Access Control Lists

Its this time of the week again!

So, this week we will be doing Access Control Lists!

I will try to put this down in table form yet again, cause I don't get bored doing it!

Access Control List

Access control can be used for many purposes.

For starters, I have used it on my own Desktop-PC to prevent myself from playing games on it while I work! ( I will show you some pictures about it later on in the week! )

Now back to INKS, Access Control can also be used in routers to control traffic!

So to say, there is 2 types of access list used for Access Control in a router. They are:

Standard Access List	Extended Access List
Can filter IP packets based on origins or source address	Gains added ability to filter packet based on the following: Protocol types. (E.g. EIGRP, ICMP, OSPF, TCP, UDP etc.) Source and Destination IP addresses ( Also known as origin and target) Source and Destination ports of either TCP or UDP

For a network to be secure, Access Control Lists(ACLs) are a must! Hence, a network administrator must know the difference between a standard and extended access list.

---

Standard and Extended ACLs makes use of the following commands:

Standard Access Control Lists:
access-list [1-99] [deny|permit] host [Source Address]

For example, a Standard ACL command like this:
access-list 1 permit host 192.168.1.0
Will permit Any host with IP address 192.168.1.2 connection

Extended Access Control Lists:

access-list [100-199] [permit|deny] [protocol] host [Source address] host [destination]

For example, a Extended ACL command like this:
access-list 100 permit tcp host 192.168.1.2 host 212.64.1.21
Will permit Any host with IP address 192.168.1.2 TCP connection to a host with 212.64.1.21

---

ACLs works in Hierarchical order:

Access Control List (regardless standard or extended) works hierarchically, from the first-most entered Control list taking most precedence and the last-most taking least precedence.

In the case where the ACLs that have been establish are in this manner:

access-list 100 permit tcp host 192.168.1.254 any access-list 100 deny tcp any any

Will allow tcp connection to any one with source address 192.168.1.254(Formally known IP for SingTel's Mio Router's default IP) to any destination address, while any source address other then 192.168.1.254 will be denied connection with any destination address.

Well, Thats all about ACLs,

We will be moving onto the next part of Access Control, Context-Based Access Control(CBAC)!