LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Guardian Digital promotes Least Privilege security

[Posted January 9, 2008 by cook]

From:  "Ryan Berens" <rberens-AT-guardiandigital.com>
To:  "PR " <pr-AT-lwn.net>
Subject:  Security Prediction for 2008: 'Least Privilege' Engineering Will Gain Momentum
Date:  Tue, 8 Jan 2008 08:56:27 -0500 (EST)
Message-ID:  <20080108135627.885FE694066@juggernaut.guardiandigital.com>

Hi PR,

The concept of 'least privilege' has been discussed within the 
security realm since its inception decades ago.

Defined as a system where a process "must be able to access only 
such information and resources that are necessary to its legitimate 
purpose," it has been largely under the radar in the commercial 
security space as strategies like endpoint and network security have 
taken its place.

Guardian Digital, the developer's behind EnGarde Secure Linux, the 
worlds first open source security platform, are announcing today that 
2008 will showcase a huge resurgence in the exposure and awareness of 
'least privilege' engineering as a metric for vendor security. The 
company states this future re-emphasis on application access is likely, 
especially considering the increased effectiveness of targeted
phishing attacks made possible from social networking sites.

More information is available in the Press Release below. 

If you would like to cover it, or have any questions or comments, please 
feel to contact us.

Regards,
Ryan Berens 

- - - - - - - - - - - - - -
Marketing and Communications
Guardian Digital, Inc. 
rberens@guardiandigital.com
- - - - - - - - - - - - - -



2008 Security Forecast: 'Least Privilege' Engineering Will Gain Momentum

Human error and evolving phishing attacks will compel organizations to 
tighten control over application access, not just user access

Allendale, New Jersey, January 8th, 2008 - Guardian Digital, the open 
source security pioneer, forecasts an increased need for comprehensive 
control over Internet and employee resources with 'least privilege' 
engineering in 2008.  "Most vendors don't stress least privilege enough 
in their development architecture, especially with the increasing threats 
from human error and employee liability" says CEO Dave Wreski. "Security 
in 2007 has shown just how effective attackers can be at gaining authorized 
access to corporate resources.  One of the best ways to protect against this 
is to lock down application access, not just user access."

Analysts are in agreement that phishing attacks will increase to an 
unprecedented level in 2008, especially targeted attacks made possible from 
social networking sites. As a result, Guardian Digital forecasts the new year 
will mark renewed buzz on the advantages of 'least privilege' in platform and 
application development.

Least privilege is the concept of giving access to applications based only on 
what is required for them to work, and no more.  Pursuing this strategy can 
provide a tremendous benefit for security.  Since application access is 
minimized, corporate resources remain much more secure, something that can be 
difficult when the platform and applications come from different vendors.

"The increased effectiveness of social engineering will propel least privilege
 back into the spotlight this year," Wreski continues.  "The buzz on network 
security will decrease as there is an increased focus on solutions that combine 
platform and application development to reduce the risk of successful phishing 
attacks."

One example is the danger from web services.  Without least privilege engineering,
 a tricked employee could allow an attacker to run an exploit on an Apache web 
server through a browser.  Robust development driven by 'least privilege' can 
restrict this from within the application architecture, not just based on the 
privilege of the exploited user.  If done properly, the web application can be 
engineered to explicitly run only the processes necessary, and will "jail" the 
attackers exploit, stopping it dead. This requires experienced engineering that 
comes from developing both the operating platform and the applications, and 
integrating security into both.  "Vendors that develop both," says Wreski "will 
be in a better position to successfully integrate least privilege into the 
corporate environment.  We are proud to have emphasized this strategy with EnGarde
 Secure Linux since our founding in 1999 and will look to take advantage of the 
increased focus as the year progresses."

About Guardian Digital:
Leveraging the inherent benefits of open source architecture and the knowledge of 
security experts around the world, Guardian Digital has engineered the first, truly 
secure open source operating platform EnGarde Secure Linux. The secure Internet 
infrastructure of the award-winning EnGarde platform and its accompanying suite of 
applications guarantee online information assets remain protected even as Internet 
threats continue to evolve. Customized to meet the specific needs of any size
enterprise, Guardian Digital's solution portfolio includes intrusion detection, Web 
services, secure remote access, information privacy and robust Email spam and 
virus protection.
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds