Information technology security, commonly referred to as cybersecurity, refers to the practice of protecting computer and electronic systems, networks, programs, and devices from malicious attack, theft, damage, and even unauthorized access. allowed. In recent times, the increased reliance of individuals, businesses and even government organizations on computer and electronic systems in various ramifications of life has made cyber security very important.
Most of these systems contain sensitive information such as financial data, account information, personal information, etc. All this valuable data and information must be kept safe and accessible only to authorized personnel, which could prove to be very harmful, hence the advent of cybersecurity.
One of the main complexities of cybersecurity is that threats are constantly changing, so continuous monitoring and real-time assessments, which are adaptive approaches to cybersecurity, are advised. Cybersecurity can be categorized into several categories, some of which are:
- Application Security: This aims to protect the software from threats and unauthorized access to the information it contains.
- Internet Security: This covers the practices adopted for the protection of computer networks and resources accessible by the network.
- Endpoint security: This involves protecting the corporate network from breaches via remote devices such as mobile phones and laptops.
- Identity management: This involves identifying and selecting individuals or groups to have authorized access to systems, networks and information by issuing user rights and restrictions
- Database and infrastructure security
- Disaster Recovery/Business Continuity Planning
- Cloud Security
- End user training
There are many vulnerabilities, which are weaknesses in the operation, internal control, design, or implementation of a system that can be exploited by cyberattacks. However, there is one of particular interest that is becoming a growing threat day by day, and that is called privilege escalation.
Recommended: The mystery behind security audits
Escalation of privileges
Privilege escalation refers to a situation where a flaw in a network or program is exploited to gain privileges or access resources or information that would otherwise not be available to that user. This obtained privilege allows the user to perform unauthorized actions not intended by the developer or administrator. Most computer programs are designed with multi-user account properties, and each user has a permission level assigned to them, which limits the capabilities of their account. Privilege escalation occurs when a user exceeds their permission level to one to which they are not entitled, thus giving them capabilities that they should not possess. There are two types of privilege escalation, namely
- Horizontal climbing: Occurs when a user of a certain permission level accesses functions or content reserved for another user of that same permission level
- Vertical climbing: this occurs when a user accesses content or functions reserved for users with a higher level of authorization.
Mitigation of privilege escalation
There are several ways to prevent privilege escalation. Some of them include:
- Minimize system vulnerabilities that can be exploited in a web attack.
- Managing privileged sessions: Action to monitor, control and record sessions by privileged accounts with advanced permissions.
- Tamper-proof cookies: this involves sending digital signature data. When the data sent is received back, the digital signature is recalculated and any changes indicate that the data has been tampered with.
- Data encryption.
This is a guest contributor post.