Access Control Lists (ACLs)
■ A list of permissions associated with a given system or network resource
■ Can be applied to routers, layer three switches, or firewalls
■ Contain rules that are applied based on IP addresses, ports, or applications
■ Processed from top to bottom
● Specific rules should be at the top
● Generic rules should be at the bottom
Blocking Strategies
■ Block incoming requests from internal or private loopback addresses, multicast IP ranges, and experimental ranges
■ Block incoming requests from protocols that should only be used locally (e.g., ICMP, DHCP, OSPF, SMB)
■ Configure IPv6 to block all traffic or allow only authorized hosts and ports
Explicit Allow
■ Specified in ACLs using “permit” statements
■ Each “permit” statement explicitly allows a specific type of traffic from a specific source to a specific destination
Explicit Deny
■ Statement used to block specific types of traffic
■ Created by changing the “permit” keyword to “deny” in an ACL rule
Implicit Deny
■ Statement that is automatically applied at the end of an ACL if no explicit deny statements are present
■ Blocks all traffic that is not explicitly permitted by “permit” statements
ACL Basics
Remember 0.0.0.255 really means the subnet mask is 255.255.255.0. Allowing for 254 usable ip addresses, 256 in total
Impact on Security
■ Explicit allow statements ensure that only specified traffic is allowed, increasing security by minimizing unintended access
■ Explicit deny statements allow for precise control over which traffic is blocked
■ Implicit deny provides a default block for all traffic not explicitly permitted, adding an extra layer of security
Role-Based Access Control
■ Defines privileges and responsibilities of administrative users
■ Users are grouped based on roles or job functions
■ Permissions are assigned based on roles (e.g., configuring firewalls, adding/removing users)
