When adding a new network interface to the ASA, you must specific a security level. Based off this security level, the default ACL allows you to access "less secure" networks, and denies access to "more secure" networks. This default rule works great until you need to implement a security zone with specific access to different zones.