Default deny is a security principle where every access attempt is blocked by default. Only actions explicitly permitted by a rule are allowed.
Firewalls, access control lists, and application whitelisting implement this principle. The advantage: new services, ports, or user accounts are automatically blocked until an administrator consciously grants access. Unknown or forgotten attack vectors therefore remain closed. Default deny does require careful rule maintenance, however, since missing allow rules can disrupt operations.