Least Privilege Access
What is least privilege access?
Implementing the principle of least privilege access ensures that users and applications only have the privileges necessary to perform their specific roles or required tasks. These privileges apply to system access, data access, and which operations a user or application can perform on a system.
What is privilege creep?
- Certain programs and tasks need specific administrative access enabled for an employee to complete their required task.
- Once the access is granted it typically stays active and is not removed even when access is no longer needed.
- If not removed the access can accumulate and eventually give the user full access to all programs and networks within their workspace.
- This is bad security policy and can be taken advantage of by malicious actors who compromise the user’s account.
The importance of having LPA
- If an account with administrative access is compromised, it can allow hackers to access sensitive data and breach network security.
- Restricting users’ ability to install or run unapproved applications can protect endpoints from becoming infected with malware or ransomware and, in turn, reduce the chances of it spreading throughout the organization.
Some good practices to implement LPA and keep data safe
- User accounts
- Most users in a network should get a regular user account with only access to the tools required to perform their normal duties.
- Administrative Accounts
- Should require Multi-Factor Authentication for access
- Should not be shared
- Should be restricted based on various administrative functions
- Should be logged out immediately upon finishing required tasks
- Privileged access workstations are recommended, whereby administrative accounts can only be used on specialized workstations which restrict unnecessary activities such as general internet browsing.
- Password age
- Passwords should expire and have to be reset after a specific amount of time, (i.e., every 90 days)
- Password history
- The system should remember a certain number of previous passwords for each user to prevent their immediate reuse.
- Deleting Accounts
- When a user account is no longer in use, the account should immediately be deactivated to prevent unauthorized access to it.
- Assigning User Working Hours
- For employees who work a relatively consistent schedule, another layer of least privilege is to restrict the use of accounts to the individual’s normal working hours.
- For example, if a user account typically is active from the work time of 9:00 am and ends at 5:00 pm, the account could be locked until the next work day.
- Using Location-based Restrictions
- In many cases, you can also limit which locations an account can be used.
- For example, if a user account is set up for an office in Washington D.C, with location restrictions, the user account might not be available for access if the account is being attempted to be used in North Carolina.
- In many cases, you can also limit which locations an account can be used.
- For employees who work a relatively consistent schedule, another layer of least privilege is to restrict the use of accounts to the individual’s normal working hours.
Zero Trust Model
- A concept for users to only be allowed to have access to programs that are needed to complete their task ONLY after authenticating who they are and verifying the task that is about to be performed. It is a stricter version of LPA.
Visit here to read more detail about Zero Trust Model - Cybersecurity & Infrastructure Security Agency - Zero Trust Maturity Model
Cybersecurity Videos
