/etc/hosts.deny and /etc/hosts.allow are part of TCP-Wrapper, a program developed to deny access to hackers by Wietse Venema in the nineties.
TCP wrappers controls TCP access of processes run from /etc/inetd.conf. Most modern Linux distros (all Debian-based, Arch Linux,...) do not have inetd any longer.
Some applications are yet controlled by TCPwrapper, because they are compiled with the libwrap library, and are thus tcpwrapper-aware even if they are not run from /etc/inetd.conf. These applications include, to the best of my knowledge, telnet, ssh, sendmail, pop3, and stunnel.
You can check whether your application is tcp-wrapper-aware by means of the strings command:
# strings /usr/sbin/sshd|grep hosts_access
hosts_access
or by means of ldd:
# ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib/x86_64-linux-gnu/libwrap.so.0 (0x00007f7059e7a000)
The correct way, nowadays, to bar intruders from accessing your system, is to use iptables:
iptables -A INPUT -s 11.22.33.44 -j DROP