Select Dynamic field

What Is The Principle of Least Privilege?

Do you know one of the most common cybersecurity mistakes small businesses make?

Not properly administering access throughout their networks.

Everyone gets access to everything - leading to security breaches that leak massive amounts of data.

Let’s look at how you can implement the principles of least privilege and reduce your attack surface.

What is the principle of least privilege?

The principle of least privilege is a methodology for granting access in information systems. Every user or application is given only the minimal access they must have to do their job and no more. Furthermore, access is granted based on the function of a person or application rather than based on who.

Let me explain:

Security access should be strictly controlled and granted only where there is an actual need.

The CEO of the company doesn’t necessarily need access to everything and every piece of data on the network.

In fact, senior business leaders should have as little access as possible.

Limiting the access these executives have means that should an attacker compromise their account, the attacker will still not have anything valuable.

This applies to everyone in the company.

Access Control Question

Explanation

What

Precisely what data or systems does the individual need access to? What is the minimum amount of access they can have and still do their job?

Where

Where is the data or system located? For example, if you have an HR office in Germany and the US, do the US employees need access to the data on the German server?

Who

Which employee is it? Remember each employee should use an individual account, not a shared one.

How

How will the data be accessed? Will the files on the server be accessed via FTP? SMB file share?

When

When does the individual have access to the data at that location? Are they only allowed to use the VPN during business hours?

Why

Why does the individual employee need access to that particular data or system? For example, the HR manager needs access to employee records so they can do their job.

Why is limiting access so important for information security?

Limiting users’ access to data and systems in your environment is important because it reduces cyber attack surface, helps stop the spread of malware, improves end-user productivity, and helps streamline compliance and audits. Overall, it means that an attacker will have to work harder to pivot in your environment.

Let’s dig into each of these

Reducing cyber attack surface

Preventing the spread of malware

Streamlining compliance and audits

Examples of privilege and access mistakes

  • Third Party Access - Most companies have vendors or third parties who need to access their systems or data. This could be a software developer that remotely connects to computers to provide support or billing companies that you share payment data with. You must limit the access your vendors have and monitor that access closely.
  • Users with administrative access to computers - Windows has two main user types - regular and administrators. Admin users can make configuration changes and install software on the device. Everyone should work in regular user accounts - including IT personnel. They should work in regular accounts and only use the administrative account for administrative tasks. This reduces the risks of malware running with administrative privileges.
  • Database users - it can be very tempting to allow users to access all data in a database for ease of management. This poses huge risks. Users and applications that access data from your databases(s) should only have access to the tables they need. Furthermore, if they only need to read data, they shouldn’t have write permissions.
  • Removing access from old employees - we see this a lot during penetration tests - users who are no longer with a company still have active accounts. IT should work very closely with HR to communicate employee terminations and hiring. IT should be notified when individuals leave the company so they can remove access. On another note, periodic audits can identify stale accounts.
  • Shared user accounts - each user in your environment should have a unique account. Employees should never (rarely) share accounts. There are several reasons. For one, shared accounts lack repudiation - if something happens on a shared user account, how can you prove who actually did the action.

Conclusion









close-link