Post

NetworkSec - Layer 3 - Access control lists (ACLs)

[toc]


NetworkSec - Layer 3 - Access control lists (ACLs)

ACLs

  • Access control lists (ACLs):
    • rules implemented on a router / firewalls.
    • Rules within an ACL provide rule-based management for the router
    • control inbound and outbound traffic.
    • identify what traffic is allowed and what traffic is denied.
  • Router ACLs provide basic packet filtering.

They filter packets based on IP, ports, protocols based on the protocol identifiers:

  • IP addresses and networks:
    • Add a rule in the ACL to block access from any IP or subnet IDs….
    • Example:
      • The Sales department: 192.168.1.0/24 network
      • the Accounting department: 192.168.5.0/24 network.
      • ensure traffic from these two departments stays separate with an ACL on a router.
  • Ports:
    • filter traffic based on logical ports.
    • Example:
      • block HTTP traffic = block traffic on port 80.
      • choose to block incoming traffic, outgoing traffic, or both.
      • or allow outgoing HTTP traffic while blocking incoming HTTP traffic.
  • Protocol numbers:
    • Many protocols are identified by their protocol numbers.
    • Example:
      • ICMP uses a protocol number of 1 and many DoS attacks use ICMP.
      • block all ICMP traffic (and the attacks that use it) by blocking traffic using this protocol number. Many automated intrusion prevention systems (IPSs) dynamically block ICMP traffic in response to attacks.
      • Similarly, you can restrict traffic to only packets encrypted with IPsec ESP using a rule that allows traffic using protocol number 50, but blocks all other traffic.
      • PPTP uses protocol number 47 and can be allowed by allowing traffic using protocol ID 47.

Implicit Deny

From (New S+ ch3)

concept to understand in ACLs.

  • traffic that isn’t explicitly allowed is implicitly denied.

Example: configure a router to allow Hypertext Transfer Protocol (HTTP) to a web server. The router now has an explicit rule defined to allow this traffic to the server. If you don’t define any other rules the implicit deny rule blocks all other traffic. Firewalls also use an implicit deny rule.

The implicit deny rule is the last rule in an ACL.

  • automatically apply the implicit deny rule as the last rule.
  • Or administrator place the rule at the end of the ACL manually.

Syntax of implicit deny rule:

  • DENY ANY ANY
  • DENY ALL ALL
  • both ANY and ALL: any type of traffic.

.

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.