Managing access to sensitive data and resources is a crucial component of an organization’s cybersecurity strategy. With advanced persistent threats (APTs) and the rise of organized cybercrime, an organization cannot guarantee that they will be able to restrict an attacker from gaining access to their internal network and systems.
Protecting sensitive data and resources requires implementing a zero-trust security strategy, where users and devices have restricted access to the organization’s digital resources. By limiting the access of user accounts and devices to what is essential for performing core business duties, it is possible to protect the organization against an attacker who has compromised a user’s account or against an insider threat.
One means of implementing this level of access monitoring and control is through the use of an access control list (ACL). ACLs come in a variety of different types, and have their advantages and disadvantages compared to other means of access control. Understanding the capabilities and limitations of ACLs is essential to implementing a usable but secure zero trust architecture.
Types of ACLs
In general, an access control list is exactly what its name suggests: a list that governs access to a particular resource. ACLs can be used in a number of different contexts, but two of the most common are governing permissions on file systems and at the network level.
- Filesystems ACLs
In a filesystem, an ACL is designed to help the operating system determine the levels of access that a particular user has with regard to a certain file or directory. Commonly, these permissions state whether or not a user has the ability to read, write, and/or execute a particular file.
In Linux, ACLs are available as an supplement to traditional permission management, where file permissions must be set on a per-file or per-folder basis. With an ACL, an administrator can assign certain permissions or sets of permissions to a given user very easily. This enables a certain user or group to be given certain permissions for a file by the file owner even if that owner does not have the power to manage the given group.
- Network ACLs
ACLs can also be applied at the network level, where they can be used in a variety of ways. Network ACLs can provide performance improvements by implementing restrictions on certain types of traffic or for a particular region of the network. They also provide security benefits since they can restrict communications between different systems or over certain protocols as needed.
At the network level, two main types of ACLs exist. A standard ACL applies restrictions based solely upon the source IP address of traffic. For example, a protection against data exfiltration may be blocking any traffic coming from the main database server from crossing the organization’s network perimeter. Since the database server should not be communicating with external systems directly, this could help to detect and block potentially malicious traffic. However, this standard ACL could not differentiate different types of traffic and make decisions accordingly.
An extended ACL uses the source and destination addresses and ports in its analysis. This enables a network administrator to define much more granular rules regarding the types of traffic that are permitted to pass through and the types that should be blocked. This is helpful if, for example, an administrator wishes to decrease the attack surface of a web server by limiting traffic to and from it to only traffic flowing on legitimate HTTP(S) ports (80 and 443).
Pros and Cons of ACLs
Access control lists can be used to implement a wide range of security controls. However, they have their advantages and disadvantages. In many cases, an ACL, while effective, may not be the right choice.
- Advantages of ACLs
The main advantage of ACLs is their simplicity. An ACL clearly lays out the levels of access and permissions that each user, group, or device has on a particular system. This makes it easy to define and interpret an ACL. Since these lists can easily be made human readable, an administrator can easily determine the current permissions and access controls placed on a system, make edits, and revoke permissions as necessary.
- Limitations of ACLs
On the other hand, ACLs have a number of disadvantages as well. These include a lack of efficiency, scalability, and visibility.
ACLs lack efficiency since they only support explicitly declared access controls. If, for example, a user has unique access or permissions because they are both in the IT department and a manager, this level of access must be explicitly stated rather than inferred based upon membership in both groups. This requirement for explicit declaration of access controls also impacts scalability. As the number of users, groups, and resources grows, so does the length of the ACL and the time required to determine the level of access granted to a particular user.
Finally, ACLs lack visibility since a user’s permissions and levels of access can be scattered across multiple, standalone lists. Auditing, changing, or revoking access requires a review of every ACL in the organization’s environment to apply the new permissions.
Choosing the Right Access Control Mechanism
ACLs are one of several options for implementing access control mechanisms in a system. In some contexts, their simplicity makes them the ideal solution, while, in others, their limitations drive a need for a different solution. Ensuring system usability and security requires selecting the right access control mechanism for each particular use case.
