Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Most of the best ideas in IT security – indeed, security in general – have been around for a long time. One that is all too often forgotten is the concept of “least privilege”, or using the bare minimum level of access to get the job done.
For example, everyday tasks such as reading email or browsing the web don’t need the same amount of system access as less common tasks like installing a printer. Although you need to write to the data areas on the disk, there should be no need to install device drivers, modify system settings, and so on. Users running with extra rights are a prime target for malicious software that takes full advantage of the extra rights.
Although sound in principle, the devil is in the details. Often, application developers assume blindly they can do anything and seldom seem to trap for the inevitable “access denied”. Indeed, in many cases, systems are simply set up with a single user that has administrator rights, and the user is none the wiser.
Login above or Register now and get unlimited access.
Already subscribed but have forgotten your login? Recover your password your here.