The Concept of Least Privilege

Least privilege essentially means to provide access to only what is required for a user to perform their job functions and nothing more.

Share This Post

The Concept of Least Privilege

The fundamentals are often the most underappreciated part of the job in cyber security. In order to achieve a well-managed, secure environment, there must be focus on limiting exposure to risk by reducing the amount of rights and access provided. This is often described as limiting your threat surface.

Least privilege essentially means to provide access to only what is required for a user to perform their job functions and nothing more. An example is that if a user role is sales, they likely do not require access to any of the data associated with the finance team. Broadly distributed access to shared resources is the easiest way for a ransomware attack to impact a much larger part of the environment.

A corollary to this, but perhaps the greatest source of risk, is administrative rights to a computer. Admin rights, or more specifically the ability to install software or edit operating system registry settings, should never be directly associated with a user account. Instead, this should require an elevation which challenges for a password and ideally a second factor authentication.

Simple tips to practice least privilege:

Document the user role types you require and try to keep the list as small as possible
Define rights required for each role type to only the required needs
Establish authentication groups to match the role types and use-only groups in assigning privilege
Ensure that no user has direct admin rights on a PC
Create a checklist for yourself to regularly review and make modifications as required to the groups

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

[Case Study] Boston Law Firm

Technium was brought in as the security partner to deploy a defense-in-depth strategy to protect the firm
and their clients and stay current with regulatory requirements

April 13, 2022 No Comments

<img width="150" height="78" src="https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-150x78.jpg" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-150x78.jpg 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-300x157.jpg 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1024x535.jpg 1024w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-768x401.jpg 768w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1536x803.jpg 1536w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-2048x1070.jpg 2048w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-2000x1045.jpg 2000w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1000x523.jpg 1000w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1800x941.jpg 1800w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1072x560.jpg 1072w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-600x314.jpg 600w" sizes="(max-width: 150px) 100vw, 150px" />

Technium Named a 2022 Fast 50 Company

Technium Named a 2022 Fast 50 Company by Boston Business Journal

March 31, 2022 No Comments

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

6 Software Patch Management Mistakes

Hackers spent 2021 wreaking havoc by exploiting software vulnerabilities. What can you do to keep your data safe in 2022?

February 17, 2022 No Comments

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog-.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

What it means to “Be the exception”

Is Technium an MSP? An MSSP? Well, it’s complicated… Read more to see how we fit (and don’t fit) into these categories and how we are an exception to the rule.

February 3, 2022 No Comments

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm-300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/04/Case-Study-Law-firm.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

[Case Study] Boston Law Firm

Technium was brought in as the security partner to deploy a defense-in-depth strategy to protect the firm
and their clients and stay current with regulatory requirements

April 13, 2022

<img width="150" height="78" src="https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-150x78.jpg" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-150x78.jpg 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-300x157.jpg 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1024x535.jpg 1024w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-768x401.jpg 768w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1536x803.jpg 1536w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-2048x1070.jpg 2048w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-2000x1045.jpg 2000w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1000x523.jpg 1000w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1800x941.jpg 1800w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-1072x560.jpg 1072w, https://www.techniumnetworking.com/wp-content/uploads/2022/03/2022Fast50_Linkedin-Honoree-600x314.jpg 600w" sizes="(max-width: 150px) 100vw, 150px" />

Technium Named a 2022 Fast 50 Company

Technium Named a 2022 Fast 50 Company by Boston Business Journal

March 31, 2022

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes-300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/6-Software-Mgmt-Patch-Mistakes.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

6 Software Patch Management Mistakes

Hackers spent 2021 wreaking havoc by exploiting software vulnerabilities. What can you do to keep your data safe in 2022?

February 17, 2022

<img width="150" height="100" src="https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--150x100.png" class="attachment-thumbnail size-thumbnail" alt="" srcset="https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--150x100.png 150w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog--300x200.png 300w, https://www.techniumnetworking.com/wp-content/uploads/2022/01/Be-the-exception-blog-.png 600w" sizes="(max-width: 150px) 100vw, 150px" />

What it means to “Be the exception”

Is Technium an MSP? An MSSP? Well, it’s complicated… Read more to see how we fit (and don’t fit) into these categories and how we are an exception to the rule.

February 3, 2022