A secure network is a must-have, whether you are a large global organization or the manager of your own home network. Luckily, there are many guidelines and pieces of advice available to strengthen the security of a network. One such guideline is known as the Principle of Least Privilege, which revolves around the permissions (or privileges) that users have on a network. As a result, this principle is identified as “[striking] a balance between usability and security” (Palo Alto). Furthermore, the Principle of Least Privilege heavily revolves around one question: does a user or user group need a specific privilege?
What is The Principle of Least Privilege?
As identified by the National Institute of Standards and Technology, the Principle of Least Privilege requires “that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function” (Nieles et. al). Essentially, instead of giving users full permissions- which is a horrible idea- users are only given the specific permissions that they need at the lowest possible level needed.
For example, say we wanted to incorporate the Principle of Least Privilege for a university’s student database. To make it simple, we will have two generic types of users: students and professors. A user who is a student only needs to be able to view their own information in the database; thus, we would only give them permission to view their data only. Furthermore, some pieces of data may need to be changed by the student (such as a home address), so we can give each student the permission to only change those specific pieces of information in their own record. If we wanted to be even more secure in regard to this principle, we could have it where students must request a change instead of outright being able to change data themselves. Professors would need to be able to view and modify the information of certain students, but only students who are currently in their classes. Professors do not need the ability to modify student information of students outside of their classes. Furthermore, a professor only needs to view or modify certain pieces of a student’s record, such as their course grade. A professor does not need to know a student’s home address, nor be able to change a student’s first name. The more we consider each possible action that a user can take, the more we can apply this principle. A good rule of thumb is that if a particular permission is not 100% required, then it should not be granted.
Since the Principle of Least Privilege “works by limiting the accessible data, resources, applications and application functions to only that which a user or entity requires to execute their specific task or workflow”, networks that follow this principle are generally more secure (Palo Alto). This particular principle is also “a fundamental pillar of zero trust network access (ZTNA) 2.0”, a framework for designing networks that revolves around the idea that no device or user, regardless of status, is inherently trustworthy (Palo Alto). Furthermore, the Principle of Least Privilege helps to upkeep the confidentiality and integrity of data: those who need to see or modify certain pieces of data can see or modify them, while those who do not need to see or modify the data cannot see or modify it.
Beyond networks, the Principle of Least Privilege can also be used during application development and deployment, as outlined by this set of actions below:
Microsoft Learn Authors
- “Prevent overprivileged applications by revoking unused and reducible permissions.
- Use the identity platform’s consent framework to require that a human consent to the request from the application to access protected data.
- Build applications with least privilege in mind during all stages of development.
- Audit the deployed applications periodically to identify the ones that are overprivileged.”
It is especially important to consider user consent when creating applications through the lens of the Principle of Least Privilege. The authors of the Microsoft Learn blog suggest that “[w]henever an application that runs in a device requests access to protected data, the application should ask for the consent of the user before granting access to the protected data. The user is required to grant (or deny) consent for the requested permission before the application can progress”.
In addition, applying the Principle of Least Privilege is not a single action, but rather an ongoing process. As user roles change, it is possible that their permissions may need to change as well. Specifically, “unused and reducible permissions have the potential to provide unauthorized or unintended access to data or operations not required by the application or its users to perform their jobs”, which, as stated previously, can have negative impacts to security (Microsoft Learn Authors). Unused permissions are defined as those that have “granted to an application but … [are not] called by the application when used as intended”; alternatively, they are permission granted to a user or group that are never used by that user or group in their duties (Microsoft Learn Authors). Using the student database example from above, giving professors the ability to change a student’s favorite color in the database would be an unused permission since a professor is highly unlikely to utilize this function. Reducible permissions are those that have “a lower-privileged counterpart that would still provide the application and its users the access they need to perform their required tasks” (Microsoft Learn Authors). Using the student database example, we could give professors full editing permission over the records of all students in their class, which would allow them to get their jobs done. However, a professor does not need to be able to edit, for example, a student’s home address, and thus this permission is reducible.
Security Benefits
The Principle of Least Privilege very clearly provides increased data and system security as a benefit. Furthermore, Palo Alto Networks identifies that “[o]rganizations that follow the principle of least privilege can improve their security posture by significantly reducing their attack surface and risk of malware spread”. For example, say we have two organizations: Company A and Company B. The users in Company A are simply given full permissions “just in case”, while the users in Company B are given just enough permissions to do their jobs as per the Principle of Least Privilege. Say a hacker manages to gain access to an account in both companies. The account under Company A has full permissions, which would allow the hacker to do nearly anything they wished on the network. The account under Company B, however, might only have permissions to read and approve certain non-critical reports, which greatly limits what the hacker can do with this account.
Palo Alto Networks identifies the following benefits of implementing the Principle of Least Privilege:
Palo Alto
- Minimizes the attack surface, diminishing avenues a malicious actor can use to access sensitive data or carry out an attack by protecting superuser and administrator privileges.
- Reduces malware propagation by not allowing users to install unauthorized applications. The principle of least privilege also stops lateral network movement that can launch an attack against other connected devices by limiting malware to the entry point.
- Improves operational performance with reductions in system downtime that might otherwise occur as a result of a breach, malware spread or incompatibility issues between applications.
- Safeguards against human error that can happen through mistake, malice or negligence.
In addition, the Principle of Least Privilege is an incredibly important tool to use in today’s world. This principle is “an important information security construct for organizations operating in today’s hybrid workplace to help protect them from cyberattacks and the financial, data and reputational losses that follow when ransomware, malware and other malicious threats impact their operations” (Palo Alto). After all, providing a user who works from home full access to sensitive data could be extremely detrimental. If they use their own personal device for work, it is possible that their device might get inadvertently infected with malware. Alternatively, if the company user shares the device with other people in their household, the other users could potentially access confidential data.
Systematically going through the responsibilities and permissions of current users and user groups is a great way to begin implementing the Principle of Least Privilege. Palo Alto Networks suggests that “VPN technology replacement is a good starting point for implementing the principle of least privilege within your organization. Replace legacy remote access outdated VPN technologies with a more modern ZTNA 2.0 solution to overcome performance bottlenecks and simplify management” (Palo Alto). By starting with these two steps, your organization or home network can be well on the way to increased security.
Resources & Further Readings
Microsoft Learn Authors. “Increase Application Security with the Principle of Least Privilege – Microsoft Identity Platform.” Learn.microsoft.com, Microsoft, 23 Oct. 2023, learn.microsoft.com/en-us/entra/identity-platform/secure-least-privileged-access.
Nieles, Michael, et al. “An Introduction to Information Security.” An Introduction to Information Security, vol. 1, no. 1, June 2017, nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf, https://doi.org/10.6028/nist.sp.800-12r1.
Palo Alto Networks (Palo Alto). “What Is the Principle of Least Privilege?” Palo Alto Networks, Palo Alto Networks, www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege.
The H.A.C.K.E.R. Project 
Leave a comment