![]() Principle of Least Privilege in the SQL realm Lateral movement is a common attack strategy to move from one target to the next: If the main target (for example the database server) cannot be breached into directly, attackers try to gain foothold in some other server in the system within the same network and then launch other attacks to try to get to the final goal, server by server or service by service. You see how one thing is connected to another in Security? Service account isolation also prevents lateral movement between services if an attacker gained access to one service. Read more on this topic here: SQL Server security - SQL Server | Microsoft DocsĪnd here: Surface Area Configuration - SQL Server | Microsoft Docs This would violate the principle of least privilege.īoth POLP and service account isolation help reducing the attack surface (aka attack surface reduction). This security best practice is generally referred to as service account isolation and is related to POLP: Using distinct service accounts prevents increased privileges, which happens easily when you share an account to be used for multiple purposes and as a consequence, the privileges are merged. You may also know that Microsoft recommends separating service accounts. ![]() User Account Control (UAC) in Windows is a feature that Microsoft developed to assist administrators in working with least-privileges by default and elevate to higher permission only when needed. When developing an application, using a least-privileged user account (LUA) is the first rule of engagement. POLP is so crucial because initially it is the privileges that any attacker is targeting. When permissions are granted, we shall grant the least privileges possible. It demands that the required permissions for a task shall only grant access to the needed information or resources that a task requires. ![]() The first security principle that I am going to discuss is one that most System Administrators are familiar with: the “principle of least privilege” (short: POLP). (part 1 of my series of articles on security principles in Microsoft SQL Servers & Databases )
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |