4.3 Given a scenario, apply network security features, defense techniques, and solutions
Security Rule
📘CompTIA Network+ (N10-009)
1. What Is an Access Control List (ACL)?
An ACL is a set of rules that a network device uses to decide whether to allow or deny traffic.
These rules are applied to network packets based on criteria such as:
- Source IP address
- Destination IP address
- Source port
- Destination port
- Protocol (TCP, UDP, ICMP, etc.)
- Direction (inbound or outbound)
Each packet is compared to the ACL rules in order, and the first matching rule determines what happens to that packet.
2. Why ACLs Are Important
ACLs help administrators:
- Control access to network resources
- Reduce unauthorized access
- Limit network threats
- Improve traffic management
- Enforce security policies
- Filter unwanted or risky traffic
- Protect internal devices from outside networks
ACLs are part of standard network security configurations for routers, switches, and firewalls.
3. ACL Placement on Network Devices
ACLs are commonly applied on:
Routers
- To control traffic entering or leaving a network
- To restrict communication between subnets
Firewalls
- To enforce stronger, more detailed security rules
Layer 3 Switches
- To filter inter-VLAN traffic
The placement of an ACL determines the type of traffic it controls.
4. Types of ACLs (Exam-Relevant)
The CompTIA Network+ exam focuses mainly on three major types:
4.1 Standard ACLs
Filters traffic only based on Source IP address.
They are simpler and used when you only need basic control.
Characteristics
- Matches source IP only
- Cannot check ports or protocols
- Usually applied close to the destination
Example use in IT environment
Restrict access from a certain subnet to a server network.
4.2 Extended ACLs
Filters traffic based on multiple criteria, including:
- Source IP
- Destination IP
- Protocols (TCP, UDP, ICMP)
- Source ports
- Destination ports
Characteristics
- Much more flexible and secure
- Usually applied close to the source
- Can allow/deny specific applications (HTTP, SSH, DNS, etc.)
Example use in IT environment
Allow only DNS and HTTP traffic from a user subnet to a server subnet while blocking everything else.
4.3 Named ACLs
These ACLs are identified using names instead of numbers.
Benefits
- Easier to read and maintain
- Can be updated without deleting and recreating the ACL
- Can be standard or extended
5. Key ACL Concepts (Very Important for the Exam)
5.1 Implicit Deny (Implicit Deny All)
This is one of the most important ACL rules for Network+.
At the end of every ACL, there is an invisible rule:
Deny all traffic that does not match any rule above it.
This means:
- If you forget to add an allow rule, traffic will be blocked.
- ACLs must be carefully ordered and complete.
5.2 Order of Operations
ACL rules are processed top-to-bottom.
Once a packet matches a rule, the device stops checking further rules.
Why this matters
- Incorrect ordering can block needed traffic.
- Most specific rules should be placed at the top.
- General rules should be placed at the bottom.
5.3 Inbound vs Outbound ACLs
ACLs can be applied in two directions:
Inbound ACL
Applied to traffic coming into an interface.
- Filters packets before the router processes them.
- Good for blocking unwanted incoming traffic early.
Outbound ACL
Applied to traffic leaving an interface.
- Filters traffic after routing decisions.
- Useful when controlling what traffic leaves a network.
6. What ACLs Can Filter (Exam List)
You should know all the following:
- IP addresses (source/destination)
- Protocols: TCP, UDP, ICMP
- Port numbers:
- 80 (HTTP),
- 443 (HTTPS),
- 22 (SSH),
- 23 (Telnet),
- 53 (DNS), etc.
- Traffic types:
- Web traffic
- Remote management
- File sharing
ACLs help enforce which services and applications can or cannot be used on the network.
7. Where ACLs Are Used in Real IT Environments
Realistic IT-related situations where ACLs are commonly used:
- Blocking unauthorized remote access methods, such as Telnet
- Allowing only secure management traffic like SSH
- Restricting user VLANs from accessing server VLANs
- Allowing only DNS traffic from client networks to DNS servers
- Preventing external networks from initiating connections to internal systems
- Limiting access to printers or shared resources
- Filtering ICMP to reduce reconnaissance attacks
ACLs help ensure that only the right devices and applications can communicate.
8. ACL Security Best Practices (Exam-Relevant)
Network+ wants you to know standard best practices:
✔ Use extended ACLs for detailed control
✔ Place standard ACLs closer to the destination
✔ Place extended ACLs closer to the source
✔ Document all ACL rules
✔ Test ACL rules before deploying them
✔ Keep ACLs as simple as possible
✔ Review ACLs regularly for outdated rules
9. Common ACL Exam Questions You Must Be Ready For
The exam often asks about:
❓ What does an implicit deny do?
It blocks all traffic not explicitly allowed.
❓ What is the difference between standard and extended ACLs?
Standard = source IP only
Extended = source/destination IP, ports, protocols
❓ When to apply ACL inbound vs outbound?
❓ Why place extended ACLs close to the source?
To reduce unnecessary traffic on the network.
❓ What happens if no ACL rule matches?
The implicit deny blocks the traffic.
10. Summary
ACLs are essential security tools used to allow or block network traffic based on rules.
They help enforce security, reduce threats, control access, and filter unwanted traffic.
The exam expects you to understand ACL types, rule order, implicit deny, traffic filtering, and best practices.
