A recent article in CSO magazine promotes the use of Least Privilege Management (LPM) as one method to cut down on security issues. The methodology works like government security clearances -- not only do you have to be cleared at a certain level, but you also have a need to know before you have access.
The LPM method is similar to what is implemented in Uplogix Local Management for user management. By default, users have no privileges on any resource. Privileges are defined by roles, which are tables of permitted commands. Privileges are granted by assigning appropriate roles on the desired resources to define what the user can do on each resource.
The 2012 Data Breach Investigations Report from Verizon said that of the breaches included in their research, 96% were not highly difficult for attackers and 97% could have been avoided through simple or intermediate controls.
Managing multiple users and roles in enterprise networking groups is simplified by the Uplogix Control Center. It allows you to create and manage group accounts across multiple Uplogix Local Managers to ensure a consistent user group organization and privilege policy.
Uplogix defines permissions, roles, and privileges as follows:
- Permission - ability to use a specific command or capability; can be allowed or denied in a role definition
- Role - a named set of permissions, such as admin
- Privilege - a role assigned to a specific account for a specific resource, such as "admin on server" or "guest on port 1/4"