WEBVTT 1 00:00:00.000 --> 00:00:01.680 In this lesson, 2 00:00:01.680 --> 00:00:05.820 we will learn about access control mitigations. 3 00:00:05.820 --> 00:00:09.240 Access control mitigations implement measures 4 00:00:09.240 --> 00:00:12.240 that restrict access to system resources 5 00:00:12.240 --> 00:00:14.190 and functionalities. 6 00:00:14.190 --> 00:00:19.020 Access control mitigation concepts include least privilege, 7 00:00:19.020 --> 00:00:23.580 least function or functionality, and allow listing. 8 00:00:23.580 --> 00:00:25.530 The principle of least privilege 9 00:00:25.530 --> 00:00:28.230 ensures that users or processes 10 00:00:28.230 --> 00:00:31.380 are granted only the minimum levels of access 11 00:00:31.380 --> 00:00:35.790 or permissions necessary to perform their tasks. 12 00:00:35.790 --> 00:00:38.970 Next, lease function or functionality 13 00:00:38.970 --> 00:00:42.540 limits the available system functions or features 14 00:00:42.540 --> 00:00:46.140 to only those necessary for operations. 15 00:00:46.140 --> 00:00:49.500 Finally, allow listing restricts access 16 00:00:49.500 --> 00:00:54.150 to a predefined allowed list of approved applications 17 00:00:54.150 --> 00:00:56.190 or IP addresses. 18 00:00:56.190 --> 00:00:58.770 Let's learn more about least privilege, 19 00:00:58.770 --> 00:01:02.970 least function or functionality, and allow listing. 20 00:01:02.970 --> 00:01:05.700 First, we have least privilege. 21 00:01:05.700 --> 00:01:07.440 The principle of least privilege 22 00:01:07.440 --> 00:01:10.830 is a foundational access control strategy 23 00:01:10.830 --> 00:01:14.580 that limits a user's or processes permissions 24 00:01:14.580 --> 00:01:19.580 to only what is necessary for their role or task only. 25 00:01:19.950 --> 00:01:23.010 By granting only the essential permissions, 26 00:01:23.010 --> 00:01:25.620 least privilege helps reduce the risk 27 00:01:25.620 --> 00:01:28.740 of unauthorized access or misuse 28 00:01:28.740 --> 00:01:32.100 as users and processes are prevented 29 00:01:32.100 --> 00:01:36.270 from accessing unnecessary data or functions. 30 00:01:36.270 --> 00:01:40.260 In practice, this means that each user or program 31 00:01:40.260 --> 00:01:42.960 operates within a restricted scope, 32 00:01:42.960 --> 00:01:47.550 and if compromised cannot exceed its limited permissions. 33 00:01:47.550 --> 00:01:50.520 This principle is particularly useful 34 00:01:50.520 --> 00:01:54.000 for minimizing the impact of security breaches 35 00:01:54.000 --> 00:01:57.450 and ensuring a contained access environment. 36 00:01:57.450 --> 00:02:01.530 In action, let's consider a company's accounting software 37 00:02:01.530 --> 00:02:03.240 where the payroll department 38 00:02:03.240 --> 00:02:06.630 can view and update employee salaries, 39 00:02:06.630 --> 00:02:09.120 but customer service staff 40 00:02:09.120 --> 00:02:12.000 do not have access to this information. 41 00:02:12.000 --> 00:02:14.730 By applying the principle of leased privilege, 42 00:02:14.730 --> 00:02:19.350 only payroll staff can access sensitive payroll data, 43 00:02:19.350 --> 00:02:21.510 while other employees are restricted 44 00:02:21.510 --> 00:02:24.540 to the information required for their jobs, 45 00:02:24.540 --> 00:02:28.380 which in this case does not include payroll data. 46 00:02:28.380 --> 00:02:32.010 In this configuration, if an unauthorized person 47 00:02:32.010 --> 00:02:35.130 were to access a customer service account, 48 00:02:35.130 --> 00:02:37.080 they wouldn't be able to reach 49 00:02:37.080 --> 00:02:39.390 sensitive payroll information, 50 00:02:39.390 --> 00:02:41.760 limiting potential data breaches 51 00:02:41.760 --> 00:02:45.000 and exposure of sensitive information. 