The Custodian and the Princple of Least Privilege

-

It can be frustrating, when you suddenly loose permissions to something you have been doing for years only to find out you are now 'not allowed' to do it, and when you ask why you are told about the "Principle of Least Privilege"  - utter nonsense? or good information security practice?

Simply put, a person should have only sufficient the minimum sufficient access necessary to do his/her job, and no more.  Similarly, a software program should only have the minimum access to data necessary to fulfill its function and no more.  The principle of least privilege works hand-in-hand with the tenant of separation of duties and the concept of 'Need to Know

Consider the case of a custodian, let's call him Dave. Dave is responsible for cleaning the classrooms and office's inside a public school system. In order for Dave to do his job successfully, he needs access to all of the classrooms and offices. He likely has a keychain of many keys. (which always seem to be a problem in every sci-fi/horror flick when trying to escape)


Now if the custodian can access say the principal's office (for the purpose of cleaning it). Technically, he could also find student records, employee files, and all kinds of other sensitive information). This is a risk to the business (or in this case the school). It is not an issue of TRUST. Regardless of how long you have known Dave, he could for example have his keys stolen, or he might switch shifts with another custodian with less trust, or perhaps he is placed under duress for the keys. So how does one successfully manage that risk?

Need to Know - means that just because DAVE could access this data, he must not, because his job does not have a 'need to know' of the information.  Just because someone has access, does not imply the right to access. Dave accessing this information even if he can see it right on the principal's desk is a violation of 'Need to Know'. In the world of information security, just because you are granted 'full access' to all of the files on the company drive, does not imply it is okay to go read them all. While it might be obvious that Dave should not look at employee records, it is not always easy/clear in some other situations.

Separation of Duties  - The act of cleaning the room, is completely separate of the act of say administrating the employee files. Therefore Dave should not be hired both as the custodian, and as the office manager. This prevents accidental information leakage. If Dave understands his job is to clean the office he/she should not be asked to manage the employee files, and the Office Manager similarly would not have any reason to be searching around in the principals garbage can. This reduces risk a bit better then just 'Need to Know' because it clarifies by design, what people are responsible for which specific tasks. However, it still doesn't prevent someone from NOT searching the trash, it just provides policies/guidelines to help avoid it.  In IT Security, this would for example specific administrative tasks of a DBA should NOT involve writing new code, or deployment of a software application, and similarly and application developer should not be able to perform admin level operations on all (or any) specific database instance.

Principle of Least Privilege - If  we want to ensure that Dave cannot access the employee files, student records, we can simply choose to store them inside another area (eg: Filing Cabinet, computer system) to which Dave does not have the key (or password).  Dave has the requirement to access the office (to clean it) but no access to the files themselves. So even if Dave were to get curious, or loose his keys, or be put under duress, he simply cannot access the secured information.  This is also why some stores have a sign that state 'limited cash on hand' or 'employee cannot access safe'.  If someone holds up the store, even those on shift, cannot access the money themselves. Again from an IT Security perspective, a DBA might require access to the data (eg: for backup, maintenance purposes), but would not have access to the configuration files for the software that uses the data, or even require knowledge of the password that the application itself uses to access the data.

But what if you are small business? Well the good news is you can still follow all of these principles, but it might get a little more...complicated.

Your one 'IT person' technically has access to all of your files, but he should not just go around snooping them just because he can (need  to know), further more, he/she should have at least 2 accounts - one for his day to day activities(which cannot access "everything")  and a second account to be used only for special admin tasks - setting up accounts, enabling/disabling services ,etc.  (separation of duties). Finally it is possible for super sensitive data to setup multiple schemes - For example the CEO of the company may store files in an electronic vault, with a password only he/she knows.  You IT guy just sees this as one 'file'. He/she can still copy it, back it up, etc but cannot access the data itself without knowledge of the password that decrypts the contents.  In fact he doesn't even need the knowledge that it is an encrypted file at all. The file could be named josh_gates_to_oak_island_original.mp4 with the vault hidden inside it. It is even possible to have systems that require 2 people to access the data. In  this way one person only knows a "part" of the password. Neither can access the information individually, but both can unlock it together. (Principle of Least Privilege)

Be Warned: Whatever you decide - Just don't give the computer itself the power to decide who should have access !




