Why least privilege

In Windows systems, the Administrator account holds superuser privileges. Each Windows computer has at least one local administrator account. The Administrator account allows the user to perform such activities as installing software and changing local configurations and settings.

Standard users have substantially curtailed privileges, while guest user accounts are generally limited even further, to basic application access and Internet browsing. However, macOS endpoints are increasingly prevalent at enterprises.

While Mac users run with root access by default, as a security best practice, a non-privileged account should be created and used for routine computing to limit the likelihood and scope of privileged threats. While cloud and virtualized environments provide many benefits, chief among them, rapid scalability, many traditional security tools are architected for on-premise environments.

When extended or retrofitted to the cloud or across hybrid environments, these legacy tools leave gaps that allow for excessive privileged access and permissions. Cloud and virtualization have also ushered in administrator consoles such as with AWS and Office that confer substantial superuser capabilities, enabling users to instantly provision, configure, and delete servers at incredible scale.

Additionally, cloud platforms may provide some basic native tools for managing pieces of privileged access or other capabilities, but they cannot typically be extended for multicloud use.

Routine computing activities might entail internet browsing, watching streaming video, use of Microsoft and other basic applications, such as Salesforce, Google Docs, Dropbox, etc. In the case of Windows PCs, users often log in with administrative account privileges—far broader than what is needed.

Privilege overprovisioining massively increases the risk that malware or hackers may steal passwords or install malicious code that could be delivered via web surfing or email attachments. The malware or hacker could then leverage the entire set of privileges of the account, accessing data of the infected computer, and even launching an attack against other networked computers or servers.

However, if that user was logged in as a superuser with broad admin privileges, the ransomware package could leverage domain account privileges to modify settings, corrupt, and access and encrypt sensitive data from other endpoints and servers across the network.

Hackers commonly seek to gain an initial foothold through a low-level exploit, such as through a phishing attack on a standard user account. The attacker then surreptitiously zig-zags through the network until they find a dormant or orphaned account that allows them to escalate their privileges. Elevation of privilege vulnerabilities are increasingly common and can make it particularly easy for an attacker, even an unprivileged one, to elevate privileges.

Organizations that lack robust enterprise password management capabilities, such as automated password rotation , are also more susceptible to pass-the-hash PtH attacks. In these attacks a hacker who has already gained low-level credentials, can steal the password hash from an admin account if revealed—such as during a helpdesk session with the infiltrated account—and then reuse the hash to unlock administrative access rights.

Hackers are also adept at obtaining deep privileges on a single computer and then expanding their privileges to other devices across a network via lateral movement and privilege escalation. With the proper privileges, and inadequate technology controls, a hacker can easily erase their tracks to avoid detection while they traverse the environment and get closer to achieving their objectives.

Such an instance of privilege abuse could cause downtime of Tier-1 systems, opening up gigantic vulnerabilities that let in rootkits and other exploits, or worse. In Windows environments, misused admin accounts also have potential to cause outsized damage compared to non-privileged accounts.

However, rogue insiders likely pose the most dangerous threat. Insider threats take the longest to uncover since employees, contractors and partners generally benefit from some level of trust by default, which may help them avoid detection. The protracted time-to-discovery also translates into more potential for damage. Certainly, many of the most devastating breaches over the past 15 years have been perpetrated by insiders. Unlike external hackers, insiders already start within the perimeter, while also benefitting from know-how of where sensitive assets and data lie and how to zero in on them.

However, by abusing his admin privileges, and utilizing some simple and widely available software tools, including an automated web crawler, Snowden illegally copied, accessed, and then leaked an estimated 1. Target Breach: The Target breach impacted roughly 70 million customers. By restricting access permissions to the fewest resources, functions, and areas necessary for the HVAC company, Target likely would have avoided the breach, and the subsequent fallout.

Enforcing least privilege for vendor access tends to be one of the most challenging security controls for organizations. Consequently, the Orion application was leveraged as a backdoor to compromise SolarWinds customers when they applied auto-updates. SolarWinds customers were vulnerable to this supply chain attack because the Orion application needed unrestricted access, more specifically, global shared administrator access, to work.

The core issue is that global administrative accounts, with all their privileges, are often needed for legacy applications, like Orion, to operate correctly and, thus, they cannot operate using the concept of least privilege application management. Thus, they are allowed full and unrestricted access to operate, which presents a massive attack surface. Since the Orion application itself was compromised, threat actors leveraged unrestricted privileged access throughout the victims' environments using the application.

To prevent or mitigate these instances of over-privileged applications, organizations must first identity all the applications in their environment that require high levels of privileges. Wherever possible, enterprises should implement least privilege application management , which entails removing all excessive application privileges. But again, this is may prove impossible with many legacy applications.

This issue is covered in more depth in this blog on least privilege application management. Accelerated digital transformation DX is driving the creation of new business opportunities and helping organizations adapt to a changing work environment. At the same time, many DX initiatives significantly increase the privileged threat surface. Here are a few examples. Identifying and securely onboarding legitimate devices at scale is itself a massive undertaking.

Many of these endpoints also comprise the backbone of edge computing, which is powering a new wave of mobility and digital transformation by enabling data processing to occur closer to where it is needed, reducing latency times. IoT devices frequently suffer serious security limitations, such as the inability to have the software hardened or firmware updated, and hard-coded passwords.

Long ago, large-scale IoT hacks made the leap from theory to reality. East Coast businesses, and the nation of Liberia, offline, in separate incidents. The scale and scope of such attacks could increase exponentially as 5G becomes more widespread. Network segmentation for IoT devices is one way to broadly restrict the permissions of IoT devices and the associated systems and operations, while role-based access permissions should also be enforced as a best practice.

The privileged access pathways across edge networks must also be managed and secured. Robotic Process Automation RPA : By automating mundane business tasks, robotic process automation can reduce manual effort and errors—and often without the heavy lift needed of other digital transformation projects, like DevOps. RPA security may be overlooked by IT because it involves software robots, service accounts, and other machine accounts rather than human identities, and also because it tends to occur as shadow IT.

RPA processes, applications, toolsets, and workflows commonly involve privileges that must be managed. RPA bots, after all, need the same application and access as humans.

Search the Site. Go Deeper User Activity Monitoring. Recommended Resources. Get the Report. Digital Guardian Technical Overview. Download Now. Related Blog Posts. What is Threat Monitoring? Nate Lord. Least privilege access is a system that restricts access rights and privileges to only those who need it for any given required job.

When it comes to which users across an organization have which keys, an organization needs to also practice role-based access control as part of least privilege access. This means that a key or access permission should only be given to users based on their role and responsibilities. Vendor Data Breach eBook Our eBook covers the ins and outs of third-party data breaches including the attack methods, the most common phases, and the importance of a vendor access management platform.

Download eBook. What is the weakest link in data security for a hospital or large hospital system network? The point of access Email accounts VPNs. Learn More. Learn more about remote access success stories.