Privileged Logins (Wiki)

The content of the Security Analogies wiki is now available here, under the GNU Free Documentation License 1.2.

Imagine a hotel with those new-fangled magnetic card key systems.

Non-guests have access only to public spaces. They cannot enter through staff-only doors nor into guest areas such as sports facilities, and they do not have access to the bedrooms.

Guests have access to their own rooms, and public facilities.

Restaurant staff have access to food facility staff-only areas.

Cleaners cards allow access to more areas.

Managers can access anywhere.

Only the managers and book keepers have access to the accounts room where cash is stored.

Only the managers have access to the hotel safe.

It would be bad practise to let anyone walk in off the street and access all areas; the manager must keep his "access all areas card safe". A hotel staff member would be unwise to loan their card to anyone else as if a theft occurred, that person would be responsible.

Similarly with computer logins, it is important that programs run only with the privileges required to do their functions effectively, and that the "Administrator" or "root" super-user login (the access-all-areas user) is only used when necessary.

WebSanity Top Secret