Least privilege, configuration enforcement, decommissioning

2.3 Mitigation techniques

📘CompTIA Security+ SY0-701

In cybersecurity, mitigation techniques are methods used to reduce or eliminate risks to systems, networks, and data. These techniques help prevent security incidents and minimize damage if an attack occurs.

This section explains three important mitigation techniques you must understand for the Security+ exam:

  1. Least Privilege
  2. Configuration Enforcement
  3. Decommissioning

Let’s go through each one clearly and in detail.

1. Least Privilege

Definition:

The principle of least privilege (PoLP) means giving a user, system, or application only the minimum level of access or permissions necessary to perform its tasks — nothing more.

Why it’s important:

  • Reduces the attack surface (fewer opportunities for attackers).
  • Prevents users or software from making accidental or unauthorized changes.
  • Limits the damage caused if an account or system is compromised.

In an IT environment:

  • A network administrator may have full access to network devices, but a help desk technician only has access to reset passwords — not to modify firewall rules.
  • An application that needs to read data from a database should not have permission to delete or modify that data.
  • A user should not have administrative rights on their workstation unless necessary.

Techniques to implement least privilege:

  • Role-Based Access Control (RBAC): Assign permissions based on job roles (e.g., HR staff can access HR data only).
  • Just-in-Time (JIT) Access: Provide elevated privileges only for a short time when needed.
  • User Account Control (UAC): Prompt for admin credentials before performing system-level tasks.
  • Auditing and Monitoring: Regularly review who has access to what, and remove unnecessary privileges.

Benefits:

  • Reduces insider threats.
  • Limits lateral movement by attackers.
  • Helps ensure compliance with security regulations and policies.

2. Configuration Enforcement

Definition:

Configuration enforcement means making sure all systems, devices, and applications follow the approved security configurations and settings.
It ensures that every system operates securely and consistently according to organizational standards.

Why it’s important:

If configurations are not enforced, users or administrators might make unauthorized changes that weaken security — for example, disabling firewalls or using weak encryption.

In an IT environment:

  • A company sets a baseline configuration for all laptops — including encryption, antivirus, and password policies.
    Configuration enforcement ensures that users cannot change these settings.
  • Network devices like routers and firewalls are configured according to secure templates to prevent open ports or insecure services.
  • Cloud environments often use configuration templates or automation tools to ensure every new virtual machine follows security rules.

Methods to enforce configurations:

  • Group Policy Objects (GPOs): In Windows environments, GPOs automatically apply specific configurations (e.g., password length, screensaver lock).
  • Configuration Management Tools: Tools like Ansible, Puppet, or Chef ensure systems are deployed and maintained according to secure configurations.
  • Mobile Device Management (MDM): Enforces policies like encryption, PIN codes, and app restrictions on smartphones and tablets.
  • Continuous Monitoring: Automated tools regularly check for deviations from the baseline and report non-compliant devices.

Configuration enforcement best practices:

  • Create and document secure baselines.
  • Automate enforcement using scripts or management tools.
  • Audit and remediate systems that fall out of compliance.
  • Use version control for configuration files to track changes.

Benefits:

  • Maintains consistent security across all systems.
  • Prevents human error or unauthorized changes.
  • Makes it easier to detect unusual or risky configurations.

3. Decommissioning

Definition:

Decommissioning is the secure process of retiring or removing hardware, software, or data that is no longer needed.
It ensures that no sensitive information or access paths remain when systems are no longer in use.

Why it’s important:

If decommissioned systems are not handled properly, attackers can recover sensitive data or use old access methods to enter the network.

In an IT environment:

  • When a server is replaced, its storage drives must be securely wiped or destroyed before disposal.
  • When a user leaves the company, their accounts must be disabled or deleted immediately to prevent unauthorized access.
  • When applications are retired, any integrations or API keys should also be removed from production systems.

Steps in secure decommissioning:

  1. Plan and identify assets
    • List all systems, applications, or accounts to be decommissioned.
    • Identify dependencies (e.g., other systems that rely on it).
  2. Backup important data
    • Retain required data for legal, compliance, or business reasons.
  3. Remove access and disable accounts
    • Revoke credentials, API keys, or certificates associated with the system.
  4. Wipe or destroy storage media
    • Use secure data wiping tools or physical destruction to ensure data is unrecoverable.
  5. Update documentation and asset inventory
    • Mark the system as decommissioned in asset management records.
  6. Audit and verify
    • Confirm that all steps were completed and no residual data or access remains.

Best practices:

  • Follow data sanitization standards like NIST SP 800-88.
  • Maintain records of destruction for compliance audits.
  • Ensure third-party services are decommissioned securely as well (e.g., cloud accounts).
  • Periodically review retired systems to verify they’re fully disconnected.

Benefits:

  • Prevents data leaks from old systems.
  • Reduces attack surface by removing unused systems.
  • Helps maintain compliance with privacy and security laws.

Summary Table

ConceptDefinitionKey Tools/TechniquesPurpose
Least PrivilegeGive users and systems only the access they needRBAC, JIT access, auditingMinimize misuse or damage from excess permissions
Configuration EnforcementEnsure systems follow approved settings and policiesGPOs, MDM, config management toolsMaintain consistent and secure configurations
DecommissioningSecurely retire or remove old systems, accounts, or dataData wiping, disabling accounts, auditsPrevent data recovery and reduce attack surface

Exam Tips (CompTIA Security+ SY0-701)

  • Understand the goal of least privilege — minimizing unnecessary access.
  • Know that configuration enforcement keeps systems compliant with security baselines.
  • Remember that decommissioning includes securely wiping data and removing access.
  • Be ready for scenario-based questions like:
    • “Which mitigation technique prevents old servers from leaking data after removal?”Decommissioning
    • “Which concept ensures users have only the permissions needed to do their jobs?”Least Privilege
    • “Which control ensures that all devices follow approved security policies automatically?”Configuration Enforcement

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by