I began reading a book today about computer security, and I've decided (at least for now) that I'm going to share 1 thing I've learned from the book each day that I read in it. Today's topic is the difference between implicit allow and implicit deny.
Implicit allow is where you've got a list of unauthorized websites for a user. Users are allowed to go to any website on the Internet so long as it is not on the unauthorized website list.
Implicit deny is just the opposite. An authorized websites list is created and users are implicitly denied access to all websites with the exception of the ones on the authorized list.
My opinion is that implicit allow makes sense in situations where you want users to be able to access most websites, but would like to keep them from viewing a handful of others (adding these websites to the unauthorized list). Implicit deny makes sense where you want to prevent users from accessing most websites (likely because their work doesn't involve external information). In this case you'd create an authorized list for specific websites that they may need for work purposes.
The way I keep these separate in my head is that implicit allow, allows you to go to most websites. Whereas implicit deny, denies you from most websites.
Hopefully this is of help to anyone that is interested in learning more about computer security. Have a great Tuesday all!
Post a Comment