Information technology security, popularly known as cybersecurity, refers to the practice of protecting computer and electronic systems, networks, programs, and devices from malicious attacks, theft, damage, and even unauthorized access. In recent times, the increased dependence of individuals, companies, and even government organizations on the computer and electronic systems in various ramifications of life has made cybersecurity very important.
Most of these systems contain sensitive information such as financial data, account information, personal information, and so on. All of this valuable data and information have to be kept safe with access only by authorized personnel, failure of which could prove very detrimental, hence the advent of cybersecurity.
One major complexity of cybersecurity is that the threats are always evolving, therefore continuous monitoring and real-time assessments, which are adaptive approaches to cybersecurity, are advised. Cybersecurity can be classified into several categories, a few of these categories include:
- Application security: This aims at protecting software programs from threats and unauthorized access to the information contained therein
- Network security: This focuses on practices adopted for the protection of computer networks and network-accessible resources
- Endpoint security: This entails protecting the corporate network from being breached via remote devices such as mobile phones and laptops
- Identity management: This involves identifying and selecting individuals or groups to have authorized access to systems, networks, and information by issuing user rights and restrictions
- Database and infrastructure security
- Disaster recovery/business continuity planning
- Cloud security
- End-user education
There are numerous vulnerabilities, which are weaknesses in operation, internal control, design, or implementation of a system that can be exploited by cyber-attacks. However, there is one of particular interest which is becoming a growing menace by the day, and it is called privilege escalation.
Recommended: The Hidden Mystery Behind Security Audits
Privilege escalation refers to a situation whereby a flaw in a network or program is exploited to gain privileges or access to resources or information that would otherwise not be available to that user. This privilege gained allows the user to perform unauthorized actions not intended by the developer or administrator. Most computer programs are designed with multi-user account properties, and each user has an authorization level designated to him, which limits the abilities of his account. Privilege escalation occurs when a user transcends his authorization level to that which he is not entitled to, thus giving him abilities he should not possess. There are two types of privilege escalation namely
- Horizontal escalation: Occurs when a user on a certain level of authorization accesses functions or content reserved for another user on that same level of authorization
- Vertical escalation: this occurs when a user gains access to content or functions reserved for users with a higher level of authorization.
Mitigating privilege escalation
There are various ways to prevent privilege escalation. Some of them include:
- Minimizing vulnerabilities in systems that may be exploited during a web attack.
- Privileged session management: The act of monitoring, controlling and recording sessions by privileged accounts that have enhanced permissions.
- Tamper-proofing cookies: This entails digitally signing data being sent out. When the data sent out is received back, the digital signature is recalculated, and any change indicates that the data has been tampered with.
- Data encryption.
This is a guest contributor post.