If you liked this post please consider sharing via your favorite social networks!!

and ..if you like my blogging, video, audio, and programming - please consider becoming a patron and get exclusive access @ Patreon.com/GeekWisdom

Comments

Post a Comment

Popular posts from this blog

Programming Rant - Stop the Insanity!! - .NET 7 is not the successor to .NET 4.8

-
Image
  .NET 7 IS THE SUCESSOR TO .NET 6 .NET 6 IS THE SUCESSOR TO .NET 5 .NET 5 IS THE SUCESSOR TO .NET CORE 3 ...drum roll please... .NET 5 IS NOT THE SUCESSOR TO .NET 4.8 !! ! At the time of this blog their is no .NET path after .NET 4.8. Microsoft will continue to support, patch and update .NET 4.8 for the foreseeable future, though will likely not continue to 'add new' to it. (but they also said this about .NET 4.5.2 and have continued to update it so far to .NET 4.8..so take that with a bit of a grain of salt) Microsoft's "naming" policy of the .NET line and the .NET Core, and .NET Standard is rather foolish from a logical point of view, but it does have some good "salesman" characteristics. Software Development Companies can try to sell the idea in peoples minds to upgrade .NET 4.8 to ..NET 7 and make a bundle in the process - even though Microsoft itself fully admits it is not ending any support for .NET 4.8 This is based on the mistaken idea that a la
Read more

Despite of how it looks - I'm not part of a coup d'etat

-
Image
  Blake Miner recently wrote an interesting blog entry called " The Infinite Version of You" . It is an interesting though experiment based on a concept known as "Theory of Mind" . In a nutshell, the people that others interact with in their minds have a version of "YOU", not the real you but the "YOU" they believe they "know".  Similarly, the people you interact with are not really them but simply a 'copy' of them you have made in your own mind, based on your experiences. This has some personal relevance to me, specifically as a young child, when I was between the ages of 9-11 my dad was diagnosed with a type of Schizophrenia. My dad believed that 'GOD' was taking to him and had given him special abilities, for example, the ability to move objects with his mind. What I came to realize though this experience (and through others following) was that the 'Dad' I knew was only a part of the picture. A bunch of pieces
Read more

Everything in Moderation...

-
Image
 You've probably heard it from a health professionals, in ads or from that local gym.  Can I eat some chocolate? How about a bag of chips? Everything is okay to to eat... in moderation.. right? I am fortunate have been born in a part of the world that values human rights and freedoms. One of these in particular is the 'right' to free speech. We have the right to say what we feel and think, positive or negative, to share our thoughts with others - this is an important aspect of society. Just follow one of the many tweets from Elon Musk, and you can see how much he believes in Free Speech, or for charges brought against others who have attempted to the hinder free speech of others In our world, we are constantly inodiated with information, with the free speech of those around us, and the responsibilities that come with it. There is a man I admire greatly, who gave a lot of talks over his lifetime - his name is Dr Wayne Dyer. He gives one speech about an orange, that truly cha
Read more

Way back then...Apple ][

-
The way I remember it... It was the fall of 1993, I had just started Grade 11, near the far end of the hallway of my highschool were 2 classes. 'Typing' and 'Computer Related Studies'.  It was the first year I would actually have 'computers' as a course in school, which I was pretty excited for. I only had an old Vic 20 at the time, but was hoping for a new IBM Clone 80386 for Christmas (I got my wish, it was from the Sears catalog and at the time was like close to $2000) I was quite familar with programming in BASIC, but I got a specific book at the local library on AppleSoft Basic to learn to program in the APPLE 2.  Most of the first part of the year was all about 'computer' history. We actually didn't spend too much time using the computers in the lab, which was fine, I enjoyed learning about the history, plus I was part of the school newspaper that year so I got to use the Apples running the newspaper program "The Newsroom". Wh
Read more

The Most Dangerous Software on the Internet!

