Over a million developers have joined DZone.

Defence in Depth, Part 3: The Least Privilege Principle

DZone's Guide to

Defence in Depth, Part 3: The Least Privilege Principle

Don't run anything with administrator privileges, and log everything you do while revisiting these logs often to detect malicious activity.

· Security Zone ·
Free Resource

Mobile is increasingly becoming a part of every consumers’ identity, but the increasing use of this digital channel is escalating the security risks faced by consumers and institutions.

An application does not need to use the root (MySQL), sa (Microsoft SQL Server), postgres (PostgreSQL) or SYSDBA (Oracle Database) to connect to the database.

Likewise, it's a bad idea to run daemons or services as root (Linux) or Administrator (Microsoft Windows), unless there is a specific, justifiable, and carefully considered reason to do so. An application should always be given the least privileges possible that allow it to work properly - any additional privileges should be disabled.

If an application is connecting to a database with a privileged user account, in the event of a SQL injection vulnerability, an attacker would be able to run SQL queries as a database administrator, and on some database servers, also execute operating system commands. By executing operating system commands, an attacker could have the ability to carry out a reconnaissance exercise on the internal network behind the firewall and escalate an attack further.

Running anything with administrative privileges defeats a tried-and-tested security model that's been in place for years since it allows an attacker or a rogue application to cause more damage in the event of a security breach. Applications and database connections should be run with restricted, non-administrative privileges, elevating privileges temporarily to modify the underlying system only on a per-need basis.

Log Everything, Revisit Often

Several Defense in Depth strategies help prevent breaches in the first place, however, a crucial aspect of any defense strategy is to know when an attack is underway and what has happened after an attack occurred. Mitigating the effects of a security breach is only possible if attention is paid to early warning signs.

Logs are a crucial part of systems and applications. Through logs, one can monitor performance, uptime, resource usage, and other such data. Logs are also indispensable tools for monitoring security and detecting attacks. Logging is the closest thing to a time machine, so having comprehensive, detailed records of what happened and when could spell the difference between noticing a breach early and letting an attacker pull off a heist.

The obvious deduction here is not to ignore early warning signs, while the less obvious conclusion is the need to log absolutely everything and revisit those logs often. Naturally, this could present some technical challenges, especially to larger organizations, but it's not impossible, especially with the ever-decreasing cost of storage and the various log management tools out there that help filter signal from noise.

In order to respond in time to the early warnings of a security breach, an organization first needs to know when it's under attack and what has happened (or is happening) during the attack. One of the more effective ways to do that is to log everything and take action on what information logs reveal.

Explore the authentication advancements that are designed to secure accounts and payments—without overburdening consumers with a friction-laden experience.

security ,logging ,vulnerabilities ,cybersecurity

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}