Share this: Facebook Twitter Reddit LinkedIn WhatsApp
On the Limitations of Access Control Lists [ACL’s] in Network Security
In basic security parlance, the Access Control List [ACL] directly determines which parties can access certain sensitive areas of the network. Usually, there are several. One enables general access to the network, which includes non-sensitive information about company policy and operations [Verma 2004]. Access is granted to a general audience and all personnel within the organisation. Confidential files and sensitive data, however, would only be available to a limited number of people, which would be specified. Such delicate information is often only available when accessing a certain terminal. For example, our hypothetical travel agency will allow only the network manager on a particular terminal to PING the proxy servers from the internal LAN as well as deny connections from the Internet to those hosts with private source IP addresses. As with any company, the travel agency wishes to protect its sensitive information from hackers and fellow competitors. The network administrator created ACL’s congruent with the company’s security policy. However, additional protocols will need to be implemented in order to offer the agency the full protection it needs. The purpose of this essay is to highlight the vulnerabilities and limitations of the ACL and suggest supplementary protocols to ensure tighter security.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing ServicePeter Davis [2002] identified six vulnerabilities of the ACL in the context of testing Cisco’s routers. First, because the ACL will not block the non-initial fragments of a packet, then the router will fail to block all unauthorized traffic. ‘By sending an offending traffic in packet fragments, it is possible to circumvent the protection offered by the ACL’ [Davis 2002]. Secondly, if one were to send packet fragment traffic to the router, it is likely that there would be a denial-of-service on the router itself. This is because the router fails to acknowledge the keyword fragment when a user sends a packet specifically to the router [Davis 2002]. Third, there is the odd phenomenon of the unresponsive router. ‘The router ignores the implicit deny ip any any rule at the end of an ACL when you apply an ACL of exactly 448 entries to an interface as an outgoing ACL’ [Davis 2002]. The result of this would compromise the integrity of network security, as the ACL will not drop the packets. Fourth, modern routers allow support for the fragment keyword on an outbound ACL. In previous models, only the inbound ACL provided support for this keyword while ignoring the outbound ACL [Davis 2002]. Fifth, the outbound ACL may fail to prevent unauthorized traffic on a router when the administrator configures an input ACL on some interfaces of the multi-port Engine 2 line card. ‘Any ACL you apply at the ingress point will work as expected and block the desired traffic. This vulnerability can cause unwanted traffic in and out of the protected network’ [Davis 2002]. Last of all, even the fragment keyword is not sufficient to get the ACL to filter packet fragments, which would enable an individual or corporation to exploit this weakness—attacking systems that are supposed to be shielded by the ACL on the router [Davis 2002]. To avoid many of these pitfalls, Davis recommends that administrators routinely filter packet fragments.
Although filtering may be useful, it is insufficient in preventing security breaches according to Kasacavage and Yan [2002]. Without supplementary processes, packet filtering will fail to identify the originator of the data, and it would fail to prevent a user from gaining access to a network behind the router. Thus, the creation of extended ACL’s along with the standard is very important. ‘Standard ACL’s can only filter based on the source address and are numbered 0 through 99’[Prosise & Mandia, p. 429]. Extended ACL’s, in contrast, can filter a greater variety of packet characteristics and are numbered 100-199. In other words, each object is supposed to enforce its unique access control policy [Sloot 1999]. For instance, the ACL commands are applied in order of precedence and the second rule will not allow the packets denied by the first rule, even if the second rule does permit that [Prosise & Mandia].
Filling in the Gaps
One recommendation for securing a private network is to use a firewall such as a DMZ LAN. Essentially, it does not have any connections save the router and firewall connections [Kasacavage & Yan 2002]. This would force all packets of all networks [public and private] to flow through the firewall. This greatly diminishes the breaches common in security systems employing mainly ACL’s as direct unprotected connection with the Internet is judiciously avoided. The problem with the router mentioned by Davis in the previous section was its failure to filter packets going in one direction, or outbound ACL’s with specific identifiers. Installing a firewall at each locus connected to the Internet is highly recommended [Kasacavage & Yan 2002]. Like most aspects of technology, the ACL must be updated quite frequently. However, this gives the individual employed in this task a high degree of latitude, which is why access to this function must be strictly controlled [Liu & Albitz 2006]. ‘In order to use dynamic updates, you add an allow-update or update-policy substatement to the zone statement of the zone that you’d like to make updates to…it’s prudent to make this access control list as restrictive as possible’ [Liu & Albitz 2006, p. 232].
As wireless communications technology continues to revolutionize the way people do business, another issue that will concern security administrators is the increase of wireless LAN attacks that result in the loss of proprietary information and a loss of reputation as customers become leery of a company that can easily lose personal data [Rittinghouse & Ransome 2004]. Most wireless networks identify individual users via the Service Set Identifier [SSID] in such a way that would repel wireless LAN attacks that greatly compromise network security by using the ACL that comes standard with WLAN equipment. Because all devices have a Media Access Control [MAC] address, ‘the ACL can deny access to any device not authorized to access the network’ [Rittinghouse & Ransome 2004, p. 126]. However, other host-based intrusion detection software such as Back Orifice, NukeNabber, and Tripwire are also instrumental in preventing these attacks.
