Comparative study of ACL and Firewall

Introduction

Access control list and firewalls are used in file organization systems. Both are essential parts of network security and hence are very much necessary for a computing system. ACL can also be called as a type of stateless firewall, while firewall has its own set of properties. While both of them have the fundamental purpose of ensuring the security of a file or a network, their working procedures are somewhat dissimilar.

Access Control List (ACL)

Access control list contains a set of permissions which are attached with an object, that decides which users and computing systems may have access to the purpose. ACL also decides which functions are allowed on the object, and which are not. ACL monitors the traffic flow to the object and makes a comparison with the set of with a set of predefined statements available with it (Suman, & Agrawal, 2016). A subject and an operation specify every statement which is fed to the ACL. For each user who has access to the object, ACL has a separate entry, which allows access.

ACLs can be used for distributing lists for filtering router updates. ACLs are useful for making routing decisions based on policy implementations. The criteria for ACL rules are determined by the source of data, the destination of the data, or any other specified protocol attached to it. ACLs can be of many types depending on their type of use, such as Filesystem ACL, Directory ACLs, Networking ACLs and SQL Implementations (which use ACL algorithms and contribute towards the development of relational databases).

Similarities and Differences between ACL and Firewall

Similar to ACL, a firewall is a device which checks the traffic going inside and outside a network. There are a host of differences between an ACL and a firewall. The primary purpose of using ACL and a firewall is the same: to ensure that the traffic flow within and outside the system is regulated (Alsmadi, 2016). While the purpose of a firewall is to monitor the traffic in a network, ACL can have many other applications apart from monitoring access. ACL carries out stateless inspection, where it allows packet of data. While a firewall also carries out inspections of the data, it is a different type of inspection where it checks the packet of data for proper encapsulation. It also checks multiple variations of the same packet.

Advanced network firewalls can also track down server addresses and match ports of a computer, while ACLs mostly check the permissions associated with the traffic. ACLs can perform traffic check operations up to level 4, whereas firewall can offer up to level 7 security checks. That is why firewalls are preferred for a network over large scale system installations and applications (Mauricio, Rubinstein, & Duarte, 2016). While some routers may not be designed to handle ACLs, firewalls are supported by every router universally.

Conclusion

While ACLs and firewalls may look similar in terms of functionality and applications, a more in-depth look will reveal that they are very much different in terms of their security approaches. While ACL provides security for packets of data, a firewall is more detail-oriented than ACL, and performs full inspections of packets and checks them for encapsulation.

References:

Alsmadi, I. (2016). The integration of access control levels based on SDN. International Journal of High Performance Computing and Networking, 9(4), 281-290.

Mauricio, L. A., Rubinstein, M. G., & Duarte, O. C. (2016, November). Proposing and evaluating the performance of a firewall implemented as a virtualized network function. In 2016 7th International Conference on the Network of the Future (NOF) (pp. 1-3). IEEE.

Suman, S., & Agrawal, E. A. (2016). IP traffic management with access control list using cisco packet tracer. International Journal of Science, Engineering and Technology Research (IJSETR) Volume, 5, 1556-1561.