CYFOR Blog

The potential misuse and theft of company data is an increasing problem. This is in part, due to full administrator rights being left on company devices. Best practice is to apply the principle of least privilege.

What is the Principle of Least Privilege (POLP)?

The principle of least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources necessary to perform legitimate activities.

How the principle of least privilege works.

Applied to employees, the principle of least privilege (POLP) works by allowing only enough access to perform the required job, enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her/their role. However, the principle of least privilege also applies to processes, applications, systems, and devices (such as IoT), in that each should have only those permissions required to perform an authorized activity. Adhering to the principle of least privilege reduces the risk of malicious internal or external individuals gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application.

Malicious Insider Privileges

The principle of least privilege can be applied to every level of a system. It applies to end users, systems, processes, networks, databases, applications, and every other facet of an IT environment. For example, an employee whose job is to enter information into a database only needs the ability to add records to that database and does not need admin rights, while a programmer whose main function is updating lines of legacy code does not need access to financial records.

Insider threats pose a significant threat and take the longest to uncover. Employees, contractors and other insiders generally benefit from a level of trust by default, which may help them avoid detection, should they be actively stealing data, intellectual property or corrupting systems. This time-to-discovery also translates into more potential for damage. Unlike external hackers, insiders already start within the perimeter, while also benefitting from the know-how of where sensitive assets and data lie and how to zero in on them.

With regards to external cybersecurity factors, if malware infects an employee’s computer and the employee clicks a link in a phishing email, the malicious attack is limited to making database entries. However, if that employee has extended admin privileges the infection can spread system-wide.

An infamous rogue insider was Edward Snowden, who had administrative access rights while working as a technology contractor for the NSA. His role included such activities as backing up computer systems and migrating data to local servers. However, by abusing his admin privileges, and utilising some simple and widely available software tools, including an automated web crawler, Snowden illegally copied, accessed, and then leaked an estimated 1.7 million NSA files. In response to the Snowden breach, the NSA announced the drastic action of eliminating 90% of system administrators, to limit access and improve its least-privilege posture.

Benefits of the Principle of Least Privilege

• Minimised attack surface: Hackers gained access to 70 million Target customer accounts through an HVAC contractor who had permission to upload executables. By failing to follow the principle of least privilege, Target had created a very broad attack surface.
• Limited malware propagation: Malware that infects a system bolstered by the principle of least privilege is often contained to the small section where it entered first.
• Better stability: Beyond security, the principle of least privilege also bolsters system stability by limiting the effects of changes to the zone in which they’re made.
• Improved audit readiness: The scope of an audit can be reduced dramatically when the system being audited is built on the principle of least privilege. What’s more, many common regulations call for POLP implementation as a compliance requirement.