Email Elevation of Privilege (Part 6): STRIDEing through Email Threats
This is part six is a series of articles looking at the STRIDE Threat Model to identify and mitigate the threats risks posed to Email security.
In this article we look at Elevation of Privilege. If you missed Part 5, you can find the article here
Elevation of Privilege (the Threat)
Elevation of Privilege also known as Privilege Escalation, is a type of attack that results in authorisation of permissions beyond those initially granted, intended or entitled for a user. For example, “read only” permissions are elevated to include "read and write” permissions.
Authorisation (the Property)
Authorisation is the process of giving a user permission to access a specific resource or function. This term is often used interchangeably with access control or privilege.
Authorisation follows Authentication. Users should first prove that their identities are genuine before granting them access to requested resources.
Countermeasures - Technical Controls
Ensure Identity Management, including the provisioning and de-provisioning of identities and accounts is managed to ensure there are no "orphaned" or "ghost" accounts that could potentially be hijacked.
Work on the principle of Least Privilege and remove administrative rights and permissions from users wherever possible.
Utilise a Password Management solution that can support "strong" passwords.
Implement Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA) wherever possible (even for non-administrative accounts).
Countermeasures - Administrative Controls
Access Control - ensure mechanisms and policies are defined and in place around roles and privileges.
Monitoring and Auditing - reviewing audit logs and monitoring for signs that Email accounts may have been compromised is a useful detective control.
If you would like more information or would like StarSwift Information Security to support you with the implementation of Email Security, please do not hesitate to get in touch.
Please contact us for more information.