Scribd
Upload
108 views22 pages

Kawaljit Singh Bali M. Tech CSE Ist Sem

This document discusses access control lists (ACLs) and their implementation on routers. It defines ACLs as sets of permissions that control which subjects can access an object and how. The document outlines the basic steps of access control - identification, authentication, and authorization. It describes standard ACLs, which filter based on source address, and extended ACLs, which can filter on additional attributes. The document explains how ACL statements are evaluated sequentially and from top to bottom to either permit or deny traffic. It also discusses enhancing ACL functionality with time-based, reflexive, dynamic, and context-based access control in the future.

Uploaded by

9797445105
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
108 views22 pages

Kawaljit Singh Bali M. Tech CSE Ist Sem

This document discusses access control lists (ACLs) and their implementation on routers. It defines ACLs as sets of permissions that control which subjects can access an object and how. The document outlines the basic steps of access control - identification, authentication, and authorization. It describes standard ACLs, which filter based on source address, and extended ACLs, which can filter on additional attributes. The document explains how ACL statements are evaluated sequentially and from top to bottom to either permit or deny traffic. It also discusses enhancing ACL functionality with time-based, reflexive, dynamic, and context-based access control in the future.

Uploaded by

9797445105
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 22

KAWALJIT SINGH BALI

M. Tech CSE
Ist Sem. 1
ACL Lesson Objectives

 Define Access Control ,its need and how to


implement.
 Describe the use and process of access lists.
 Describe standard and extended access lists to
filter IP traffic.
 Monitor selected access list operations on the
router.
 Enhanced Access Lists.

2
Access Control Terminology
 Access control is
 The process by which resources or services are granted
or denied on a computer system or network.
 Elements of Access Control
 Identification
 A user accessing a computer system would present
credentials or identification, such as a username.
 Authentication
 Checking the user’s credentials to be sure that they
are authentic and not fabricated.
 Authorization
 Granting permission to take the action. 3
Steps of Access Control

Identification

Authentication

Authorization
Resource

Accountability
Access Control Lists(ACLs)

 Access control list (ACL)


 A set of permissions that is attached to an object.
 Specifies which subjects are allowed to access the
object.
 And what operations they can perform on it.

 In Networking Sense
 ACL is a set of instructions that are used to restrict
any unauthorized access from outside environment
to inside our network.
5
6
What are Access Lists?
CONTD..

 Access lists perform several functions within a


router, including:
 Implement security / access procedures
 Act as a protocol "firewall"
 Two main types of access lists are:
 Standard
 Extended

7
Standard Access Lists
 Standard access lists for IP check the source address of
packets that could be routed.
 The result permits or denies output for an entire protocol
suite, based on the network/subnet/host address.
 Packets coming in are checked for address and protocol.
If permitted, the packets are output through which is
grouped to the access list.
 If the packets are denied by the standard access list, all
these packets for the given category are dropped.

8
Extended Access Lists

 Check for both source and destination packet


addresses.
 Check for specific protocols, port numbers, and other
parameters.
 This allows administrators more flexibility to
describe what checking the access list will do.
Packets can be permitted or denied output based
on where the packet originated and on its
destination.

9
Extended Access Lists

 Also permits or denies with more


granularity.
 For example, it can allow electronic mail traffic
from source to specific destinations, while
denying remote logins or file transfers

10
11
12
13
A List of Tests: Deny or
Permit
 Access list statements operate in sequential,
logical order.
 Evaluate packets from the top down.
 If a packet header and access list statement
match, the packet skips the rest of the
statements.
 If a condition match is true, the packet is
permitted or denied. There can be only one
access list per protocol per interface.
14
Deny Any Statement

 For logical completeness, an access list must


have conditions that test true for all packets
using the access list.
 A final implied statement (DENY ANY) covers all
packets for which conditions did not test true.
 This final test condition matches all other
packets. It results in a deny.
 Instead of proceeding in or out an interface, all
these remaining packets are dropped.

15
Access List Command
Overview
 In practice, access list commands can be
lengthy character strings.
 Access lists can be complicated to enter or
interpret.
 However, you can simplify understanding the
general access list configuration commands
by reducing the commands to two general
elements

16
17
18
19
20
Enhanced Future Access Lists

 Time-Based—Access lists whose statements become


active based upon the time of day and/or day of the
week.

 Reflexive—Create dynamic openings on the untrusted


side of a router based on sessions originating from a
trusted side of the router.

 Dynamic (Lock and Key)—Create dynamic entries.

 Context-Based Access Control (CBAC)—Allows for


secure handling of multi-channel connections based on
upper layer information. 21
Thank You

22

You might also like