52 00:02:45.000 --> 00:02:48.660 So implementing the principle of least privilege 53 00:02:48.660 --> 00:02:53.580 requires consistent access reviews, clear role definitions, 54 00:02:53.580 --> 00:02:56.820 and permission adjustments when roles change. 55 00:02:56.820 --> 00:03:01.560 Next, access permissions should be evaluated regularly 56 00:03:01.560 --> 00:03:05.040 to ensure they align with job responsibilities, 57 00:03:05.040 --> 00:03:09.300 and any unused permissions should be removed immediately, 58 00:03:09.300 --> 00:03:12.210 including the offboarding process. 59 00:03:12.210 --> 00:03:14.460 Finally, automated tools 60 00:03:14.460 --> 00:03:17.730 such as access review automation tools, 61 00:03:17.730 --> 00:03:20.790 identity and access management platforms, 62 00:03:20.790 --> 00:03:23.880 and privileged access management solutions 63 00:03:23.880 --> 00:03:26.850 can assist by flagging high privilege accounts 64 00:03:26.850 --> 00:03:30.810 or permissions that exceed role requirements. 65 00:03:30.810 --> 00:03:34.050 This approach combined with regular audits 66 00:03:34.050 --> 00:03:36.300 helps enforce leased privilege 67 00:03:36.300 --> 00:03:39.000 ensuring that users and processes 68 00:03:39.000 --> 00:03:42.600 have only the permissions they genuinely need. 69 00:03:42.600 --> 00:03:46.650 Second, we have least function or functionality. 70 00:03:46.650 --> 00:03:51.360 Least function or functionality is an access control concept 71 00:03:51.360 --> 00:03:54.510 that restricts system features and functions 72 00:03:54.510 --> 00:03:58.740 to only those required for essential operations. 73 00:03:58.740 --> 00:04:01.980 This principle minimizes the availability 74 00:04:01.980 --> 00:04:05.370 of unused or unnecessary features, 75 00:04:05.370 --> 00:04:07.950 which if left accessible 76 00:04:07.950 --> 00:04:10.980 could become security vulnerabilities. 77 00:04:10.980 --> 00:04:12.720 By limiting functionality, 78 00:04:12.720 --> 00:04:15.180 systems reduce their attack surface, 79 00:04:15.180 --> 00:04:18.840 decreasing the likelihood of exploitation of features 80 00:04:18.840 --> 00:04:22.020 that may contain unpatched vulnerabilities 81 00:04:22.020 --> 00:04:25.950 or offer unintended access to sensitive data. 82 00:04:25.950 --> 00:04:28.410 Unlike the principle of least privilege, 83 00:04:28.410 --> 00:04:32.220 which limits user permissions, least functionality 84 00:04:32.220 --> 00:04:35.730 focuses on restricting available system features 85 00:04:35.730 --> 00:04:37.830 to essential components, 86 00:04:37.830 --> 00:04:41.370 reducing potential entry points for attackers. 87 00:04:41.370 --> 00:04:45.720 To put this into practice, let's consider a web application 88 00:04:45.720 --> 00:04:50.190 with both a user interface and an admin panel. 89 00:04:50.190 --> 00:04:52.440 While the admin panel has features 90 00:04:52.440 --> 00:04:56.160 like user management and configuration settings, 91 00:04:56.160 --> 00:05:00.390 regular users have no need for these capabilities. 92 00:05:00.390 --> 00:05:03.480 Applying the principle of least functionality, 93 00:05:03.480 --> 00:05:05.820 access to the admin panel 94 00:05:05.820 --> 00:05:09.840 would be restricted solely to administrative accounts, 95 00:05:09.840 --> 00:05:12.240 while standard users would be limited 96 00:05:12.240 --> 00:05:15.390 to only features relevant to their roles 97 00:05:15.390 --> 00:05:18.210 like the standard user interface. 98 00:05:18.210 --> 00:05:21.240 This separation of functionality permissions 99 00:05:21.240 --> 00:05:24.510 reduces the chance of unauthorized users 100 00:05:24.510 --> 00:05:26.640 accidentally or intentionally 101 00:05:26.640 --> 00:05:30.540 accessing configurations or controls. 