Security for Beginners
by Sergey Okinchuk
Firewalls and FilteringPatching: Why Updates Are Security
Topic 35

Least Privilege and Segmentation

Concept

No defense stops every attacker, so a sensible question is: when someone does get in, how far can they go? That single question has two answers, and they are the subject of this topic. Both share one goal — keep the damage small.

The first is least privilege: give every person and every program only the access they actually need to do their job, and nothing more. The second is segmentation: divide a system into separated sections so a break-in in one part can't simply reach the rest.

Picture a ship built with watertight compartments, where each crew member's key opens only their own area. A leak floods one compartment instead of sinking the ship; a thief who steals one key reaches one room, not the whole vessel. Least privilege is the limited key; segmentation is the sealed compartments. From here we'll use the real terms.

Same break-in, two different outcomes
Flat and over-permissioned
One open space, accounts that can touch everything. A single foothold reaches every file and system — the breach spreads.
Segmented and least-privilege
Separated zones, accounts limited to their own job. A foothold is stuck in one section — the breach is contained.

What Is Least Privilege?

Least privilege means handing out the minimum access required for a task, and no more. The person who processes refunds can issue refunds — but can't read the payroll, can't change other people's passwords, can't shut down a server. Each account is scoped to its actual job.

The reason this matters becomes clear the moment an account is stolen. An attacker who takes over an account inherits exactly what that account could do. If the account could only issue refunds, that is the whole ceiling of the damage. The less an account can do, the less harm it can cause when it falls into the wrong hands.

So least privilege is not a judgment about whether people are trustworthy. It is a way to make the worst case smaller. Even a perfectly honest employee's account can be phished or guessed, and a tightly scoped account simply has less to give away.

Why Is Too Much Access Dangerous?

The opposite of least privilege is the over-permissioned account — one that can do far more than its owner ever needs. It feels harmless, and often it is convenient: one account that can reach everything saves a few setup steps.

The problem is that all of that reach transfers to an attacker the instant the account is compromised. An admin account that touches every system is a master key, and a stolen master key is a catastrophe. The same theft against a tightly scoped account is a minor incident.

This is also the heart of the escalation stage of an attack, which we met earlier. Attackers who land on a low-access account go hunting for a higher-access one, because more permissions mean more power. Every account that holds more access than it needs is a prize waiting to be claimed.

What Is Segmentation?

Segmentation splits a system into separated zones, so moving from one zone to another is restricted rather than free. Instead of one big open space where everything can talk to everything, you get walls between the parts — and crossing a wall takes a deliberate, controlled step.

A company might keep the machines that handle payments in their own sealed zone, apart from the ordinary office computers. Someone who breaks into a laptop in the office zone lands in that zone — and finds a wall, not an open path, between them and the payment systems.

Without segmentation, a single foothold sits inside everything at once. This shape is sometimes called a flat network: once you're in, you can reach it all. Segmentation is what turns one wide-open space into a set of separated rooms.

How They Contain a Breach

Put the two together and a break-in changes character. Least privilege means the account the attacker grabbed can't do much; segmentation means the zone they landed in can't reach much. A foothold becomes a dead end instead of a master key.

This is blast-radius thinking — assuming a breach will happen and deciding in advance how far the explosion can travel. You don't stop the attacker getting in; you make sure that getting in one place doesn't mean getting in everywhere.

It also buys defenders something else: time and noise. An attacker who has to break through a wall or hunt for a stronger account is doing extra work, and that extra work is the kind of unusual activity that can be noticed and stopped before it spreads.

Common Confusions
  • "Least privilege is about not trusting employees." It is about limiting damage from any compromise. Even a trusted person's account can be stolen, and a low-access account simply can't do as much harm when it is.
  • "If someone gets in, they automatically have everything." Not with segmentation and least privilege. A foothold is confined to one zone and one scoped account; reaching more takes extra, often detectable effort.
  • "More access makes work easier, so it's better." The convenience is small and the risk is large. Every extra permission is something an attacker inherits if that account is compromised.
  • "Segmentation and least privilege are the same thing." They work together but aim at different things: least privilege limits what an account can do; segmentation limits where a zone can reach.
Why It Matters
  • The same break-in can be a minor incident or a disaster, and which one it becomes depends largely on how tightly access was scoped beforehand.
  • Together these two defenses directly counter the escalation and movement stage of an attack — the part where a small foothold tries to become full control.
  • Blast-radius thinking shifts the goal from "never get breached" to "make a breach survivable," which is the realistic stance once you accept attackers sometimes get in.

Knowledge Check

What does the principle of least privilege say about access?

  • Give each account only the access its job requires
  • Give every account broad access so work is never blocked
  • Remove access from anyone who might be untrustworthy
  • Make everyone change their password very frequently

Why is an over-permissioned account a security risk?

  • If it is stolen, the attacker inherits all of its extra access
  • Accounts with more access are harder for attackers to break into
  • Extra permissions make the account run more slowly over time
  • Each permission takes up extra storage on the server

How does segmentation help when an attacker gets a foothold?

  • It keeps a break-in inside one zone, not the whole system
  • It guarantees no attacker can ever get in at all
  • It connects every part so any zone can reach any other freely
  • It restores lost data from a separate safe copy

You got correct