-
Image
(From Wikipedia): The infinite monkey theorem states that a monkey hitting keys at random on a typewriter keyboard for an infinite amount of time will almost surely type any given text, such as the complete works of William Shakespeare. In fact, the monkey would almost surely type every possible finite text an infinite number of times. However, the probability that monkeys filling the observable universe would type a complete work such as Shakespeare's Hamlet is so tiny that the chance of it occurring during a period of time hundreds of thousands of orders of magnitude longer than the age of the universe is extremely low (but technically not zero). Recently in the news, their have been articles regarding " Reverse Class Action Lawsuits ". In a typical class action law suit a group of people get "ban" together to sue a large company.  The 'reverse' class action lawsuit is a tool being used by movie companies, to target individual users downloading o
Read more

Diabetes is not caused by eating too much sugar !!!

-
Image
 It makes me cringe every time I see a meme like this ! TLDR; -> Please help support finding a cure for Type 1 diabetes. I made this video for my local community Facebook page and it was rejected. I'm hoping you can help support the fight! To Donate:  https://jdrf.akaraisin.com/ui/jdrfwalk2023/p/1fc07cd8d6214688ad239471dfa31a88 ---- I worry, sometimes, that people really believe this is true, that eating a lot of sugar gives you diabetes. Suggesting that those that have diabetes are somehow 'responsible' for it because they ate too much sugar. This is utter nonsense ! ..and probably makes it hard to raise money to support finding a cure for diabetes - if the person is 'at fault' then why help them right? A person who chooses to smoke cigarettes, drink excessive amounts of beer, or engage in 'recreational' drug use, literally made a choice (in most cases) to put toxic chemical in their body - and yes I know people have addiction problems and need help - bu
Read more

Windows Gadgets (Geek Wisdom Clock)

-
Image
Do you remember the old days of ' Windows Desktop Gadgets ?' Gadgets were introduced back in 2000's by project "sidebar". A research group, who had developed a way to add things lick a clock, or an RSS reader on your desktop. Well the other day a fellow team mate of mine showed me a transparent clock he was working on in VB.NET. And I was like "Whoa! - Cool can I get a copy?" Well I tweaked it a bit, and wrote a tutorial on how it works on my GitHub Page. You can read the tutorial here:  https://www.codeproject.com/Articles/5249592/Making-a-Transparent-Desktop-Clock  and the related GitHub is @  https://github.com/geekwisdom/gwClock . Feel free to make your own gadgets using it. Or if you prefer to just download the binary release -   https://github.com/geekwisdom/gwClock/releases Thanks to Chris Wilby for the inspiration and the source! Enjoy !
Read more

So I started a Podcast ! - The G33k Dream Team .

-
Image
  *** HELP WANTED *** It was a dark and stormy night - okay well actually it was about 9AM on a Friday the 13th that I received a Facebook (messenger) message from Matt Gabrielson.. but the story starts a little earlier than that. About one year earlier, to be precise, on Jan 13th 2022, I sent Matt a message asking if I could write a guest blog on his site.  It took him over 1 year to respond - not because he wasn't fast at responding but because it took over 1 year for the message to show up in his Facebook Messenger. So we did an interview together for his YouTube channel it is called " What is GeekWisdom ", it was an opportunity to discuss GeekWisdom , how it started and what it meant. As of the time of this article, that video had more views then any of his other interview thus far, so when a few weeks later he contacted me as if I wanted to start a podcast with him, I jumped at the opportunity. The format is pretty simple, at least once a month (on the 4th), we are g
Read more

You should be able to do that...

-
Image
Everyone in life has different *things* which cause frustration.  For me often the primary source of frustration is around language and communication. A recent lifehacker podcast "How to get Your Point Across Online"  reminded me of how easy it is to fall into the trap of 'You should be able to do that...' There are many things I am not very good at, at least not in the not so humble opinion of others. I am not a multitasker, I cannot listen to/respond to more than one conversation at  time. I cannot remember things well (or where I put them) without prompts or reminders, and I quickly become anxious when confronted with a new situation that scares me, and it takes time for me to process my emotions. It is so easy for others to dismiss my 'quirkiness' as a flaw either in my ability as a person or in my personality. I suppose in people's mind we setup a "personna" of what every person should be able to do, and if they cannot just 'do it',
Read more