Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Limit Software Installation

Block users or groups from installing unapproved software.
ID: M1033
Version: 1.0
Created: 11 Jun 2019
Last Modified: 17 Oct 2024

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1547 T1547.013 Boot or Logon Autostart Execution: XDG Autostart Entries

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

Enterprise T1176 Browser Extensions

Only install browser extensions from trusted sources that can be verified. Browser extensions for some browsers can be controlled through Group Policy. Change settings to prevent the browser from installing extensions without sufficient permissions.

Enterprise T1059 Command and Scripting Interpreter

Prevent user installation of unrequired command and scripting interpreters.

T1059.006 Python

Prevent users from installing Python where not required.

T1059.011 Lua

Prevent users from installing Lua where not required.

Enterprise T1543 Create or Modify System Process

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

T1543.002 Systemd Service

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

Enterprise T1564 Hide Artifacts

Restrict the installation of software that may be abused to create hidden desktops, such as hVNC, to user groups that require it.

T1564.003 Hidden Window

Restrict the installation of software that may be abused to create hidden desktops, such as hVNC, to user groups that require it.

Enterprise T1021 T1021.005 Remote Services: VNC

Restrict software installation to user groups that require it. A VNC server must be manually installed by the user or adversary.

Enterprise T1072 Software Deployment Tools

Restrict the use of third-party software suites installed within an enterprise network.

Enterprise T1195 Supply Chain Compromise

Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.(Citation: Cider Security Top 10 CICD Security Risks)

T1195.001 Compromise Software Dependencies and Development Tools

Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.(Citation: Cider Security Top 10 CICD Security Risks)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.