WikiLeaks and the Principle of Least Privilege

Wednesday, December 08, 2010

Alexander Rothacker


I saw a survey last week asking if readers thought WikiLeaks is a hero or a villain.

I won’t get political here, that’s for someone else to write about. What I will say is, what it boils down to is WikiLeaks enabling the world to see sensitive government information that spans nearly a decade.

Right or wrong, to me, this is about data security and user rights. Our SHATTER researchers and experts talk time and time again that organizations need to adhere to the Principle of Least Privilege – allowing users only the necessary access to information to complete their daily job, and nothing more.

It doesn’t matter if the data resides on the network, database or in a file folder – the Principle of Least Privilege should be followed.

Clearly, there were not enough security controls in place that would have prevented the internal thief from accessing this data, but what is disappointing, he shouldn’t have had access to this data to begin with. And if he was allowed access to it, there should have been activity monitoring in place to pick up on the files being copied.

What often happens, employees leave, get promoted, switch departments, and so on. This creates a complex web of user entitlements that needs to be sorted out, and is often very difficult and time consuming to wade through manually.

By ensuring that users only have access to the information required to complete their job and nothing more, and creating compensating controls on what can’t be changed, data could be secured from internal threats like this.

Here are some tips organizations can follow to secure confidential data from internal theft.

Map Job Functions to Privileges on IT assets – Determine and document the access to IT resources required for each job function across the organization in a Least Privilege Policy. Build a process to ensure that all employees are assigned the documented privileges required to complete their daily job activities and nothing more.

Never Assign Privileges Directly to Guest Accounts or Public – Restrict privileges to only the specific roles and accounts that need them. Granting privileges to guest accounts or anonymous groups such as public (everyone) almost always leads to violations of the Principal of Least Privilege.

Untangle The Web of User Entitlements – Whether it’s done manually by hand or automatically using software, organizations should continuously assess user entitlements to understand exactly what privileges each employee actually has. Having a detailed, accurate inventory of privileges is a pre-requisite to implementing your Least Privilege Policy and to weed out toxic combinations of privileges that may have been inherited over time.

Implement Compensating Controls for What You Can’t Fix – Monitor user privileges that cannot be modified or restricted to ensure access isn’t being abused or misused, putting the most scrutiny on the most highly privileged users. You will likely find that after monitoring specific users or groups, that you have the opportunity to make adjustments to your Least Privilege Policy. You might also identify users who are abusing their privileges – stealing data, manipulating information or even inadvertently mishandling information – a trigger you can use to kick off incident response and potentially pursue additional actions such as termination or prosecution.

 Cross Posted from

Possibly Related Articles:
breaches Insider Threats Databases Access Control WikiLeaks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.