The principle of least privilege (PoLP) is a concept relating to information security, specifically when a user is granted minimum access or permission on a network. This allows the user to perform their job or required functions and nothing else.
Least privilege is regarded as a best practice method for cybersecurity and is adopted by many organizations to manage access control and prevent network breaches that put data and computing resources at risk.
PoLP applies not only to network users. It can can limit access between applications, devices, and integrated systems, meaning they only have the minimum set of permissions required to perform their function.
Why is least privilege so important?
With cybercrimes becoming increasingly more sophisticated, it is of the utmost importance to ensure every aspect of a network is secured and no weaknesses are left exposed.
There are several reasons why least privilege is so important for building cyber resilience:
- Least-privilege access reduces the attack surface of a network. This means that least privilege minimizes the number of vulnerable points on a network that could be targeted by a cybercriminal. By providing users the permissions needed to perform a task – and nothing more – attackers have less opportunities to spread through the network and inflict damage.
Many breaches target users who have advanced network access privileges, allowing the hacker to view sensitive information. Therefore, limiting the access granted to users and devices also limits cybercriminals targeting an individual.
- The overall reach of malware is also limited by implementing least privileges on users and endpoints. Should the network suffer such an attack, malware cannot gain additional access and move freely to install and execute malicious code. This denies malware the opportunity to establish a remote connection or access sensitive data.
- Functional access control provides users just the right amount of permission to complete their tasks and no more. This reduces requests sent across the network and support tickets sent to the IT help desk in relation to access-related issues. It is proven to improve productivity amongst users on a network.
- Least privilege can help improve compliance in relation to data and can make auditing much easier. Establishing a clear hierarchy of users and their relevant permissions means the network can be much more structured and data can only be accessed by the users who need it.
What is privilege creep?
Privilege creep refers to when too many users on a network are given administrator permissions for certain applications, systems or networks, resulting in a security risk. Privilege creep occurs when businesses revoke the administrative rights of users during a re-evaluation of access and permissions, only to reinstate administrator permissions at a later date so users can perform specific tasks.
The most common example of this is when older (legacy) applications require additional permissions in order to run. This means that a user may have to be granted administrator privileges to install or execute some software. The key security risks happen when these broader permissions are not revoked once the user has completed the task, resulting in many users having privileges they do not need.
Privilege creep increases the attack surface of a network. However, diligently and consistently applying the principle of least privilege can rectify this issue, ensuring all users (both human and non-human) only have the required access levels.
What is a super user, and how does it relate to least privilege?
A super user is a network user that has unlimited access to all areas, including full read and write permissions, authority to execute software, and change network settings, data and files.
As well as being able to change a range of settings and data, super users can also set access and permissions for other users. This permission is only granted to highly trusted individuals within an organization, such as a system administrator or IT manager. Super users are usually just referred to as administrator (or root) on the network itself.
Super users rarely log in to the network and, instead, perform actions on other accounts if needed. Using a Sudo command, a command that enables single actions to be taken on an account, using the privileges of a super user, sessions are unlikely to be hijacked, as they are unpredictable.
What kinds of cyberattacks can least privilege stop?
Least privilege can help prevent practically all known cyberattacks by significantly reducing the attack surface of a network.
The goal of least-privilege access is to close open pathways of travel for non-authorized users. By default, that would block any outside intruder that isn't included in the "allow list."
Cyberattacks that least-privilege helps defeat:
- Ransomware attacks
- Phishing attacks
- SQL injection attacks
- Man-in-the-middle attacks
- Zero-day exploits
How to to implement least privilege
The principle of least privilege can be implemented in a number of ways, but here is our best practice approach to ensure every detail is considered and that the additional measures work alongside a broader cybersecurity strategy.
You can implement least privilege access in six key steps:
- Conduct an audit to identify privileged accounts across all parts of a hybrid networks, including clouds, data centers and endpoints.
The audit should cover the following areas: log-in credentials, passwords, password hashes, SSH keys, and access keys — across all physical endpoints and development environments. It should also include a complete review of all cloud network permissions and gateways, ensuring all privileges are in line with the new policies — ensuring no unnecessary access has been granted.
- Once the audit is complete, revoke access to both human and non-human accounts that have been granted unnecessary local administrator permissions. Then only grant permissions that are required to perform their function.
In addition, super user sessions should take place only as-required, using the Sudo command for extra security. Just-in-time access (that automatically turns off) can allow normal users to access accounts with extra permissions or run administrator-level commands when needed.
- Separate standard user accounts from administrator accounts using microsegmentation. This provides another layer of protection in case a user isn't restricted by least-privilege controls and is breached. It especially helps shield administrator accounts from infections and broader damage because of their key access permissions.
- Use a digital vault to secure the credentials of all administrator accounts, with access only provided to the individuals who need them.
- Change administrator passwords after each use to prevent cybercriminals from recording them using key-logging software. This software logs the password hash (an encrypted algorithm) rather than the characters in the password. By obtaining this hash, hackers can then attempt to deceive the authentication system into creating a new session on the network. This is referred to as a pass-the-hash attack.
- Continuously monitor administrative activities. Thorough monitoring can help quickly detect any suspicious behavior that might be related to a cyberattack or reveal a security gap.
Least privilege + Zero Trust = cyber resilience
The principle of least privilege is fundamental to implementing a Zero Trust security architecture. This type of security measure assumes that all users and devices that access a network are a potential threat. Least privilege enforces the principles of Zero Trust by allowing access to only trusted traffic, and blocking all other traffic.
With the principle of least privilege, once a user has been verified, they will gain limited access to only the application or computing resource they need to carry out their task. These tactics have been adopted by governments and businesses across the world as older practices such as network firewalls fail to protect against today's sophisticated and well-funded cybercriminals
Zero Trust and PoLP are now essential best practice security measures that every organization needs to have in place to protect their digital infrastructure from increasingly aggressive cyberattacks.
Take the next steps to see if Illumio is the right partner as you design and implement your next segmentation project:
- Learn how Illumio helped a global law firm stop ransomware.
- Download our in-depth guide How to Build a Microsegmentation Strategy in 5 Steps.
- Access a free copy of The Forrester New Wave™ Microsegmentation, Q1 2022 where Illumio is named a Leader.
- Schedule a no-obligation demo and consultation with our Zero Trust Segmentation experts.