Difference between revisions of "Least Privilege"
From MgmtWiki
(→Problems) |
(→Problems) |
||
| Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
| − | * Enforce principle of | + | * Enforce principle of [[Least Privilege]] through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to human identities as well as non-person (e.g., software) identities. In cloud environments, non-person identities (service accounts or roles) with excessive privileges are a key vector for lateral movement and data access. Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.<ref>CISA ''2021 Trends Show Increased Globalized Threat of Ransomware''. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a</ref> |
==Applications== | ==Applications== | ||
Revision as of 20:55, 16 August 2023
Full Title or Meme
The Principle of Least Privilege is as old a computer applications to National Security.
Context
If a user is granted administration privilege on a computer system, any program running as that user has complete control of the computer system. If that is a highly privileged computer, that app has all of those high level privileges.
Problems
- Enforce principle of Least Privilege through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to human identities as well as non-person (e.g., software) identities. In cloud environments, non-person identities (service accounts or roles) with excessive privileges are a key vector for lateral movement and data access. Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.[1]
Applications
References
- ↑ CISA 2021 Trends Show Increased Globalized Threat of Ransomware. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a
