David Friedland
As per the concept of least privilege, just the minimum standard of privileges should be granted to a person who asks for access to the information. It also states that the privileges must only be granted for the shortest time (remember to relinquish privileges).
Giving a user access beyond the limit of the required privileges for an activity might allow that person to get or alter information in unforeseen ways. However, appropriate assignment of authentication and authorization can prevent intruders from wreaking havoc on a network or system.
The rule of least privilege indicates that every application and system administrator should only have access to information that their job requires them to access.
This approach, first and foremost, restricts the harm that can occur as a result of a mishap or miscalculation. Secondly, it also decreases the range of potential contacts between privileged programs to the bare minimum required for successful functioning, making an unintended, undesired, or incorrect use of privilege less probable.
As a result, if concern about exploiting a privilege emerges, this will help reduce the number of applications and users that need to be audited. In other words, if a system can supply “firewalls,” the rule of least privilege will help it determine where it should be installed. This idea is shown by the military security regulation of “need-to-know or the necessity of the situation.”
How should the privileges be granted?
According to the least privilege principle, a person, in particular, should be granted just the privileges required to fulfill his job. If the intended person does not require access, they should not have it.
Furthermore, the person’s sole role (rather than its identity) should govern the allocation of privileges. Suppose a specific activity necessitates augmenting a person’s rights to access or to a particular set of information. In that case, those extra rights should be abandoned as soon as the action is completed.
It is equivalent to the “need to know” rule – if the subject does not require access to information to execute their work, whatever it is, they do not “need to know” that information.
For instance, someone in the accounting department doesn’t need to have access to the specifics of the design department. Similarly, someone in HR doesn’t need access to the procurement data. This way, the least privilege principle helps minimize the number of users who have access to a particular set of information and control the extent of data that each user in the network is allowed to view or modify.
This is how it must work for a smooth and efficient process, based on the military regulation policy or, more precisely, a “zero trust notion.”
Let not laziness overcome discretion
Vendors seldom use the concept of least privilege when suggesting a strategy to use with their code since doing so would require a significant effort and time on their side.
It’s a lot easier to simply ship a policy that says, “Let my code do whatever it wants.” People will typically install vendor-supplied security protocols, either because they believe the vendor or perhaps because it is too difficult to determine which security plan performs the excellent work of limiting the rights that must be provided to the vendor’s program.
Laziness frequently contradicts the concept of least privilege. Do not make such a mistake in your code. Well, the following example will give a perfect idea of the notion.
Assume you were on holiday and give your friend the keys to your house to feed your dogs, fetch mails, and so on. Although you may trust your friend, there is always the risk that a gala gathering may be held at your home without your permission or that something else could occur that you disapprove of.
Regardless of whether you trust your friend or not, there’s no reason to put yourself in danger by granting more power than is absolutely required. Taking the same example above, if you don’t have pets and just require a friend to pick up your mail once in a while, all you need to do is give your friend the mailbox key.
Although your friend may still find a way to misuse that power, at least you won’t have to worry about further misuse. However, when you hand them the keys to your house, all you can do is hope that they will not misuse it.
Limit the privilege
The core rule of the least privilege is to limit the privileges. As quoted in the IT environment,
“Give no user greater access than is completely essential for him to execute his task. Don’t give a random employee the keys to the CEO’s office, and don’t allow him access to the CEO’s archives either.”
With that said, the least privilege principle can also be used to restrict the CEO’s access to the data of departments that they don’t need access to.
