The allow all and deny some approach

In this approach, by default, we allow all the IP addresses to access our network and in the meanwhile, block certain IP addresses only. This is not at all a recommended approach because it is easy to deny all and allow some trustworthy IPs instead of allowing all IP addresses by default.

Outbound firewall rules are important. In most organizations, the emphasis is only given to the inbound firewall rules but for outbound firewall rules, we generally see 0.0.0.0/0.

In the use case that we discussed in Chapter 1, The Fundamentals of Cloud Security, the startup's servers were compromised and a lot of spam emails were successfully sent because there were no outbound rules set.

If a particular server is compromised, an attacker can use that server as a proxy to launch an attack or send spam emails. This can be controlled if we have tight outbound restrictions.

Payment Card Industry Data Security Standard (PCI DSS) also mandates to have both inbound as well as an outbound rules for scoped machines.