2 cissp ® Official Study Guide Eighth Edition

The Principle of Least Privilege

Download 19,3 Mb.

Pdf ko'rish

bet	649/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 645 646 647 648 649 650 651 652 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

The Principle of Least Privilege
The
principle of least privilege
states that subjects are granted only the privileges necessary
to perform assigned work tasks and no more. Keep in mind that privilege in this context
includes both permissions to data and rights to perform tasks on systems. For data, it
includes controlling the ability to write, create, alter, or delete data. Limiting and control-
ling privileges based on this concept protects confi dentiality and data integrity. If users can
modify only those data fi les that their work tasks require them to modify, then it protects
the integrity of other fi les in the environment.
The principle of least privilege relies on the assumption that all users have a
well-defined job description that personnel understand. Without a specific
job description, it is not possible to know what privileges users need.
This principle extends beyond just accessing data, though. It also applies to system access.
For example, in many networks regular users can log on to any computer in the network using
a network account. However, organizations commonly restrict this privilege by preventing reg-
ular users from logging on to servers or restricting a user to logging on to a single workstation.
One way that organizations violate this principle is by adding all users to the local
Administrators group or granting root access to a computer. This gives the users full con-
trol over the computer. However, regular users rarely need this much access. When they
have this much access, they can accidentally (or intentionally) cause damage within the
system such as accessing or deleting valuable data.

700
Chapter 16
■
Managing Security Operations
Additionally, if a user logs on with full administrative privileges and inadvertently
installs malware, the malware can assume full administrative privileges of the user’s
account. In contrast, if the user logs on with a regular user account, malware can only
assume the limited privileges of the regular account.
Least privilege is typically focused on ensuring that user privileges are restricted, but it
also applies to other subjects, such as applications or processes. For example, services and
applications often run under the context of an account specifically created for the service or
application. Historically, administrators often gave these service accounts full administrative
privileges without considering the principle of least privilege. If attackers compromise
the application, they can potentially assume the privileges of the service account, granting the
attacker full administrative privileges.
Additional concepts personnel should consider when implementing need-to-know and
least privilege are entitlement, aggregation, and transitive trusts.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 645 646 647 648 649 650 651 652 ... 881