Access Control Lists

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file.

How ACLs work
A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs.

 To simplify how ACL or a router uses packet filtering work, imagine  a guard stationed at a locked door. The guard's instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.

When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.

Why use ACLs

*   Limits network traffic to increase network performance.

*   ACLs provides traffic flow control by restricting the delivery of routing updates.

*   It can be used as additional security.

*   Controls which type of traffic are forwarded or blocked by the router.

*   Ability to control which areas a client access.

References:

http://en.wikipedia.org/wiki/Access_control_list

http://www.orbit-computer-solutions.com/Access-Control-Lists-(ACL).php