Posted in Associate, Azure Administrator, Azure Security Engineer, Azure Solutions Architect, Azure Windows Server Hybrid Administrator, MCSA Windows Server 2016, MS Cyber Security Architect Expert, Professional

Least privilege administrative models

   April 21, 2023

Least privilege administrative models, also known as the principle of least privilege or the principle of least authority, is a security concept that aims to limit user access to the minimum set of permissions necessary to perform their duties. This principle applies to all users, including system administrators.

The following are the features of a least privilege administrative model:

  1. Role-Based Access Control (RBAC): This model is based on the concept of roles, where users are assigned specific roles based on their job responsibilities. Each role has a set of permissions assigned to it, which determines what actions users can perform.
  2. User Account Control (UAC): UAC is a security feature in Windows that prompts users for permission when a program attempts to make changes to the system. This feature helps to prevent unauthorized changes to the system.
  3. Privilege Separation: Privilege separation involves separating the privileges of different system components to limit the impact of a security breach. For example, separating the privileges of the web server and database server can prevent an attacker from gaining access to the database if the web server is compromised.
  4. Just-In-Time (JIT) Administration: JIT administration involves granting users temporary access to perform specific tasks. This reduces the risk of privileged access misuse, as users only have access for the duration of their task.
  5. Role-Based Access Control with Attribute-Based Access Control (ABAC): This model combines RBAC with ABAC, which uses attributes to define access policies. Attributes can include user roles, department, location, time of day, and other factors.
  6. Separation of Duties (SoD): SoD involves dividing critical tasks among multiple people to prevent any one person from having complete control over a process. This helps to prevent fraud and errors.

A least privilege administrative model aims to limit user access to the minimum set of permissions necessary to perform their duties. It includes features such as RBAC, UAC, privilege separation, JIT administration, RBAC with ABAC, and SoD.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes