Zero Trust and the Principle of Least Privilege
We recently covered Zero Trust principles broadly. Now let’s talk more about how Privilege Manager contributes to certain areas of Zero Trust, including the principle of least privilege. Zero Trust has several areas, all of which organizations can strengthen in numerous ways. Privilege Manager and Application Manager alone are not the keys to invincibility, but they have a very significant impact on proactive defensiveness and overall security.
The Principle of Least Privilege
If you live in an apartment block, you do not have the master key to the entire building. In an IT environment, a normal user is just like a tenant in an apartment block: they should not have admin rights, i.e. the master key.
Nowadays IT work constantly challenges the user for authentication in different systems, devices, and services. Generally speaking, users should always login with the lowest user privileges or role possible. This way the end user can’t harm the environment accidentally or intentionally. And if a possible attacker gets their hand on the end user’s credentials, the restrictions limit the harm done here as well.
Windows operating system has had different roles connected to user ID’s for many years. Usually, you are either a user and/or an administrator. The description for Windows 10’s “Users” group is as follows: “Users are prevented from making accidental or intentional systemwide changes and can run most applications.”
In a Zero Trust security model, you do not trust a single user by default. That’s why no end user should belong to the administrator group.
In 2020, BeyondTrust released a report on Microsoft’s vulnerabilities in 2019. The report is a pretty scary read and elaborates on access rights’ role in exploiting vulnerabilities:
- 77% of the Microsoft’s operating systems’ critical vulnerabilities could have been mitigated by denying local system admin rights from users.
- When looking at the most common workstation operating systems, Windows 10, 8.1, and 7, the number was a whopping 80%.
Check out what cybersecurity expert Sami Laiho had to say about these issues in our webinar back in February 2021:
In other words, by removing local administrator rights IT teams can tackle most of the critical vulnerabilities in their environments.
Some people think that updating the operating systems on a monthly basis does the same trick. The protection from an operating system update isn’t valid until IT teams install the update and restart the device. Now, think how long it takes for your organization to update all the latest security patches onto all of the organization’s devices.
A study by Ponemon (Ponemon 2019) shows that, on average, exploits on a critical or high-level vulnerability are spotted 43 days prior to a security patch being released for the vulnerability. The same study shows that organizations take an average of 16 days to update a software that has a critical vulnerability.
Drawing conclusions from these studies, we can infer that 80% of the cases where hackers exploit a critical vulnerability during the 16 days between exploit and patch could be mitigated.
A zero-day vulnerability is a situation where there isn’t an update or a patch available for a vulnerability when it becomes common knowledge. Cyber criminals are very active in using the zero-day vulnerabilities, as these can’t be patched yet. This is why sensible access right management is the most efficient medicine against zero-day vulnerabilities.
From a cybersecurity perspective, it is ideal to keep all of the end users in the Users group. However, in real life there are always exceptions, and sometimes an end user needs to execute an action in the operating system with elevated rights.
In some cases, the users are given a separate local administrator ID, sometimes they even get to use a domain-level admin ID, and occasionally the user’s account in Azure AD is set as an extra local admin. All of these examples trust the user to be able to use their account securely. However, there is never a 100% guarantee for this, as external threats are always lurking around the corner searching for the weakest links in IT environments.
Zero Trust’s message is to always verify, and Privilege Manager enables this. A user can be logged in with their personal ID that belongs just to the Users group. When they need to elevate their access rights, Privilege Manager can do this with a separate account. All they need to do is ask the organization’s IT support for an activation code. Once the code is in hand, users are set to perform the elevated action. This is a superior way to manage local access rights.
If you want to balance a bit more between usability and cybersecurity, Privilege Manager also has a self-service model. There users can perform an elevated action by entering their reason for requesting elevated rights to a UAC field (User Account Control). In both cases it’s easy to manage and report the elevations.
With Privilege Manager you can perform actions that require admin rights safely as a self-service.
Complicating Lateral Movement
Access rights also play a significant role when there is a security breach. Organizations want to complicate any lateral movements and make it more difficult for the attacker to get a foothold in the system. Logging into devices with elevated rights might be too easy if it isn’t well managed.
There are too many organizations that use the same password for the local admin ID on every device. Usually this is a “backup ID” used for logging in when all others fail. There are plenty of recommendations out there to follow, but the basic principle is that if a single account is jeopardized, other devices shouldn’t also be in danger.
Privilege Manager is a solution to this problem as well. Every device can have a completely unique user ID, one that’s passive by default, and its password is changed constantly.
Implementing the Principle of Least Privilege
Organizations cannot deny the reality on the ground. Managing admin rights by implementing the principle of least privilege significantly improves your security posture. Take your organization forward with Privilege Manager.
Privileged Access Management (PAM)
- Privileged Access Management (PAM) Overview
- Open-Source Privileged Access Management Software: A Solution for You?
- Removing Admin Rights Hardens your Environment
- 2 Core Rules of Zero Trust with Sami Laiho
- Principle of Least Privilege: #1 Solution for Security