What is the principle of least privilege (POLP)?The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs. Users are granted permission to read, write or execute only the files or resources necessary to do their jobs. This principle is also known as the access control principle or the principle of minimal privilege. Show
POLP can also restrict access rights for applications, systems and processes to only those who are authorized. Depending on the system, some privileges may be based on attributes contingent on the user's role within the organization. For example, some corporate access systems grant the appropriate level of access based on factors such as location, seniority or time of day. An organization can specify which users can access what in the system, and the system can be configured so the access controls recognize only the administrators' role and parameters. What is a superuser?A superuser account provides information technology (IT) staff members with unlimited privileges so they have full read, write and execute authority and can make changes across a network. This includes installing software, modifying settings and files, and deleting data and users. Superuser accounts are only given to the most trusted individuals, usually systems administrators (sys admins) or the equivalent. The superuser account is also known as an administrator account and is often given the name root. To prevent superuser sessions from being hijacked, a superuser can type the sudo command into any account, which enables the account to temporarily perform a single command with superuser privileges. Ideally, superuser credentials are not used for logging in; since the superuser account has full control of the system, it must be protected from unauthorized access. Controlling accessLeast-privileged users (LPUs) are those with the most limited access and often the lowest level of authority within the company. In an organization, users often have elevated levels of access to the network and the data on it. When an LPU is set up, that user account has limited privileges and can perform only specific tasks, such as surfing the web or reading email. This makes it harder for a malicious attacker to use an account to cause harm. Another way to control user access is by implementing a concept called privilege bracketing. This approach involves permitting users access to administrator accounts for the shortest time necessary to complete the specific task. This function can be administered through special automated software to ensure that access is granted only for the specified amount of time. What is privilege creep?POLP is not only about taking away privileges from users; it's also about monitoring access for those who do not require it. For example, privilege creep refers to the tendency of software developers to gradually add more access rights beyond what individuals need to do their job. This can cause major cybersecurity risks to the organization. For example, employees who are promoted may still need temporary access rights to certain systems for their old job. But, once they are settled in their new position, more access rights are added, and existing privileges often are not revoked. This unnecessary accumulation of rights could result in data loss or theft. Benefits of using principle of least privilege
While POLP helps minimize the risk of an unauthorized user accessing sensitive data, the main disadvantage is that the minimum permissions must be consistent with a user's roles and responsibilities, which might be challenging in larger organizations. For example, users might not be able to perform a certain required task if they don't have the appropriate privilege access. How to implement POLPApplying POLP concepts can be as simple as eliminating end-user access to devices, such as removing Universal Serial Bus (USB) drives to prevent the exfiltration of classified information, to more involved operations, such as conducting regular privilege audits. Organizations can successfully implement POLP by doing the following:
This was last updated in April 2021 Continue Reading About principle of least privilege (POLP)
Dig Deeper on Security operations and management
When assigning permissions to users which principle should you adhere to?Users are granted permission to read, write or execute only the files or resources necessary to do their jobs. This principle is also known as the access control principle or the principle of minimal privilege.
Which antivirus approach uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches?A newer approach to AV is dynamic analysis heuristic monitoring, which uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches.
What specific software can examine a computer for any infections as well as monitor computer activity?Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
What application development life cycle model uses a sequential design process?The Waterfall model is the earliest SDLC approach that was used for software development. The waterfall Model illustrates the software development process in a linear sequential flow. This means that any phase in the development process begins only if the previous phase is complete.
|