Highest Voted 'principle-of-least-privilege' Questions

3

votes

0 answers

Can a non-root process (MySQL) authenticate to RADIUS via PAM?

I've run across a dilemma with PAM RADIUS authentication for the database layer. In our environment, the OS login authenticates via PAM to a RADIUS server which accepts a token code and authenticates based on the time-based token and PIN. Because…

asked Jan 11 '18 at 23:07

Mike McManus

1,415
10
17

2

votes

1 answer

If browsing the web with root is dangerous, isn't browsing the web with a sudo enabled account only marginally safer?

If I get hit with malware while performing daily tasks (e.g. - checking email, web browsing, etc.) with a root shell, the malware will own my machine. If the aforementioned occurs whilst on a standard account with the ability to run sudo, the…

linux account-security privilege-escalation principle-of-least-privilege

asked Aug 11 '21 at 00:39

OTM

43
4

2

votes

0 answers

Best practices or advice to convince IT admins not to map network drives in privileged sessions with users

We are currently trying to enhance the security posture of our company, and this means changing how some IT personnel work. Put precisely, our IT helpdesk currently have 2 separate accounts: 1 for normal day-to-day usage (mails, internet, etc...),…

network active-directory privileged-account principle-of-least-privilege

asked Jan 07 '20 at 14:24

Ob1lan

123
5

2

votes

1 answer

Best way to apply least privilege to one specific jar application on Linux

Let's say I have some java application running on the host and do different things, and now I have built a jar that captures network traffic. While reading What's a least-privilege way to allow node.js to access network adapters on Linux?, it seems…

linux java principle-of-least-privilege

asked Nov 12 '19 at 04:17

A.Ho

25
3

2

votes

2 answers

Low priv users for Windows Services

This is about secure configuration of Windows Services. I've noticed many many times that software developers, when designing software for the Windows platform, don't spend enough time on the principle of least privilege. Because it is so easy and…

windows privilege-escalation principle-of-least-privilege

asked Oct 11 '16 at 07:09

kaidentity

2,634
13
30

1

vote

2 answers

Permissions, Groups, and Principle of Least Privilege

Lets say I have the following setup Two teams: TeamAlice and TeamBob A command that requires admin access: admin_command Two sets of computers: TeamAlice_Computers and TeamBob_Computers Only TeamAlice has login access to TeamAlice_Computers, and…

permissions principle-of-least-privilege

asked Sep 21 '22 at 18:20

CaffeineAddiction

7,517
2
20
40

1

vote

3 answers

Why is it not recommended to permanently use the root account for all tasks?

Yes, I did read this answer: https://apple.stackexchange.com/questions/192365/is-it-ok-to-use-the-root-user-as-a-normal-user/192422#192422 But I still fail to understand the reasoning behind this advice, as long as we are talking about a single user…

account-security defense privileged-account root principle-of-least-privilege

asked Mar 01 '21 at 21:36

gaazkam

5,607
11
24
37

1

vote

2 answers

How does separating concerns into separate processes (without enforcement) help security?

In this talk on privilege separation, Theo de Raadt explains that OpenBSD's ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is responsible for speaking UDP…

openbsd privilege-separation principle-of-least-privilege

asked Jan 04 '17 at 22:39

strugee

688
1
6
16

0

votes

1 answer

Recommendations on PKI roles as per ETSI EN 319 401 - V2.3.1

I want to configure roles (least privilege) on my CA instance (EJBCA) and I'm trying to find what are the best practices to do this. I've tried to read the ETSI EN 319 401 - V2.3.1 standard and try to implement this on EJBCA but it is not that…

public-key-infrastructure certificate-authority principle-of-least-privilege

asked May 19 '22 at 17:17

No name

93
7

0

votes

0 answers

what are the risk associated with installing flatpaks at user level

flatkill has been floating around for a while, and honestly it was the reason I was personally resistant to using flatpak packages for a while. I'm wondering though, most of the article is written from the perspective that you are installing flatpak…

sandbox privileged-account package-manager principle-of-least-privilege

asked Jan 30 '22 at 06:00

Joshua Ferguson

1
1

0

votes

1 answer

Can I use root account if every server only runs one service [Debian/Ubuntu Server]

Usually people say directly using root account is a very bad idea. However, my current setting is like this: to achieve a higher level of isolation, all services have their own virtual machine instances. In this scenario, is it okay to simply use…

debian root principle-of-least-privilege

asked May 24 '21 at 03:40

user129187

0

votes

0 answers

IoT Device user needs to perform task requiring Windows admin privilege

Our IoT device runs only our application and the device users can not launch additional apps. The IoT device users and IoT device admins both run under normal (non-admin) accounts with identical privileges. Device admin users can launch the admin…

windows iot principle-of-least-privilege

asked Mar 09 '18 at 09:38

Ken

1,091
2
6
5

Questions tagged [principle-of-least-privilege]