Limit Software Installation
Techniques Addressed by Mitigation |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | T1547.013 | Boot or Logon Autostart Execution: XDG Autostart Entries |
Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
Enterprise | T1176 | Browser Extensions |
Only install browser extensions from trusted sources that can be verified. Browser extensions for some browsers can be controlled through Group Policy. Change settings to prevent the browser from installing extensions without sufficient permissions. |
|
Enterprise | T1059 | Command and Scripting Interpreter |
Prevent user installation of unrequired command and scripting interpreters. |
|
T1059.006 | Python |
Prevent users from installing Python where not required. |
||
T1059.011 | Lua |
Prevent users from installing Lua where not required. |
||
Enterprise | T1543 | Create or Modify System Process |
Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
|
T1543.002 | Systemd Service |
Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
||
Enterprise | T1564 | Hide Artifacts |
Restrict the installation of software that may be abused to create hidden desktops, such as hVNC, to user groups that require it. |
|
T1564.003 | Hidden Window |
Restrict the installation of software that may be abused to create hidden desktops, such as hVNC, to user groups that require it. |
||
Enterprise | T1021 | T1021.005 | Remote Services: VNC |
Restrict software installation to user groups that require it. A VNC server must be manually installed by the user or adversary. |
Enterprise | T1072 | Software Deployment Tools |
Restrict the use of third-party software suites installed within an enterprise network. |
|
Enterprise | T1195 | Supply Chain Compromise |
Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.(Citation: Cider Security Top 10 CICD Security Risks) |
|
T1195.001 | Compromise Software Dependencies and Development Tools |
Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.(Citation: Cider Security Top 10 CICD Security Risks) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.