102 00:05:30.540 --> 00:05:33.690 So to apply least functionality, 103 00:05:33.690 --> 00:05:37.680 organizations should evaluate each system's features, 104 00:05:37.680 --> 00:05:40.080 identify what is essential, 105 00:05:40.080 --> 00:05:43.680 and disable or remove anything extraneous, 106 00:05:43.680 --> 00:05:47.580 such as unused application programming interfaces, 107 00:05:47.580 --> 00:05:52.050 unnecessary administrative tools, debugging, interfaces, 108 00:05:52.050 --> 00:05:56.730 default configurations, and inactive network services. 109 00:05:56.730 --> 00:06:00.630 This minimizes the number of potential vulnerabilities 110 00:06:00.630 --> 00:06:03.210 by exposing only the essential parts 111 00:06:03.210 --> 00:06:06.660 of an application or system to those that need it, 112 00:06:06.660 --> 00:06:09.540 reducing the overall risk profile 113 00:06:09.540 --> 00:06:13.620 and ensuring that only necessary functions are accessible. 114 00:06:13.620 --> 00:06:16.950 Third and last, we have allow listing. 115 00:06:16.950 --> 00:06:20.970 Allow listing, which you may still hear called whitelisting, 116 00:06:20.970 --> 00:06:24.630 is an access control approach that limits access 117 00:06:24.630 --> 00:06:28.170 to a specific list of approved applications, 118 00:06:28.170 --> 00:06:32.820 IP addresses, or entities, effectively blocking anything 119 00:06:32.820 --> 00:06:35.640 that is not explicitly permitted. 120 00:06:35.640 --> 00:06:40.200 This method ensures that only trusted known resources 121 00:06:40.200 --> 00:06:44.460 can interact with an IT system, making it more secure 122 00:06:44.460 --> 00:06:47.010 by preventing unauthorized software, 123 00:06:47.010 --> 00:06:51.300 devices, or network connections from accessing it. 124 00:06:51.300 --> 00:06:54.900 By enforcing a strict allow only policy, 125 00:06:54.900 --> 00:06:59.430 allow listing reduces the chances of malware infections, 126 00:06:59.430 --> 00:07:04.410 untrusted device access, and unauthorized data transfer, 127 00:07:04.410 --> 00:07:07.530 especially in high security systems. 128 00:07:07.530 --> 00:07:10.950 However, it requires diligent management 129 00:07:10.950 --> 00:07:15.660 as lists must be updated each time applications are modified 130 00:07:15.660 --> 00:07:19.290 or new approved applications are introduced. 131 00:07:19.290 --> 00:07:22.920 Allow listing can be contrasted with blocklisting, 132 00:07:22.920 --> 00:07:25.650 which is another access control method 133 00:07:25.650 --> 00:07:29.250 that prevents known bad or flagged items 134 00:07:29.250 --> 00:07:31.500 from accessing a system. 135 00:07:31.500 --> 00:07:34.710 While effective for known bad resources, 136 00:07:34.710 --> 00:07:38.520 blocklisting, which is still sometimes called blacklisting, 137 00:07:38.520 --> 00:07:42.810 is only as effective as the known bad resources are. 138 00:07:42.810 --> 00:07:44.400 So in the end, 139 00:07:44.400 --> 00:07:48.630 blocklisting is a less effective access control method. 140 00:07:48.630 --> 00:07:51.090 Now, back to allow listing. 141 00:07:51.090 --> 00:07:54.900 Let's consider a practical application of allow listing 142 00:07:54.900 --> 00:07:58.170 that can be seen in secure corporate networks 143 00:07:58.170 --> 00:08:00.450 where only trusted IP addresses 144 00:08:00.450 --> 00:08:04.410 from specific regions or virtual private networks 145 00:08:04.410 --> 00:08:08.790 are permitted to access sensitive internal resources. 