Information Technology Reference
In-Depth Information
There are two major implementations of ACLs for different use cases:
Filesystem ACLs
These were developed to administer file permissions in file systems. Each
kind of operating system implements its own ACLs, using a standard design. The use of a
standard ensures that the ACLs provide compatibility across different operating systems
and architectures.
Networking ACLs
Networking hardware such as routers and switches implement ACLs.
These ACLs are used to list rules that are applied to port numbers and IP addresses available
on a host or other layers. The ACLs can be used to control the list of hosts and networks that
are permitted to use different services. In this way, ACLs might act somewhat like routing
tables. Moreover, ACLs can be used to control both inbound and outbound traffic. In this
context they can be thought of as similar to software-based firewalls, although they are
more trivial.
Virtual Private Network
A
virtual private network (VPN)
is a secure private network that operates over the
Internet. (See
Cloud Essentials: CompTIA Authorized Courseware for Exam CLO-001
[Sybex, 2013] by Kalani Kirk Hausman et al.) A VPN uses two main techniques to secure
communications over a public network:
■
A limited-access IP tunnel is created from source to destination.
Limited access means that only those users who have been granted access with proper
permissions and privileges can use the network. Users have to authenticate themselves
to use the network and access resources.
■
The IP tunnel is secured via encryption.
Requests across the VPN are encrypted at the source and decrypted at the destination.
System administrators have the option of selecting the encryption algorithm as well as
the level of strength.
The biggest advantage of VPN networks is that the users can select or use cloud
resources securely and remotely from any location using proper authentication credentials
(Figure 11.2). However, it is essential for the users to have a VPN client available and con-
figured on their machines. Moreover, organizations need to have VPNs set up so that their
virtual network gateways can properly identify and recognize user machines.
Firewalls
A
firewall
is a machine (hardware based) or an application (software based) that allows or
blocks incoming traffic based on a configurable rule set. (See
Cloud Essentials: CompTIA
Authorized Courseware for Exam CLO-001
[Sybex, 2013] by Kalani Kirk Hausman et al.)
The main job of a firewall is to inspect and regulate incoming traffic on specific ports and
to/from specific hosts. It does so by examining against this rule set a number of attributes
of the incoming packet, such as the origin/source of the packet, destination of the packet,
header attributes (size, encoding, etc.), and payload.
Search WWH ::
Custom Search