Qu'est-ce que le principe du moindre privilège ?

The principle of least privilege (PoLP) is a concept relating to information security, specifically when a user is granted minimum access or permission on a network. This allows the user to perform their job or required functions and nothing else.

Least privilege is regarded as a best practice method for cybersecurity and is adopted by many organizations to manage access control and prevent network breaches that put data and computing resources at risk.

PoLP applies not only to network users. It can can limit access between applications, devices, and integrated systems, meaning they only have the minimum set of permissions required to perform their function.

Why is least privilege so important?

With cybercrimes becoming increasingly more sophisticated, it is of the utmost importance to ensure every aspect of a network is secured and no weaknesses are left exposed.

There are several reasons why least privilege is so important for building Cyber Resilience:

• Least-privilege access reduces the attack surface of a network. This means that least privilege minimizes the number of vulnerable points on a network that could be targeted by a cybercriminal. By providing users the permissions needed to perform a task – and nothing more – attackers have less opportunities to spread through the network and inflict damage.
  
  Many breaches target users who have advanced network access privileges, allowing the hacker to view sensitive information. Therefore, limiting the access granted to users and devices also limits cybercriminals targeting an individual.
   
• The overall reach of malware is also limited by implementing least privileges on users and endpoints. Should the network suffer such an attack, malware cannot gain additional access and move freely to install and execute malicious code. This denies malware the opportunity to establish a remote connection or access sensitive data.
   
• Functional access control provides users just the right amount of permission to complete their tasks and no more. This reduces requests sent across the network and support tickets sent to the IT help desk in relation to access-related issues. It is proven to improve productivity amongst users on a network.
   
• Least privilege can help improve compliance in relation to data and can make auditing much easier. Establishing a clear hierarchy of users and their relevant permissions means the network can be much more structured and data can only be accessed by the users who need it.

What is privilege creep?

Privilege creep refers to when too many users on a network are given administrator permissions for certain applications, systems or networks, resulting in a security risk. Privilege creep occurs when businesses revoke the administrative rights of users during a re-evaluation of access and permissions, only to reinstate administrator permissions at a later date so users can perform specific tasks.

The most common example of this is when older (legacy) applications require additional permissions in order to run. This means that a user may have to be granted administrator privileges to install or execute some software‌. The key security risks happen when these broader permissions are not revoked once the user has completed the task, resulting in many users having privileges they do not need.

Privilege creep increases the attack surface of a network. However, diligently and consistently applying the principle of least privilege can rectify this issue, ensuring all users (both human and non-human) only have the required access levels.

What is a super user, and how does it relate to least privilege?

A super user is a network user that has unlimited access to all areas, including full read and write permissions, authority to execute software, and change network settings, data and files.

As well as being able to change a range of settings and data, super users can also set access and permissions for other users. This permission is only granted to highly trusted individuals within an organization, such as a system administrator or IT manager. Super users are usually just referred to as administrator (or root) on the network itself.

Super users rarely log in to the network and, instead, perform actions on other accounts if ‌needed. Using a Sudo command, a command that enables single actions to be taken on an account, using the privileges of a super user, sessions are unlikely to be hijacked, as they are unpredictable.

What kinds of cyberattacks can least privilege stop?

Least privilege can help prevent practically all known cyberattacks by significantly reducing the attack surface of a network.

The goal of least-privilege access is to close open pathways of travel for non-authorized users. By default, that would block any outside intruder that isn't included in the "allow list."

Cyberattacks that least-privilege helps defeat:

• Malware
• Ransomware attacks
• Phishing attacks
• SQL injection attacks
• Man-in-the-middle attacks
• Zero-day exploits

How to implement least privilege

The principle of least privilege can be implemented in a number of ways, but here is our best practice approach to ensure every detail is considered and that the additional measures work alongside a broader cybersecurity strategy.

You can implement least privilege access in six key steps:

1. Conduct an audit to identify privileged accounts across all parts of a hybrid networks, including clouds, data centers and endpoints.
   
   The audit should cover the following areas: log-in credentials, passwords, password hashes, SSH keys, and access keys — across all physical endpoints and development environments. It should also include a complete review of all cloud network permissions and gateways, ensuring all privileges are in line with the new policies — ensuring no unnecessary access has been granted.
    
2. Once the audit is complete, revoke access to both human and non-human accounts that have been granted unnecessary local administrator permissions. Then only grant permissions that are required to perform their function.
   
   In addition, super user sessions should take place only as-required, using the Sudo command for extra security. Just-in-time access (that automatically turns off) can allow normal users to access accounts with extra permissions or run administrator-level commands when needed.
    
3. Separate standard user accounts from administrator accounts using microsegmentation. This provides another layer of protection in case a user isn't restricted by least-privilege controls and is breached. It especially helps shield administrator accounts from infections and broader damage because of their key access permissions.
    
4. Use a digital vault to secure the credentials of all administrator accounts, with access only provided to the individuals who need them.
    
5. Change administrator passwords after each use to prevent cybercriminals from recording them using key-logging software. This software logs the password hash (an encrypted algorithm) rather than the characters in the password. By obtaining this hash, hackers can then attempt to deceive the authentication system into creating a new session on the network. This is referred to as a pass-the-hash attack.
    
6. Surveillez en permanence les activités administratives. Une surveillance approfondie peut permettre de détecter rapidement tout comportement suspect susceptible d'être lié à une cyberattaque ou de révéler une faille de sécurité.

Privilège minimum + Zero Trust = Cyberrésilience

Le principe du moindre privilège est fondamental pour mettre en œuvre une Sécurité Zero Trust architecture. Ce type de mesure de sécurité part du principe que tous les utilisateurs et appareils qui accèdent à un réseau constituent une menace potentielle. Le principe du moindre privilège applique les principes de confiance zéro en autorisant l'accès au trafic sécurisé uniquement et en bloquant tout autre trafic.

Selon le principe du moindre privilège, une fois qu'un utilisateur a été vérifié, il bénéficiera d'un accès limité à l'application ou à la ressource informatique dont il a besoin pour effectuer sa tâche. Ces tactiques ont été adoptées par les gouvernements et les entreprises du monde entier comme des pratiques plus anciennes telles que les pare-feux réseau ne parviennent pas à se protéger contre les cybercriminels sophistiqués et bien financés d'aujourd'hui

Zero Trust et PolP sont désormais des mesures de sécurité essentielles basées sur les meilleures pratiques que chaque organisation doit mettre en place pour protéger son infrastructure numérique contre des cyberattaques de plus en plus agressives.

Procédez aux étapes suivantes pour voir si Illumio est le partenaire idéal lors de la conception et de la mise en œuvre de votre prochain projet de segmentation :

• Découvrez comment Illumio a aidé un cabinet d'avocats international à stopper les rançongiciels.
• Téléchargez notre guide détaillé Comment élaborer une stratégie de microsegmentation en 5 étapes.
• Accédez à une copie gratuite de La microsegmentation Forrester New Wave™, premier trimestre 2022 où Illumio est nommé Leader.
• Calendrier une démonstration gratuite et une consultation avec nos experts en segmentation Zero Trust.