Limit Access to Resource Over Network
Techniques Addressed by Mitigation |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1557 | Adversary-in-the-Middle |
Limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce AiTM conditions. |
|
| T1557.002 | ARP Cache Poisoning |
Create static ARP entries for networked devices. Implementing static ARP entries may be infeasible for large networks. |
||
| Enterprise | T1612 | Build Image on Host |
Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API on port 2375. Instead, communicate with the Docker API over TLS on port 2376.(Citation: Docker Daemon Socket Protect) |
|
| Enterprise | T1609 | Container Administration Command |
Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API and Kubernetes API Server.(Citation: Docker Daemon Socket Protect)(Citation: Kubernetes API Control Access) |
|
| Enterprise | T1613 | Container and Resource Discovery |
Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API and Kubernetes API Server.(Citation: Docker Daemon Socket Protect)(Citation: Kubernetes API Control Access) |
|
| Enterprise | T1610 | Deploy Container |
Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API, Kubernetes API Server, and container orchestration web applications.(Citation: Docker Daemon Socket Protect)(Citation: Kubernetes API Control Access) |
|
| Enterprise | T1546 | T1546.008 | Event Triggered Execution: Accessibility Features |
If possible, use a Remote Desktop Gateway to manage connections and security configuration of RDP within a network.(Citation: TechNet RDP Gateway) |
| Enterprise | T1133 | External Remote Services |
Limit access to remote services through centrally managed concentrators such as VPNs and other managed remote access systems. |
|
| Enterprise | T1200 | Hardware Additions |
Establish network access control policies, such as using device certificates and the 802.1x standard. (Citation: Wikipedia 802.1x) Restrict use of DHCP to registered devices to prevent unregistered devices from communicating with trusted systems. |
|
| Enterprise | T1542 | T1542.005 | Pre-OS Boot: TFTP Boot |
Restrict use of protocols without encryption or authentication mechanisms. Limit access to administrative and management interfaces from untrusted network sources. |
| Enterprise | T1563 | T1563.002 | Remote Service Session Hijacking: RDP Hijacking |
Use remote desktop gateways. |
| Enterprise | T1021 | T1021.001 | Remote Services: Remote Desktop Protocol |
Use remote desktop gateways. |
| T1021.002 | SMB/Windows Admin Shares |
Consider disabling Windows administrative shares. |
||
| Enterprise | T1552 | T1552.007 | Unsecured Credentials: Container API |
Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API and Kubernetes API Server.(Citation: Docker Daemon Socket Protect)(Citation: Kubernetes API Control Access) |
References
- Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.
- The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.
- Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.
- Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.