Limit Access to Resource Over Network

Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.

ID: M1035
Version: 1.0
Created: 11 June 2019
Last Modified: 09 June 2020

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1546 .008 Event Triggered Execution: Accessibility Features

If possible, use a Remote Desktop Gateway to manage connections and security configuration of RDP within a network.[1]

Enterprise T1133 External Remote Services

Limit access to remote services through centrally managed concentrators such as VPNs and other managed remote access systems.

Enterprise T1200 Hardware Additions

Establish network access control policies, such as using device certificates and the 802.1x standard. [2] Restrict use of DHCP to registered devices to prevent unregistered devices from communicating with trusted systems.

Enterprise T1557 Man-in-the-Middle

Limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce MiTM conditions.

.002 ARP Cache Poisoning

Create static ARP entries for networked devices. Implementing static ARP entries may be infeasible for large networks.

Enterprise T1542 .005 Pre-OS Boot: TFTP Boot

Restrict use of protocols without encryption or authentication mechanisms. Limit access to administrative and management interfaces from untrusted network sources.

Enterprise T1563 .002 Remote Service Session Hijacking: RDP Hijacking

Use remote desktop gateways.

Enterprise T1021 .001 Remote Services: Remote Desktop Protocol

Use remote desktop gateways.

.002 Remote Services: SMB/Windows Admin Shares

Consider disabling Windows administrative shares.

References