15. Least Privileged Exercise Solution

Least Privileged Exercise Solution

The first answer could have been a bit tough to come up with if you haven't heard of Privilege Access Management applications.

Here's how they work:

Rather than every IT Admin having access to a specific server, the Privilege Access Management application has access, and when the IT Admin needs to log in and complete a task. They will check out a password, which can be the real password or it can be one-time use only password and login to do the work.

Not only does this decrease the attack surface by limiting the number of accounts that can access sensitive data, but it also creates another logging point. For instance, if data is destroyed or missing at a certain time, simply check the logs of the PAM to see who was the last to request the password near the time of the incident.

The second method of PoLP in IT Departments is more popular, primarily because there is no additional cost involved. Each IT Admin has two accounts, the first is a standard user account. This is what they login to their PC with to perform normal usage. When elevated privileges are needed they simply log in with their admin account, commonly known as a bank account. Example: User Account: bthompson Admin Account !bthompson