In sum, although it would be impossible to create an impregnable security system, it is necessary to ensure that the system one employs is extremely difficult to breach, with very little profit for their troubles. By identifying the six most significant issues ACL’s face and exploring other ways that network administrators can close the gaps, more sophisticated security protocols can be put into operation. However, while security systems are correcting their weaknesses, computing experts on either side of the law are still finding ways to circumvent them. Controlling access to sensitive data is a necessity in any network, even in an informal file-sharing network. With the enclosed ACL’s, the agency shall be able to successfully diminish its odds of a security breach.
Bibliography
Davis, P.T. [2002], Securing and controlling Cisco routers, London: CRC Press. [Online at books.google.com]
Kasacavage, V. & Yan, W. [2002], Complete Book of Remote Access: Connectivity and Security, London: CRC Press
Liu, C. & Albitz, P. [2006], DNS and BIND: Fifth Edition, Sebastopol, CA: O’Reilly Media Inc.
Prosise, C. & Mandia, K. [2003], Incident Response & Computer Forensics, New York: McGraw Hill Professional
Rittinghouse, J.W. & Ransome, J.F. [2004], Wireless Operational Security, Oxford: Digital Press
Sloot, P., Bubak, M., Hoekstra, A. & Hertzberger, R. [1999], High-Performance Computing and Networking, New York: Springer
Verma, D.C. [2004], Legitimate Applications of Peer-to-Peer Networks, Hoboken, NJ: John Wiley & Sons
Share this: Facebook Twitter Reddit LinkedIn WhatsApp
Managing access to sensitive data and resources is a crucial component of an organization’s cybersecurity strategy. With advanced persistent threats [APTs] and the rise of organized cybercrime, an organization cannot guarantee that they will be able to restrict an attacker from gaining access to their internal network and systems.
Protecting sensitive data and resources requires implementing a zero-trust security strategy, where users and devices have restricted access to the organization’s digital resources. By limiting the access of user accounts and devices to what is essential for performing core business duties, it is possible to protect the organization against an attacker who has compromised a user’s account or against an insider threat.
One means of implementing this level of access monitoring and control is through the use of an access control list [ACL]. ACLs come in a variety of different types, and have their advantages and disadvantages compared to other means of access control. Understanding the capabilities and limitations of ACLs is essential to implementing a usable but secure zero trust architecture.
Types of ACLs
In general, an access control list is exactly what its name suggests: a list that governs access to a particular resource. ACLs can be used in a number of different contexts, but two of the most common are governing permissions on file systems and at the network level.
In a filesystem, an ACL is designed to help the operating system determine the levels of access that a particular user has with regard to a certain file or directory. Commonly, these permissions state whether or not a user has the ability to read, write, and/or execute a particular file.
In Linux, ACLs are available as an supplement to traditional permission management, where file permissions must be set on a per-file or per-folder basis. With an ACL, an administrator can assign certain permissions or sets of permissions to a given user very easily. This enables a certain user or group to be given certain permissions for a file by the file owner even if that owner does not have the power to manage the given group.
ACLs can also be applied at the network level, where they can be used in a variety of ways. Network ACLs can provide performance improvements by implementing restrictions on certain types of traffic or for a particular region of the network. They also provide security benefits since they can restrict communications between different systems or over certain protocols as needed.
At the network level, two main types of ACLs exist. A standard ACL applies restrictions based solely upon the source IP address of traffic. For example, a protection against data exfiltration may be blocking any traffic coming from the main database server from crossing the organization’s network perimeter. Since the database server should not be communicating with external systems directly, this could help to detect and block potentially malicious traffic. However, this standard ACL could not differentiate different types of traffic and make decisions accordingly.
An extended ACL uses the source and destination addresses and ports in its analysis. This enables a network administrator to define much more granular rules regarding the types of traffic that are permitted to pass through and the types that should be blocked. This is helpful if, for example, an administrator wishes to decrease the attack surface of a web server by limiting traffic to and from it to only traffic flowing on legitimate HTTP[S] ports [80 and 443].
Pros and Cons of ACLs
Access control lists can be used to implement a wide range of security controls. However, they have their advantages and disadvantages. In many cases, an ACL, while effective, may not be the right choice.
The main advantage of ACLs is their simplicity. An ACL clearly lays out the levels of access and permissions that each user, group, or device has on a particular system. This makes it easy to define and interpret an ACL. Since these lists can easily be made human readable, an administrator can easily determine the current permissions and access controls placed on a system, make edits, and revoke permissions as necessary.
On the other hand, ACLs have a number of disadvantages as well. These include a lack of efficiency, scalability, and visibility.
ACLs lack efficiency since they only support explicitly declared access controls. If, for example, a user has unique access or permissions because they are both in the IT department and a manager, this level of access must be explicitly stated rather than inferred based upon membership in both groups. This requirement for explicit declaration of access controls also impacts scalability. As the number of users, groups, and resources grows, so does the length of the ACL and the time required to determine the level of access granted to a particular user.
Finally, ACLs lack visibility since a user’s permissions and levels of access can be scattered across multiple, standalone lists. Auditing, changing, or revoking access requires a review of every ACL in the organization’s environment to apply the new permissions.
Choosing the Right Access Control Mechanism
ACLs are one of several options for implementing access control mechanisms in a system. In some contexts, their simplicity makes them the ideal solution, while, in others, their limitations drive a need for a different solution. Ensuring system usability and security requires selecting the right access control mechanism for each particular use case.