ABSTRACT
Despite the fact that general computer engineering is taught as a “science,” there is a gap between what can be engineered in computer security and what remains, as of this writing, as “art.” Certainly, it can be argued that configuring Access Control Lists (ACL) is an engineering activity. Cold hard logic is employed to generate linear steps that must flow precisely and correctly to form a network router’s ACL. Each ACL rule must lie in precisely the correct place so as not to disturb the functioning of the other rules. There is a definite and repeatable order in the rule set. What is known as the “default deny” rule must be at the very end of the list of rules. For some of the rules’ ordering, there is very little slippage room, and sometimes absolutely no wiggle room as to where the rule must be placed within the set. Certain rules must absolutely follow other rules in order for the entire list to function as designed.
