Let's say that one day you needed to hire a househelp. You go through the process of having that person apply for legal documentation and clearances. The person dutifully submits them in due time and come interview period, the person passed the rigorous entry process you setup. You offered and actually agreed in contract the roles the person have to do for a compensation. Then what? Do you give the person all the keys to the doors in your house?
The answer is 'No' and should be 'No.' You'll likely only give the househelp key to the front-door and key areas where the help is needed. You don't go hand out the keys to your bedroom to the househelp. And that folks, is the basic of the Principle of Least Privilege as it applies to your house or home.
Application
Now that you grasp the basic of the principle, where is it applicable or where can we apply it? We can and should be able to apply it to any system where we have our property or data.
Social Media
The idea is that you don't publish all that you want in social media simply because you can. And if you feel you must or really want to, exercise caution by selecting the proper audience. This largely is the underlying principle at play in the earlier post about Securing Your Data in Facebook - SocMed Privacy Best Practices Part 1 and Part 2.
If there's anything to stress here about Social Media posts, it's that you can fine tune the people who can read your post or access your data. You can and you should. While not completely about Principle of Least Privilege, we posted twitted earlier that Sexy selfies are not safe, it is still an underlying principle for Internet Safety.
Server Access
If you work as an I.T. Professional, a developer, a software programmer, or a software engineer, you will encounter this principle often in server access. Do not fight against this principle even if you think you can do a better job than your current system administrator. We understand the frustration and the temptation but do not ask for more access privilege than what you need for your task. We've been you at some point in our lives. Working with your administrator in using the right access for specific scenarios is the best possible chance you can all help protect your infrastructure.
As a programmer or software engineer, always design your code or system to defer or if possible at all to not require administrator privileges.
Events
If you're like most white collar (including developers, programmers, & engineers) workers, you've most likely been to a concert or considered buying a concert ticket. You'll notice that tickets of higher price will get you a seat closer to the stage while tickets of lower price puts your farther from the stage.
This is also the roughly the same principle at play. If you do not feel the need to be close to the artist on stage, you'll pay less for a ticket and thus gives you a lesser privilege. But if you have a strong need to satisfy whatever you need to satisfy by being closer to the stage or artist, then you pay more for the privilege.
Questions or Clarifications?
As always, we would like to invite you to a discussion. Feel free to add your thoughts and opinions down below in the comments section.
Comments
Post a Comment