Photo by Stefan Steinbauer on Unsplash

The forgotten Principle of Least Privilege

So what is the Principle of Least Privilege?

Least Privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. ~ SALTZER, J.H. and SCHROEDER, M.D. ‘The Protection of information in computer systems in computer systems’, Proceeding of IEEE, vol. 63, no.9

Forgotten principle? You must be joking — Everyone knows it

The principle of least privilege states that only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary. IBM developerWorks, ‘Software Security Principles: Part 3’ (October 2000) URL: http://www-106.ibm.com/developerworks/security/library/spriv.html?dwzone=security

Determining Least Privilege is really hard

  • Is it because they tell you they need it? Most definitely not — for obvious reasons.
  • Is it when someone is approved to have it? Does it matter who approved and what if that approval was 2 years ago or only to perform one task — unfortunately as we’ve seen from the story of the The Hungry Caterpillar, privileges accumulate and change over time without the proper management and needs change over time too.
  • What about if they have never used it or only used it once? Is it still needed?
  • What about if they need it once a year or only in an emergency?
  • What if another seperate identity performed the job instead?

Treating least privilege as a process

  1. Monitor what privileges are actually used or attempted to be used and what resources they are used on, by comparing logs and identity activity to privileges and figure out what privileges are actually used every day.
  2. Remove any inactive identities or remove any associated privileges from those identities that have not been utilised for an extended period of time.
  3. Identify privileges that are only needed for short periods at a time, and implement workflow and automation to provision expiring privileges for only the period required.
  4. Remove identified unused privileges from all other identities that have not been utilised for an extended period of time.
  5. Implement on-demand or just-in-time processes to rapidly (and potentially self-service) elevate privileges on specific resources where required to reduce impact of restricted privileges.
  6. Investigate any abnormal activities by identities, and particularly unusual usage or attempted usage of privileges and where possible — auto remediate.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Claude Mandy

From the namib desert. A thirst for knowledge. Proud daddy and happy husband. Views expressed here are my own & not of my employer.