What is an ACL?
An ACL, or Access Control List, is a network security mechanism used to determine which devices or users may access specific network resources or services.
ACLs are essential in both IT and OT environments to filter traffic, enforce segmentation and block unwanted access.
π§ How does an ACL work?
- An ACL is a list of rules that determine whether network traffic is permitted or denied based on:
- Source IP
- Destination IP
- Protocol (e.g. TCP/UDP/ICMP)
- Port number (e.g. 80, 443, 502)
-
ACLs are applied to routers, firewalls or switches β usually on the inbound or outbound direction of an interface.
-
Traffic is matched against the rules from top to bottom. The first match wins.
Example rule: Permit only traffic from 192.168.10.0/24 to port 502 (Modbus TCP) on 192.168.20.15.
π Use of ACLs in OT networks
- Allowing only specific PLCs to communicate with the SCADA server
- Restricting access to HMIs to specific subnets or users
- Blocking unwanted protocols such as SMB or Telnet within the OT segment
- Strengthening network segmentation aligned with the Purdue Model
- Protecting Safety PLCs against external connections
ACLs enable βleast-privilege networkingβ β only what is strictly necessary is allowed.
π ACL vs. Firewall
| Aspect | ACL | Firewall |
|---|---|---|
| Layer | L2/L3 β router/switch-based | L3βL7 β typically appliance or software-based |
| Complexity | Simple and fast | Advanced features such as DPI, logging, NAT |
| Logging | Limited or none | Extensive logging capabilities |
| Use case | Filter traffic per interface or subnet | Deep inspection and management of network traffic |
| Performance | Faster (hardware-based) | Slower under heavy inspection |
π Security considerations
- ACLs are effective but not dynamic β they have no awareness of user identity or context
- Misconfiguration can lead to unintended open or blocked access
- Combine ACLs with Firewall, VLAN, RBAC or Zero Trust for full control
- Document and test rules carefully β ACLs are order-sensitive
- In industrial networks: only permit traffic required for functions such as Modbus TCP, ProfiNET or OPC UA
π In summary
An ACL is a powerful filtering mechanism for blocking or permitting network traffic based on IP, ports and protocols. In industrial networks it is a fundamental building block for segmentation, security and stability.