ACL - ACCESS CONTROL LIST

11/5/2004

Access Control Lists (ACL) control resource access/usage. They can be used at many levels. For example, they can be applied by routers to accept/reject individual data packets. In addition to providing security, they may be used for other purposes such as balancing data flows on a network. ACLs are often set up on firewall routers that protect portions of a network and on border routers that handle traffic to from an external network. Some devices allow separate ACLs for inbound and outbound traffic.

ACLs are also used by many operating systems to user control access to files and/or other resources such as printers. Typically they will divide file access into read only, execute, or read/write. But they may allow finer control. e.g. a specific user can read and write, but not rename or delete. Most widely used operating systems provide some form of access control. There are many approaches. Netware, for example, has an elaborate ACL based access system as does Windows NT. Unix and unixlike systems provide a access controls that are similar in practice although the implementation is somewhat different in philosophy in that access is controlled associating each object with one, and only one, user.

In many appications, access lists control access based on a name, address or some other characteristic. There is no challenge-authentication process as there is with passwords. This can be good -- or bad -- depending on what the immediate objective is,.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt3/scacls.htm

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/EACL128.html

Return To Index Copyright 1994-2002 by Donald Kenney.