Hacking – and the Least Privileges Doctrine

Recently we had a forum moderator (which people we pay a nice monthly stipend) get into some issues with drug abuse problems. This individual had to be checked into a rehab clinic to get himself straightened out.  While I was aware of him having these issues in the past, I was not aware that this person was still having such problems. But the bigger problem is that the correct security policy was not 100% in place, and that is 100% my responsibility.

Long story short, due to a lack of security enforcement on our part, my site account and all my articles and such ended up getting deleted. I had to restore them from a most recent database backup. Not a very big deal, but certainly an annoyance.  Needless to say, we now have a new Forum Moderator.

The definition of Principle of Least Privilege is fairly simple and easy to comprehend. The idea is that users will be given only the privileges absolutely necessary to perform any given task. This might be configuring their computer, browsing the Internet, running a financial application, or sending e-mail. Or it could be the permission set you give a Forum Moderator on a web site you run.  You might have also heard the term Least Permission, which is very similar to the Principle of Least Privilege.

When you have employees or contractors who have been given the responsibility to do a certain job, it is extremely important to grant them ONLY the permssions to do that job, and nothing more. Studies show that the majority of hacking attacks are “inside jobs” – meaning that it is usually the work of a disgruntled employee, or even one who is mentally unstable.

Companies, organizations, and others who run websites, databases, or other information stores that could possibly be compromised would do well to examine this doctrine and ensure that they are following it.

Sadder, but a lot wiser…

Comments

  1. Granting the minimum set of permissions is a good idea in theory, but in practice it has some overhead. Sometimes significant overhead.
    Somebody need to grand and take away these permissions. Your system must support these permission, and that makes your system more complex.
    So, in real life it should be a trade-off. It makes sense to grant a little bit more than people really need. Just in order to keep things simple.
    For example, in development it rarely makes sense to restrict developers from accessing source control folders that they don't need to have access to.
    It also doesn't make sense (usually) to restrict developers' access to Dev, and QA servers.
    On the other hand it makes sense to restrict access to production servers.

    ReplyDelete
  2. Anonymous9:50 AM

    What an ID10T!

    I have substance abuse problems and I would never, ever, hurt any one but myself.

    ReplyDelete

Post a Comment

Popular posts from this blog

Some observations on Script Callbacks, "AJAX", "ATLAS" "AHAB" and where it's all going.

IE7 - Vista: "Internet Explorer has stopped Working"

FIREFOX / IE Word-Wrap, Word-Break, TABLES FIX

System.Web.Caching.Cache, HttpRuntime.Cache, and IIS Recycles

FIX: Requested Registry Access is not allowed (Visual Studio 2008)