Using ‘Least Privilege’ to Shore Up Your Network Security
Written by Webroot Guest Blogger
January 3, 2020
If you haven’t incorporated the principle of least privilege into your data security plan, you’re taking a risk. Here are the POLP basics.
higher-level access only as necessary.
Create separate account types to help limit access.
Superuser accounts should be used only for administration or specialized IT employees who absolutely require unlimited system access.
Standard user accounts, a.k.a. “least privilege user accounts” (LUA) or “non-privileged accounts,” should have a limited set of privileges. Essentially, everyone who is not a superuser should get these. Depending on the business needs, standard user accounts may vary by department.
Add expiration dates to privileges where appropriate, as well as one-time-use credentials.
Create a separate, segregated guest WiFi network for on-site visitors, customers, contractors, etc.
Enforce VPN use for off-site employees.
Develop and enforce access policies for BYOD, or, if possible, provide your own network-protected devices.
Regularly review and update employee access controls, permissions and privileges to cover employee promotions or lateral moves within the company that might necessitate different privileges.
Upgrade your firewalls and ensure they are configured correctly.
browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this