25Jun/090
Least Privilege Security Model
I am finding in my daily work that everyone talks about and wants the least privilege security model until want access to something. We can redesign a network share and say that only groups are allowed and that we are not to allow user access to directly to have access and within a month of going live there is a handful of user accounts listed. What I also find funny is how people react when you ask why? Why do you need this access? You would think I am asking them to justify why they exist. My goal is to be able to document and justify why I have granted access to something (share, server, etc.) and they get offended. Using the model of least privilege help to protect everyone and the company.
Archives
- August 2010 (2)
- July 2010 (3)
- May 2010 (3)
- March 2010 (2)
- February 2010 (4)
- January 2010 (5)
- December 2009 (5)
- November 2009 (2)
- October 2009 (2)
- September 2009 (3)
- August 2009 (1)
- July 2009 (3)
- June 2009 (8)
Tags
administrator
blog
chat
clever
cmd
coach
command prompt
computer
create
daily
delete
desktop
drink
energy
energy drink
event
fights
first page
hack
hello
help
id
idea
ids
linux
mma
new
ossec
practice
report
security
server
splunk
start
system
ted
user
vent
video
website
windows
witulski
wordpress
work
wrestling
Begging for money
