Least Privilege
Full Title or Meme
The Principle of Least Privilege is as old a computer applications to National Security.
Context
If a user is granted administration privilege on a computer system, any program running as that user has complete control of the computer system. If that is a highly privileged computer, that app has all of those high level privileges.
Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur. Thus, if a question arises related to misuse of a privilege, the number of programs that must be audited is minimized. Put another way, if a mechanism can provide "firewalls," the principle of least privilege provides a rationale for where to install the firewalls. The military security rule of "need-to-know" is an example of this principle.[1]
Problems
- Enforce principle of Least Privilege through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to human identities as well as non-person (e.g., software) identities. In cloud environments, non-person identities (service accounts or roles) with excessive privileges are a key vector for lateral movement and data access. Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.[2]
Applications
References
- ↑ JEROME H. SALTZER & MICHAEL D. SCHROEDER, The Protection of Information in Computer Systems Revised version in Communications of the ACM 17, 7 (1974-07). https://www.cs.virginia.edu/~evans/cs551/saltzer/
- ↑ CISA 2021 Trends Show Increased Globalized Threat of Ransomware. (2022-02-10) https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-040a
