denialbydefault
Denial by default, or default-deny, is a security posture in which access to resources is blocked unless an explicit grant is configured. The approach contrasts with permissive or default-allow models, where access is permitted unless it is explicitly denied.
In practice, denial by default is implemented through various access control mechanisms such as access control
Benefits of this approach include a smaller attack surface, stronger adherence to the principle of least privilege,
Challenges involve policy complexity and maintenance: accurately enumerating all legitimate permissions can be difficult, and misconfigurations
Applications of denial by default span operating systems, network security, and application design. OS file systems