Assign the least privilege possible
Why
Broad privileges allow malicious or accidental access to protected resources.
How
- Give only the minimum level of access rights (privileges) that is necessary to a user or service to complete an assigned operation. This right must be given only for a minimum amount of time that is necessary to complete the operation.
- Do not use administrative accounts for application access
- Use separate accounts for sensitive data
Examples
- Run service processes as their own users with exactly the set of privileges they require
- Grant read-only permissions when no updates are required
- When updates are required, limit to the scope to the target resource only.
Separete responsibilities
Why
- Limit the blast radius of successful attacks: When one part of the system is compromised, the whole system is not.
Trust cautiously
Why
- Many security problems caused by inserting malicious intermediaries in communication path
How
- Assume unknown entities are untrusted
- Have a clear process to establish trust
- Validate who or what is connecting
- Always use a kind of authentication (certificate, password, …)
- Network controls
- Do not dynamically load 3rd party code
0 comentarios:
Publicar un comentario