Data Protection and Information Lifecycle Management
< Day Day Up > |
Least privilege refers to the amount of access any user, host, or processor should have to system resources. It is always best to give just the least amount of access possible to accomplish the required tasks. If a server needs to see data on only one disk in a large array, it should be restricted to read access of that one disk. Because most end-users need to access the Internet only during working hours say, between 7 a.m. and 7 p.m. Internet access should be limited to that period. Other end-users may have different needs, and their access would differ accordingly. The downside of least privilege is that it can place inconvenient restrictions on people. In the example of Internet access, what happens if a person has to work a different shift and now needs access between 7 p.m. and 3 a.m.? Temporary changes themselves can lead to security problems if the temporary changes are not revoked in a timely manner. Least privilege is always preferred but not always practical. Compromises are inevitably made, but least privilege should be maintained as a policy. |
< Day Day Up > |