- #Concept of least privilege install#
- #Concept of least privilege software#
- #Concept of least privilege windows#
The principles described in the preceding excerpts have not changed, but in assessing Active Directory installations, we invariably find excessive numbers of accounts that have been granted rights and permissions far beyond those required to perform day-to-day work.
By using the least privileges necessary to read email, in this example, the potential scope of the compromise is greatly reduced." The Privilege Problem
#Concept of least privilege install#
If the administrator is logged on using a normal user account, the virus will have access only to the administrator's data and will not be able to install malicious software.
#Concept of least privilege software#
If the administrator is logged on using a local Administrator account, the virus will have Administrator privileges on the local computer and thus would be able to access any data on the computer and install malicious software such as key-stroke logging software on the computer. If the administrator is logged on using the domain Administrator account, the virus will have Administrator privileges on all computers in the domain and thus unrestricted access to nearly all data on the network. For example, examine the consequences of a network administrator unwittingly opening an email attachment that launches a virus. If an application that has too many privileges should be compromised, the attacker might be able to expand the attack beyond what it would if the application had been under the least amount of privileges possible. "Always think of security in terms of granting the least amount of privileges required to carry out the task.
#Concept of least privilege windows#
The following excerpt is from the Microsoft Windows Security Resource Kit, first published in 2005:
Organizations should regularly audit their network to protect against unauthorized escalation of privilege." This tactic helps prevent widespread damage if an attacker manages to compromise one managed forest. "In another example, accounts to which you grant domain-level administrator rights must not have elevated rights in another forest, even if there is a trust relationship between the forests. If the administrator had instead logged on with a nonprivileged (nonadministrative) account, the virus's scope of damage would only be the local computer because it runs as a local computer user. For example, if an administrator logs on with a privileged account and inadvertently runs a virus program, the virus has administrative access to the local computer and to the entire domain. "You should grant all domain administrator users their domain privileges under the concept of least privilege. For many organizations, this task might initially seem like a great deal of work however, it is an essential step to successfully secure your network environment. For example, you must determine the access privileges that a computer or user really needs, and then implement them. "One reason this principle works so well is that it forces you to do some internal research. This principle applies to computers and the users of those computers. Doing so provides protection against malicious code, among other attacks. The principle states that all users should log on with a user account that has the absolute minimum permissions necessary to complete the current task and nothing more. The principle is simple, and the impact of applying it correctly greatly increases your security and reduces your risk. "Most security-related training courses and documentation discuss the implementation of a principle of least privilege, yet organizations rarely follow it. The following excerpt is from The Administrator Accounts Security Planning Guide, first published on April 1, 1999: Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
0 kommentar(er)
