Why
YOU need to abide by the Principle of Least Privilege
If a chain is only as strong as its weakest link, you need to
know where that is. Most people remember to secure against external
threats, but what about the security of internal data in your applications?
The standard practice in the industry is to “close all doors”.
This means that you start by prohibiting all (or almost all) actions,
and then gradually grant permissions to users as the need arises.
This philosophy was originally phrased by Saltzer and Schroeder,
saying:
Every program and every user of the system
should operate using the least set of privileges necessary to complete
the job. (The protection of information in computer systems,
1974)
Here are three reasons why you should be following this principle:
1. It’s the industry standard: The current standard for user
rights is that users should have the lowest possible set of privileges
that will permit them to do their jobs.
2. It’s the easiest way to spot errors: If you leave the doors
open, finding errors in the level of access is quite difficult,
and these gaps can remain unfilled for a long time. However, if
you choose to close these doors, anyone needing access can have
it granted easily.
3. You avoid serious repercussions: If you forget to close an important
door, you risk a security/confidentiality breach in your system.
The limitation of this policy is often that the systems put in
place lack granularity. For an access control system that lets you
control everything your users can see and do, check
out Visual Guard for .NET.
|
Request a trial version of Visual Guard! 
