Limit Access to Resource Over Network
Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1546 | .008 | Event Triggered Execution: Accessibility Features |
If possible, use a Remote Desktop Gateway to manage connections and security configuration of RDP within a network.[1] |
| Enterprise | T1133 | External Remote Services |
Limit access to remote services through centrally managed concentrators such as VPNs and other managed remote access systems. |
|
| Enterprise | T1200 | Hardware Additions |
Establish network access control policies, such as using device certificates and the 802.1x standard. [2] Restrict use of DHCP to registered devices to prevent unregistered devices from communicating with trusted systems. |
|
| Enterprise | T1557 | Man-in-the-Middle |
Limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce MiTM conditions. |
|
| .002 | ARP Cache Poisoning |
Create static ARP entries for networked devices. Implementing static ARP entries may be infeasible for large networks. |
||
| Enterprise | T1542 | .005 | Pre-OS Boot: TFTP Boot |
Restrict use of protocols without encryption or authentication mechanisms. Limit access to administrative and management interfaces from untrusted network sources. |
| Enterprise | T1563 | .002 | Remote Service Session Hijacking: RDP Hijacking |
Use remote desktop gateways. |
| Enterprise | T1021 | .001 | Remote Services: Remote Desktop Protocol |
Use remote desktop gateways. |
| .002 | Remote Services: SMB/Windows Admin Shares |
Consider disabling Windows administrative shares. |
||