Least Privilege
Definition
A synonym for the Principle of Least Privilege (PoLP). This security principle dictates that a user, process, or program should only have the minimum set of permissions (privileges) required to perform its specific, legitimate task, and no more.
Why It Matters
Least privilege is a cornerstone of defensive security design. It drastically limits the potential damage from a security breach. If an attacker compromises an account with limited privileges, their ability to move through a network and access sensitive data is severely restricted.
Contextual Example
A web server's user account should have permissions to read the website files but not to write to them or execute system commands. If the web server is compromised, this principle prevents the attacker from immediately taking full control of the server.
Common Misunderstandings
- Implementing least privilege requires a careful and granular approach to assigning permissions.
- It is a foundational concept for Zero Trust security models.