Page 1127 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1127

that all users have a well-defined job description that personnel
                  understand. Without a specific job description, it is not possible to

                  know what privileges users need.


               This principle extends beyond just accessing data, though. It also

               applies to system access. For example, in many networks regular users
               can log on to any computer in the network using a network account.
               However, organizations commonly restrict this privilege by preventing
               regular users from logging on to servers or restricting a user to logging
               on to a single workstation.

               One way that organizations violate this principle is by adding all users
               to the local Administrators group or granting root access to a

               computer. This gives the users full control over the computer.
               However, regular users rarely need this much access. When they have
               this much access, they can accidentally (or intentionally) cause
               damage within the system such as accessing or deleting valuable data.

               Additionally, if a user logs on with full administrative privileges and
               inadvertently installs malware, the malware can assume full
               administrative privileges of the user’s account. In contrast, if the user

               logs on with a regular user account, malware can only assume the
               limited privileges of the regular account.

               Least privilege is typically focused on ensuring that user privileges are
               restricted, but it also applies to other subjects, such as applications or
               processes. For example, services and applications often run under the
               context of an account specifically created for the service or application.
               Historically, administrators often gave these service accounts full

               administrative privileges without considering the principle of least
               privilege. If attackers compromise the application, they can potentially
               assume the privileges of the service account, granting the attacker full
               administrative privileges.

               Additional concepts personnel should consider when implementing
               need-to-know and least privilege are entitlement, aggregation, and

               transitive trusts.

               Entitlement Entitlement refers to the amount of privileges granted
               to users, typically when first provisioning an account. In other words,
   1122   1123   1124   1125   1126   1127   1128   1129   1130   1131   1132