146 00:08:08.790 --> 00:08:11.430 In this configuration, if an attacker 147 00:08:11.430 --> 00:08:16.430 tries to access the network from an unauthorized IP address, 148 00:08:16.470 --> 00:08:20.100 allow listing will automatically block the attempt 149 00:08:20.100 --> 00:08:25.100 since the unauthorized IP address is not explicitly allowed. 150 00:08:25.260 --> 00:08:27.870 This type of allow list policy 151 00:08:27.870 --> 00:08:30.840 ensures that only pre-approved devices 152 00:08:30.840 --> 00:08:32.940 and locations can connect, 153 00:08:32.940 --> 00:08:36.930 adding a layer of security to the corporate environment. 154 00:08:36.930 --> 00:08:40.200 Some companies also allow list applications 155 00:08:40.200 --> 00:08:44.250 by their hash values to ensure that only specific 156 00:08:44.250 --> 00:08:48.600 trusted versions of software are permitted to be used, 157 00:08:48.600 --> 00:08:51.120 though this approach requires updates 158 00:08:51.120 --> 00:08:54.180 whenever an application version changes. 159 00:08:54.180 --> 00:08:57.630 So to effectively implement allow listing, 160 00:08:57.630 --> 00:09:01.050 organizations should maintain an updated list 161 00:09:01.050 --> 00:09:05.340 of trusted applications, IP addresses, and devices, 162 00:09:05.340 --> 00:09:09.870 periodically reviewing and adjusting the list as necessary. 163 00:09:09.870 --> 00:09:14.220 Allow listing should be applied at critical network points 164 00:09:14.220 --> 00:09:17.970 such as firewalls and application servers 165 00:09:17.970 --> 00:09:21.990 to restrict incoming traffic to known entities. 166 00:09:21.990 --> 00:09:25.440 Managing allow lists across large networks 167 00:09:25.440 --> 00:09:27.780 can be streamlined using tools 168 00:09:27.780 --> 00:09:31.410 like Microsoft Active Directory Group policies, 169 00:09:31.410 --> 00:09:35.640 AppLocker, and Defender Application Control. 170 00:09:35.640 --> 00:09:38.550 Through consistent review and updates, 171 00:09:38.550 --> 00:09:41.670 allow listing serves as a powerful way 172 00:09:41.670 --> 00:09:46.200 to control access strictly to trusted resources. 173 00:09:46.200 --> 00:09:50.400 So, remember, access control mitigations 174 00:09:50.400 --> 00:09:54.540 help secure system resources by restricting access 175 00:09:54.540 --> 00:09:58.260 to authorized users and functions only. 176 00:09:58.260 --> 00:10:01.260 Key concepts include least privilege, 177 00:10:01.260 --> 00:10:05.520 least function or functionality, and allow listing. 178 00:10:05.520 --> 00:10:07.590 The principle of lease privilege 179 00:10:07.590 --> 00:10:10.590 limits user or process permissions 180 00:10:10.590 --> 00:10:13.860 to the minimum necessary for their tasks, 181 00:10:13.860 --> 00:10:18.840 reducing the risk of unauthorized data access or misuse. 182 00:10:18.840 --> 00:10:22.380 Next, least function or functionality 183 00:10:22.380 --> 00:10:26.340 restricts system features to only essential ones 184 00:10:26.340 --> 00:10:30.060 minimizing vulnerabilities by preventing access 185 00:10:30.060 --> 00:10:34.080 to unnecessary components and resources. 186 00:10:34.080 --> 00:10:37.590 Finally, allow listing permits access 187 00:10:37.590 --> 00:10:41.700 to pre-approved applications or IP addresses 188 00:10:41.700 --> 00:10:45.870 blocking anything that is not explicitly approved. 189 00:10:45.870 --> 00:10:50.520 Unlike blocklisting, which only prevents known risks, 190 00:10:50.520 --> 00:10:53.520 allow listing takes a more secure approach 191 00:10:53.520 --> 00:10:57.570 by blocking all non-approved entities by default. 192 00:10:57.570 --> 00:11:01.830 Together these strategies enhance system security 193 00:11:01.830 --> 00:11:04.740 by narrowing access to trusted users, 194 00:11:04.740 --> 00:11:07.203 functions, and resources.