PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses the significance of access control lists and how these rules help shape a company’s cyberstrategy and IT systems.

By David Dungan

When it comes to hearing about someone’s ACL, the reference, unfortunately, often refers to an athlete, whose season has just ended because they’ve torn their ACL (Anterior Cruciate Ligament).

It’s a devastating injury that requires, on average, around nine months to heal before they’re back in the game.

For a network administrator, the term “ACL” refers to Access Control Lists, that are the lists of rules that determine who can access what in a computer network. A properly configured ACL can save network administrators a lot of time and effort later by protecting against all kinds of unauthorized access and threats.

Network administrators often configure ACLs for switches, routers, and VPNs (virtual private networks), as well as a variety of systems, devices, and even files!

Many devices, such as Chromebooks, already have ACLs configured. However, if one is not yet configured, network administrators can set up their own ACL as an allowlist or a blocklist. In other words, the access control list can either explicitly deny (and implicitly allow) or explicitly allow (and implicitly deny) access. In other words, it enables them to keep a lid on things when it comes to keeping their network secure.

• Explicit denial means that a network administrator would have to list any IP addresses, protocols, and/or credentials they would not want to access a potential resource.
  • On a switch, this rule may look like “deny tcp 192.168.5.0 0.0.0.0.255 eq telnet” if their intention is to deny a protocol.
• They may also input into their system “deny 192.168.5.0 0.0.0.0 10.250.0.0 0.0.0.255” if their intention is to deny a range of IP addresses.

Conversely, implicit denial (and explicit allow) means that a system administrator would need to manually input IP addresses, protocols, or any other users that would like to allow access to their resources. These lists likely have “Deny IP any any” or something similar.

Of course, not unlike the running back or lineman, who wants to stay on the field and avoid a hit that could cause an injury, network administrators should keep in mind the following best practices when implementing access control lists, including:

• Utilizing “implicit deny” whenever possible to block unknowns.
• Being specific when denying certain protocols and IP addresses.
• Making sure to block insecure protocols such as Telnet, POP3, SNMP versions 1 and 2, etc.
• Enabling alerts for ACL configuration changes to protect against unauthorized changes.
• Adding comments on changes to understand why these changes were made later on.
• Enabling logs for changes for auditing.
• Applying specific rules at the top (ex. “Deny TCP 10.4.8.0 0.0.0”) and generalized ones at the bottom (ex. “Deny ip any any”).
• Applying rules for:
  • groups, if possible, to streamline access control.
  • both inbound and outbound ACLs to protect against both inbound and outbound.
• Applying the ACLs close to where the network traffic is coming from.

While this list is not intended to be exhaustive or all-inclusive, implementing best practices gives network administrators an idea for configuring their ACLs and applying policies to ensure the protection of their networks. Network administrators should also follow device vendor instructions and advice when configuring these devices, as the vendors who have designed the network equipment have developed the best practices to keep it secure, and often include step-by-step instructions for configuring these ACLs.

In following these steps, there are several key benefits to access control security, such as:

• Enhanced security.
• Increased operational efficiency.
• Addressing compliance requirements.
• Customized access.
• Audit trails.
• Integration with other security tools.

Access control lists enable organizations to protect their sensitive information from unauthorized access. In today’s cyber-vulnerable world, it can be considered the most basic, yet crucial component of a comprehensive cybersecurity strategy and help your team stay in the game more securely.