access control list, but it gives you an idea of– looking at a router, or looking at a firewall– the process it goes through to go down that list, and allow or disallow access to resources on the network.