What is POLP (Principle of Least Privilege)?
The Principle of Least Privilege means that a user, program or process is granted the minimum privileges necessary to access the system and fulfill the intended function. The principle of least privilege can also be referred to as the principle of minimal privilege (POMP) or the principle of least authority (POLA). Following the principle of least privilege is considered a best practice in information security.
This principle means providing only a limited level of access absolutely necessary to perform the job planned. It reduces the risk of a successful attacker accessing important parts of the system and sensitive data by means of compromising a low-level account or application. POLP helps stop those ‘compromises’ spreading over the whole system.
One can apply POLP to the system at any level on their own choice, as it can be applied to end users, processes, networks, databases and so on. There are a good deal of examples of how the principle of least privilege works. Here are some of them:
- User Accounts with Least Privilege. With the principle of the least privilege a user, whose job is to fill the database, can only input data. In case of an attack, malicious software affecting this computer or in case of a fishing link being clicked, the attacker is limited within this narrow field, unless the user has root access privileges.
- MySQL Accounts with Least Privilege. A MySQL setup follows the POLP when a number of different accounts are involved in performing separate jobs, for example, an online form which allows sorting data for accounts with sorting privileges only. In this case an attacker compromising such an account would only gain the right to sort the records.
- Using Just in Time Least Privilege. The user who does not need the root privileges all the time must get reduced privileges at the time they do not need root access to perform immediate tasks. Using disposable credentials tightens the security achieved by just in time least privilege.
What are the benefits?
Implementing the principle of least privilege grants a number of benefits including:
- Better security. During the NSA millions’ leak, when an attacker used admin privilege and managed to create database backups, NSA used POLP to revoke higher-level powers from the majority of the staff.
- Minimized attack surface. Some hackers attacked a 70 mln customer’s accounts through a HVAC contractor. The principle was not used correctly, as the user created a large attack surface. So the attack went out successfully, resulting in a huge loss.
- Limited malware propagation. Malicious hacking software which managed to infect the system is limited by the POLP and stays in a small section of the system it has initially penetrated.
- Better stability. POLP also reinforces the system stability by means of limiting the effect of possible changes.
- Improved audit readiness. The scope of an audit can be reduced dramatically when the system being audited is built on the principle of least privilege.
Best Practices for the POLP
The importance of the principle of least privilege is hard to be underestimated. What else can be done?
- Conduct a privilege audit. One had better check all accounts, processes and programs to make sure they have only the permissions required to perform their duties.
- Start all accounts with least privilege. The default privileges of all new accounts must be set to the lowest level possible. One should try to avoid giving out specific higher-level powers, if not for the exceptional cases when the job can not be done without it.
- Enforce the separation of privileges. Admin accounts must be separated from the rest for as long as the higher level system must be separated from the lower ones.
- Use just in time privileges. All raising of privileges must be done only in the case of vital necessity and better on a one-time-use basis.
- Make individual actions traceable. Disposable user IDs, one-time passwords, monitoring and automated auditing help limit the possible damage and narrow the attack surface.
- Make it regular. Sometimes senior (older) users, accounts and processes get higher privileges in the course of time, even if they do not need it. Auditing privileges helps prevent it.
Launched in 2019 and based in Dubai, SmartState is one of the leading DeFi security auditing firms. We conduct security tests and check the code core, smart contracts and blockchain for all types of errors, vulnerabilities and other issues.
Although SmartState gave a start to operations with smart contract auditing of DLT-projects, from the very beginning, we made our services surpass the classic purview of smart contract audit and security testing. We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals measure up a project’s git and offer guidelines and recommendations for its further advancement. Security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, as the network achieves scalability and expands to accommodate more use cases and functionality.
Stay tuned and find more about us and what we provide on our: