Default permit is only a good approach in an environment where:
security threats are non-existent or negligible.
security threats are non-negligible.
security threats are serious and severe.
users are trained.
None of the choices.
“Everything not explicitly permitted is forbidden (default deny) improves security at a cost in
functionality. This is a good approach if you have lots of security threats. On the other hand.,
“”Everything not explicitly forbidden is
permitted”” (default permit) allows greater functionality by sacrificing security. This is only a good
approach in an environment where security threats are non- existent or negligible.”