Join Lisa Bock for an in-depth discussion in this video Adhering to the principle of least privilege, part of IT Security Foundations: Core Concepts.
- The Principle of Least Privilege states, "Assign only the privileges needed to a program, "process, or privileged user of a system "for the shortest time necessary, "and in as small a domain as possible "to complete a task without hindrance." Permissions are given in order to perform certain duties, complete operations, or access applications and files, and correlates to the military need-to-know rule. Everyone plays a role in keeping an organization's informations and systems safe and secure.
However, different groups and individuals within the organization makes the job of managing permissions difficult. Even if permissions are carefully given, removing the privilege isn't always a trivial task. Over time, individuals in an organization are granted extra rights as their roles and responsibilities change. Permitting permissions beyond minimal rights increases the risk that privileges will be abused, and that can result in a condition known as "permission creep." An example of least privilege is properly using the administrator's role.
In any organization, it is best practice to issue an administrator two accounts, one for regular work, and an administrator account for administrative work only. When not doing administrative tasks, he or she should be logged in as a regular user. An application should execute with the least privilege needed in order to complete a job. If administrative privileges are unnecessary when running applications, log in as a general user instead of administrator.
This will reduce the risk of malware escalating privileges to the administrator level. The 'whoami' command is used at times when you are not sure how you are logged in to the system. In active directory, security groups can be used to assign role-based permissions to all members of the group according to what is needed to perform its functions, which makes managing permissions easier as you apply permissions only once for the entire group of users. If someone leaves the group, their permissions are no longer valid.
Today's complex multi-user environments make it challenging to successfully implement the principle. However, effort should be made to adhere to this rule.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Evaluating risks, threats, and vulnerabilities
- Minimizing the attack surface
- Avoiding worms and viruses
- Protecting your system from spyware
- Making web browsers more secure
- Securing wireless transmissions
- Encrypting files, folders, and drives
- Using virtual private networks