JUST RELEASED: ATT&CK for Industrial Control Systems

Limit Access to Resource Over Network

Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.

ID: M1035
Version: 1.0
Created: 11 June 2019
Last Modified: 11 June 2019

Techniques Addressed by Mitigation

Domain ID Name Description
Enterprise T1015 Accessibility Features

If possible, use a Remote Desktop Gateway to manage connections and security configuration of RDP within a network.[1]

Enterprise T1133 External Remote Services

Limit access to remote services through centrally managed concentrators such as VPNs and other managed remote access systems.

Enterprise T1200 Hardware Additions

Establish network access control policies, such as using device certificates and the 802.1x standard. Restrict use of DHCP to registered devices to prevent unregistered devices from communicating with trusted systems.[2]

Enterprise T1076 Remote Desktop Protocol

Use remote desktop gateways.

Enterprise T1051 Shared Webroot

Disallow remote access to the webroot or other directories used to serve Web content.

References