Hacking – and the Least Privileges Doctrine

Recently we had a forum moderator (which people we pay a nice monthly stipend) get into some issues with drug abuse problems. This individual had to be checked into a rehab clinic to get himself straightened out.  While I was aware of him having these issues in the past, I was not aware that this person was still having such problems. But the bigger problem is that the correct security policy was not 100% in place, and that is 100% my responsibility.

Long story short, due to a lack of security enforcement on our part, my site account and all my articles and such ended up getting deleted. I had to restore them from a most recent database backup. Not a very big deal, but certainly an annoyance.  Needless to say, we now have a new Forum Moderator.

The definition of Principle of Least Privilege is fairly simple and easy to comprehend. The idea is that users will be given only the privileges absolutely necessary to perform any given task. This might be configuring their computer, browsing the Internet, running a financial application, or sending e-mail. Or it could be the permission set you give a Forum Moderator on a web site you run.  You might have also heard the term Least Permission, which is very similar to the Principle of Least Privilege.

When you have employees or contractors who have been given the responsibility to do a certain job, it is extremely important to grant them ONLY the permssions to do that job, and nothing more. Studies show that the majority of hacking attacks are “inside jobs” – meaning that it is usually the work of a disgruntled employee, or even one who is mentally unstable.

Companies, organizations, and others who run websites, databases, or other information stores that could possibly be compromised would do well to examine this doctrine and ensure that they are following it.

Sadder, but a lot wiser…

Comments

  1. Dennis Gorelik12:35 PM

    Granting the minimum set of permissions is a good idea in theory, but in practice it has some overhead. Sometimes significant overhead.
    Somebody need to grand and take away these permissions. Your system must support these permission, and that makes your system more complex.
    So, in real life it should be a trade-off. It makes sense to grant a little bit more than people really need. Just in order to keep things simple.
    For example, in development it rarely makes sense to restrict developers from accessing source control folders that they don't need to have access to.
    It also doesn't make sense (usually) to restrict developers' access to Dev, and QA servers.
    On the other hand it makes sense to restrict access to production servers.

    ReplyDelete
  2. Anonymous9:50 AM

    What an ID10T!

    I have substance abuse problems and I would never, ever, hurt any one but myself.

    ReplyDelete

Post a Comment

Popular posts from this blog

FIREFOX / IE Word-Wrap, Word-Break, TABLES FIX

One of the most annoying things a developer (who would normally delight in writing code, not futzing with markup) can have is getting rendering issues between different browsers. The two biggest players are of course Internet Exploder and Firefart (as I lovingly like to refer to each). In most cases that's going to take care of 98 percent of your total site traffic. IE has had a proprietary "word-break" style attribute for a long time, and this made it into the CSS 3.0 spec. But that doesn't necessarily help you with Firefox right now. Firefox literally - (and I consider this completely idiotic, since it's been in their bug database for FIVE YEARS) does not have a reliable CSS style element to force table cell content to break in the middle of a word in order to stop the content from expanding your table / div off the page or over other content on the page. Here's a partial fix, which will work for most tables and browsers. The style declaration (I call it m
Read more

Some observations on Script Callbacks, "AJAX", "ATLAS" "AHAB" and where it's all going.

I've taken a more than cursory interest in the whole Remote Scripting (.NET species) vs. AJAX and now ATLAS discussion, mostly because I started using Remote Scripting since Microsoft first released it, and because I continued to refine it after seeing Brent Ashley's excellent work with JSRS, which was one of the first "real" cross-browser solutions back in 2000 (that's the turn of the Century for you history buffs). Now Bertrand Leroy, a Microsoft guy whose work I like , has authored some very interesting ASP.NET 2.0 script callback stuff that he points to on his blog, and he is obviously (at least, to me he is) involved quite heavily in the development of this new ATLAS infrastructure that they'll preview at PDC. Leroy's most recent post brings to the surface what I agree are the major differences between the "AJAX a - la .NET" approach as popularized by Michael Swartz with his AJAX.NET library, and Leroy's RefreshPanel, the ASP.NET 2.0 b
Read more

IE7 - Vista: "Internet Explorer has stopped Working"

Image
This one was a bitch. All of a sudden for no reason at all, out of the blue, I get this dialog "internet Explorer has stopped working". I didn't install any new software, crap- I didn't do anything! So here I am using FIREFART to go on the internet and find out what to do! Damn! Good thing I've got the sucker on the same machine (I'm not "anti-Firefox", i just don't use it that much except to check my page renderings). The Fix The fix (at least for me): 1) Go into Control Panel, and choose "Internet Options". 2) Under the "Advanced" tab, press the "RESET" button at the lower right: Don't ask me why this happens, or why the fix works. That's a BUG, D00D - I don't care how you slice it!
Read more