The use of an ACL is also sometimes referred to as filtering, because it regulates traffic by
allowing or denying network access.
ACL Overview
An ACL is essentially a list of permit or deny statements that control network access to enforce a security policy.
ACLs are an integral part of the end-to-end security solution. Products and technologies such as firewalls,
encryption and authentication, and intrusion detection and prevention solutions, however, should be part of an
integrated approach to implementing any corporate security policy.
ACL Applications
ACLs have many applications (available across all Cisco platforms), including traffic filtering; however, ACLs
cannot be used as a replacement or substitute for context-based stateful firewalls, which will be discussed
further in Chapter 5, "Cisco IOS Firewall," and Chapter 6, "Cisco Firewalls: Appliance and Module."
ACLs are used in numerous ways. Some common applications of ACLs include the following:
Filtering routing information received from or sent to the adjacent neighbor(s)
Controlling interactive access to prevent unauthorized access to the devices in the network??”for example,
Console, Telnet, or SSH access
Controlling traffic flow and network access through devices
Securing the router by limiting access to services on the router such as Hypertext Transfer Protocol
(HTTP), Simple Network Management Protocol (SNMP), and Network Time Protocol (NTP)
Defining interesting traffic for dial-on-demand routing (DDR)
Defining interesting traffic for IPsec virtual private network (VPN) encryption
Several applications in IOS quality of service (QoS) features
Extensive use in security techniques and technologies (for example, TCP Intercept and IOS Firewall)
ACLs can be used to provide a basic level of security for all traffic accessing or traversing the network.
Pages:
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73