Principle(s) of Least Privilege

Jack Cosens

2 min read
Principle(s) of Least Privilege

This post is going to explore how Tempest (and Path Network, Inc) uses the Principles of Least Privilege to both secure its hardware, but also our network traffic.

What are the "Principles of Least Privilege"?

Cyber Security 101 dictates that "thou who not need access, should not have access".

I.e. rather than assuming everyone (even if that is a person(s) physical access to bare metal resources, or public network access) has positive intentions, assume they don't - Only provide the absolute bare minimum privileges that are needed to complete the task. In the event of abuse or compromise impact on data is significantly smaller and also easier to contain and control.

You see "GDPR" (General Data Protection Regulation) being thrown around as a developer buzz-word, this essentially mandates basic principles of least privilege on a legal baseline.

Its not just a few companies doing this either, in the past few years we have seen significant restrictions placed on data extrusion points on websites, a big example of this is the change Google made to YouTube regarding the subscriber count API back in late 2019.

Tweet made by Social Blade (a popular social media analytics platform) after Google + Team YouTube announced their permanent changes to restrict data being pulled from their API

Yeah, but what do you have to do with this?

Okay, okay... I hear you. You're bored of me nattering on about API's and YouTube so let's get to the interesting networking bit!

Port Punching is a technology used within our network which forces this "principle of least privilege" concept. Our network design allows us to filter each individual packet that enters our network (through any of our 18+ PoPs) and if it doesn't match a specific rule set laid out in our clients firewall rules (or filtering rules) then it's dropped on the edge.

This means when you get a brand new machine from Tempest, you wont be able to connect to it at all until you specifically allow it.

This comes with massive benefits, it is a super simple way to enforce network security for all of our customers.

Depending on the operating system(s) you run you could have exposed ports that you're not even aware of. And in worse case scenarios in the case where your machine may be compromised, by limiting network connectivity on the edge you make it particularly difficult for Client -> Server backdoor exploits to be as effective. Both of these are vectors of attack that you simply don't have on our network.

If you block all incoming traffic, do I need to make rules to surf the web?

You see, this is where it gets really clever! Ever wondered why it's called Port Punching? Well its fairly self-explanatory...

Our firewall allows incoming connections conditional of an outgoing request being made first.

This technology is built into our network stack to provide a seamless and secure experience for all of our customers.