Ask Sucuri: What is the Principle of Least Privilege?

If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture.

This principle is about:

  • Using the minimal set of privileges on a system in order to perform an action.
  • Granting those privileges only for the time the action is necessary.

Access Control Example

If you hire a gardener, you grant them access to your yard – not your bedroom, living room or your home office. Additionally, you grant them access for the time they’re working on your property (e.g., between 10 am and 2 pm). The idea is simple; give someone the access they require to do their job for the time they need it.

This should be the same way you approach access to your websites.

If you use a Content Management System (CMS) you might be familiar with its roles and their associated privileges. These roles are extremely important, they help secure your website while also enabling collaboration.

A user with an administrator role is expected to use their privileges responsibly. On the other hand, contributors can’t publish their own posts.

The Importance of Roles

Roles specify what can and can’t be done by a user. In a perfect system, a role will stop anyone who tries to perform an action beyond what the role is designed for.

For example, a WordPress administrator is able to inject unfiltered HTML into posts or execute commands to install plugins. Is this a vulnerability? No, it’s a feature, based on one very important element. Trust.

From a security point of view, there’s no perfect system. Every system has potential vulnerabilities. The way those vulnerabilities are handled is the most important factor.

The severity of the vulnerability drops as a consequence when the attacker needs higher privileges in order to successfully exploit a vulnerability. This is why practicing the principle of least privilege is so important. It reduces the attack surface, making it more difficult for attackers to perform unauthorized actions.

The Impact of Roles

The unauthorized use of a role is limited by the privileges of the role itself.

Every misaligned role increases the odds of something bad happening. There is one common denominator when it comes to today’s compromises, and that’s the exploitation of the biggest vulnerability – people.

The weakest link in any security chain is always the people. 

To help mitigate this risk we recommend asking yourself two questions when thinking about what role to assign a user:

  • What is the lowest set of privileges allowable for this user’s tasks?
  • How long are the privileges required?

Don’t be shy about setting lower privileges to users that don’t need an administrative role. This includes your customers. If you need help communicating why this is important to your risk, let us know.

Conclusion

The principle of least privileged is an important part of your defense-in-depth approach to website security. It ensures that you effectively align each user of your site with an appropriate role, and associated privileges.

All common CMS applications have built-in roles/privileges that help website administrators better manage their users and associated permissions. Regardless of the role, however, be sure to ensure that every user pays special attention to using complex, long and unique passwords.

If you currently employ a good defense-in-depth strategy and are looking for a solution to help complement your existing security control be sure to look into our website security platform.

You May Also Like