What is the principle of least privilege (POLP)?
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs. Users are granted permission to read, write or execute only the files or resources necessary to do their jobs. This principle is also known as the access control principle or the principle of minimal privilege.
POLP can also restrict access rights for applications, systems and processes to only those who are authorized.
Depending on the system, some privileges may be based on attributes contingent on the user's role within the organization. For example, some corporate access systems grant the appropriate level of access based on factors such as location, seniority or time of day. An organization can specify which users can access what in the system, and the system can be configured so the access controls recognize only the administrators' role and parameters.
What is a superuser?
A superuser account provides information technology (IT) staff members with unlimited privileges so they have full read, write and execute authority and can make changes across a network. This includes installing software, modifying settings and files, and deleting data and users. Superuser accounts are only given to the most trusted individuals, usually systems administrators (sys admins) or the equivalent. The superuser account is also known as an administrator account and is often given the name root.
To prevent superuser sessions from being hijacked, a superuser can type the sudo command into any account, which enables the account to temporarily perform a single command with superuser privileges. Ideally, superuser credentials are not used for logging in; since the superuser account has full control of the system, it must be protected from unauthorized access.
Least-privileged users (LPUs) are those with the most limited access and often the lowest level of authority within the company. In an organization, users often have elevated levels of access to the network and the data on it. When an LPU is set up, that user account has limited privileges and can perform only specific tasks, such as surfing the web or reading email. This makes it harder for a malicious attacker to use an account to cause harm.
Another way to control user access is by implementing a concept called privilege bracketing. This approach involves permitting users access to administrator accounts for the shortest time necessary to complete the specific task. This function can be administered through special automated software to ensure that access is granted only for the specified amount of time.
What is privilege creep?
POLP is not only about taking away privileges from users; it's also about monitoring access for those who do not require it. For example, privilege creep refers to the tendency of software developers to gradually add more access rights beyond what individuals need to do their job. This can cause major cybersecurity risks to the organization. For example, employees who are promoted may still need temporary access rights to certain systems for their old job. But, once they are settled in their new position, more access rights are added, and existing privileges often are not revoked. This unnecessary accumulation of rights could result in data loss or theft.
Benefits of using principle of least privilege
- Prevents the spread of malware. By imposing POLP restrictions on computer systems, malware attacks cannot use higher-privilege or administrator accounts to install malware or damage the system.
- Decreases chances of a cyber attack. Most cyber attacks occur when an attacker exploits privileged credentials. POLP protects systems by limiting the potential damage that can be caused by an unauthorized user gaining access to a system.
- Improves user productivity. Only giving users required access to complete their necessary tasks means higher productivity and less troubleshooting.
- Helps demonstrate compliance. In the event of an audit, an organization can prove its compliance with regulatory requirements by presenting the POLP concepts it has implemented.
- Helps with data classification. POLP concepts enable companies to keep track of who has access to what data in the event of unauthorized access.
While POLP helps minimize the risk of an unauthorized user accessing sensitive data, the main disadvantage is that the minimum permissions must be consistent with a user's roles and responsibilities, which might be challenging in larger organizations. For example, users might not be able to perform a certain required task if they don't have the appropriate privilege access.
How to implement POLP
Applying POLP concepts can be as simple as eliminating end-user access to devices, such as removing Universal Serial Bus (USB) drives to prevent the exfiltration of classified information, to more involved operations, such as conducting regular privilege audits.
Organizations can successfully implement POLP by doing the following:
- conducting privilege audits by reviewing all existing processes, programs and accounts to ensure there is no privilege creep;
- starting all accounts with least privilege and adding privileges according to the access required to perform;
- implementing separation of privileges by distinguishing between higher-level privilege accounts and lower level-privilege accounts;
- assigning just-in-time privileges by providing higher-level privilege accounts limited access to complete the necessary task; and
- tracking and tracing individual actions conducted by one-time-use credentials to avoid potential damage.