Privilege escalation

Privilege escalation is the escalation of a User's privilege beyond authorized information access. Additionally, this security feature allows a system administrator to restrict a user to the information such user need to perform his/her duty. However, there are some instances when a gap in the system allow such user to escalate privileges to access the information they are not privileged to access. Although, escalating privilege might seem like it is not a big deal, imagine working in a Bank and a cashier can escalate privileges to that of a manager to carry out nefarious activities. This is just an example of privilege escalation; other more technical examples are found on the SANS website blogspace.

            One scary thought for users is the knowledge that your device system protection software (e.g. antivirus software) can be used as a platform by attackers to escalate privileges when such software has a coding error that can be exploited. However, in some instances privileges escalated when the need arises. For instance, a temporarily elevated right maybe granted to administrators or other unprivileged users. An example of such rights is the Firecall-ID process"(Johnson, R.,2015). The Firecall-ID allow an unprivileged users access to information for the duration of the task, after which such ticket and access are closed and the user can no longer have access to such privilege level. To prevent privilege escalation, information security analysis deploys countermeasures to mitigate or eradicate such gap by granting the least privilege i.e. the amount of privilege required to carry out a job function.

Reference

Johnson, R., (2015). Security policies and Implementation Issues (2nd ed). Burlington, MA: Jones & Bartlett Learning. ISBN: 978-1-284-05599-3

SANS (n. d). Symantec Endpoint Protection Privilege Escalation Zero Day. Retrieved from: https://isc.sans.edu/forums/diary/Symantec+Endpoint+Protection+Privilege+Escalation+Zero+Day/18459