An access control list (ACL) is a set of rules that acts as a gatekeeper for internal network resources. The ACL is usually on a local machine, router, or firewall and will allow or deny a request for access based on user account, port, or IP address authorization. An ACL is an integral part of cybersecurity architecture for businesses with on-premises services, external remote users, and multiple offices connecting to a centralized environment.
Organizations can choose from two types of ACLs:
- File system: This ACL grants or denies access to directories or files based on user account authorization rules.
- Networking: This ACL inspects network traffic for port and IP address and uses the rules to determine if traffic is allowed or denied. It also directs traffic to the resource based on the port service or IP address request.
Only administrators can modify an ACL, but all users interface with the ACL to make access requests. Local machines house ACLs to control access to system files, and networking ACLs control the flow of traffic and data access. User groups can be created to organize users with similar access controls and manage a large organization with thousands of user accounts.
File system ACLs usually run on a local machine, such as a workstation or server. One ACL works with centralized network rules such as Active Directory, while other local machine ACLs control access to files when a user is authenticated locally. For example, users might attempt to access a network file using their Windows domain account. The ACL intercepts the request and determines if access is granted or blocked. On the local machine, the ACL blocks or allows file access when the user is not authenticated into the network.
With a networking ACL, the flow of traffic is allowed or blocked. For example, a user might request service from a web server. This user request might originate from the public internet. The firewall ACL will check the port request and determine if the port –usually port 80 for web servers-- is allowed on the network. The router and firewall direct traffic to the web server if access is granted. A networking ACL looks at the IP address and –or includes—the port number to determine if traffic should have access to a specific network service.
An ACL shouldn’t be the only cybersecurity defense on the network. Most ACLs integrate with the networking architecture so that they’re one line of defense against unauthorized traffic. Administrators must still incorporate granular controls over data and network services. Monitoring services work with ACLs to log every user access request. Administrators can log in when a user is granted access, denied access, or both activities.
When combined with a complete cybersecurity strategy, an ACL is an organization's first line of defense. They are necessary when hosting services on-premises or remote users accessing the internal environment using a virtual private network (VPN). Monitoring ACL access requests also provides notifications when suspicious requests are granted or denied too often.
Susan Morrow
- SECURITY AWARENESS TRAINING
Learn More
Related Terms
Further Reading
How Can TitanHQ Help?
TitanHQ offers a range of solutions to enhance your network security, such as Anti-Spam Solution for email security, DNS and Web filtering, and Email Archiving. By using TitanHQ's security suite, including firewalls and traffic filtering tools, businesses can manage access control effectively.