The global Network Security feature has two Security Methods: Allow and Deny.
Allow Rules permit no network connections, except the ones that are listed on the Authorized Connections tab.
Allow rules give you full control over the network connections in your environment. Only authorized connections can be accessed. However, for this approach to work, you do need to know exactly which network connections are required in your environment, so that you can authorize them. If you find out someone is trying to access a new network connection that should be allowed, you add that connection to the list of authorized connections. Optionally, Access Control and Workspace Control can authorize the connection only for certain people or workspaces.
Deny Rules permit all network connections, except the ones that are listed on the Blocked Connections tab.
Deny rules enable you to block network connections that you do not want users to access. Blocked connections cannot be accessed, all others can. If you find out people are accessing a new network connection that you do not want them to, you add that connection to the list of blocked connections. Optionally, use Access Control and Workspace Control to block the connection for certain people or workspaces.