What is Implicit Deny for Firewalls? | GigMocha Defines
A firewall is a bunch of rules. Implicit deny happens to be one of those rules. And it’s a critical rule that every network needs for security.
The implicit deny rule is particularly relevant to the Access Control List (ACL). An ACL is a list of firewall rules that determine what goes in and out of the network. Implicit deny is an automatic process that blocks any other traffic that you didn’t explicitly allow in the ACL.
Let’s get to understand the implicit deny firewall rule in a holistic approach. If that’s what you’re looking for, then keep reading.
Overview: Implicit Deny
At its core, security is a bunch of technical and non-technical procedures.
Like that, security rules dictate who gets access to what resources and when. It applies to real-life organizations.
For example, an employee has a security clearance to access the server room during operating hours to do specific tasks.
A guest user can’t access the server room or perform any modifications to the server.
These security policies and procedures protect the organization’s assets from unauthorized access to sensitive resources.
Furthermore, security procedures will determine how you grant access to new hires to a specific resource so they can do their job. The rules determine what they can do and can’t do in the network.
If you’re responsible for designing a network, establishing security rules comes before you touch the keyboard.
You’ll need to determine how employees, departments, and users interact with the network, in what capacity, and to what ends.
You might be dealing with sensitive medical or financial information that needs a high level of security. Therefore, it’s vital to determine the rules by putting all these elements together.
On the technical side, you need to translate these procedures to a set of firewall rules. You’re working with bits and bytes, so you need a different approach.
Technical rules follow non-technical rules. It’s like converting these security procedures to the digital environment.
Hopefully, you’re doing your homework and taking your security requirements into account. After you have created a security framework, you can start integrating it into an ACL.
What’s At The Bottom Of An Access Control List?
An ACL works like a filter on top of your network, server, or router. It’s a set of predefined firewall rules allowing or disallowing traffic from getting into a particular part of a network.
ACL also works with Network Address Translation (NAT) to determine which IP address to translate. You may also use Quality of Service (QoS) to prioritize traffic flow based on its type.
In general, you can configure ACL on a router to ingress traffic, egress traffic, or both.
ACL will save some time because you can use it to set automatic firewalls for most common tasks.
Each ACL contains a list of Access Control Entries (ACE). These entries can be Rule Number, Remote IP, Remote Port, Local Port, Protocol, and Action.
More criteria will help you determine whether to allow or deny that particular traffic packet. The more advanced your firewall, the more options you’ll have.
For example, you can deny incoming traffic to a sensitive resource inside the network when it’s not from a local IP.
You might allow outgoing traffic from a local IP through port 80 over TCP to access websites on the internet.
ACE can be as vague or explicit as you need them to be. Logically, you start with the specific rules at the top of the ACL and generalize the rules as you go down.
Sometimes, you’ll know what you want to deny before you start. But circumstances change, and you need to change the rules to adapt to the new situation.
As you receive more information, you can further refine your firewall rules.
Implicit Deny vs. Explicit Deny
Not all firewalls will enable implicit deny by default. Some firewalls set it for you even when you don’t configure it yourself.
Implicit deny means if the ACL fires all of the rules regarding a specific traffic flow and none of them match, the firewall will deny it. Furthermore, when the traffic packet has no predefined rule whatsoever, implicit deny will apply.
An explicit dent will dictate that if the traffic pattern doesn’t match any rule, it’ll also get denied.
The explicit deny is useful when you want to analyze traffic and write more accurate rules. Since implicit deny doesn’t log denied traffic, explicit deny will create logs.
These logs can be useful in investigating new ways to improve the firewall rules.
Furthermore, when you’re using the internet, you get tons of connection requests. A firewall will allow the traffic you need and block the traffic you don’t.
It won’t only protect you against security breaches but also save your bandwidth.
If you want to understand what traffic gets denied, you may want to set an explicit deny rule at the end of the ACL.
If you don’t, your firewall will most likely activate the implicit deny rule and drop irrelevant traffic that might be harmful.
If you’re using WhatsApp for communication, it might be easier to grasp the concept of implicit deny.
For example, you may choose to allow contacts on your contact list to reach you and block all others. That way, if you saved that number on your contact list, it can contact you. If not, people who aren’t your contacts won’t reach you.
Another example is phone call blocking apps. You might want to choose to receive calls from people on your contact list and block all others.
Both examples illustrate how the implicit deny works in the same way.
In firewalls, implicit deny is the default configuration that blocks traffic that doesn’t match a set of rules established in advance.
You decide how people can interact with the network. If something new happens that you didn’t have a rule for, the firewall will block it.
When you want your network users to access categorical resources on your network and none other, they’ll always get an “implicit deny” when they’re doing something they’re not supposed to do based on the rules you set beforehand.