{"description": "Enterprise techniques mitigated by Encrypt Sensitive Information, ATT&CK mitigation M1041 (v1.1)", "name": "Encrypt Sensitive Information (M1041)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1557", "comment": "Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1557.002", "comment": "Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1119", "comment": "Encryption and off-system storage of sensitive information may be one way to mitigate collection of files, but may not stop an adversary from acquiring the information if an intrusion persists over a long period of time and the adversary is able to discover and access the data through other means. Strong passwords should be used on certain encrypted documents that use them to prevent offline cracking through [Brute Force](https://attack.mitre.org/techniques/T1110) techniques.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1020", "showSubtechniques": true}, {"techniqueID": "T1020.001", "comment": "Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1659", "comment": "Where possible, ensure that online traffic is appropriately encrypted through services such as trusted VPNs.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1530", "comment": "Encrypt data stored at rest in cloud storage.(Citation: Amazon S3 Security, 2019)(Citation: Microsoft Azure Storage Security, 2019) Managed encryption keys can be rotated by most providers. At a minimum, ensure an incident response plan to storage breach includes rotating the keys and test for impact on client applications.(Citation: Google Cloud Encryption Key Rotation)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1602", "comment": "Configure SNMPv3 to use the highest level of security (authPriv) available.(Citation: US-CERT TA17-156A SNMP Abuse 2017)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1602.001", "comment": "Configure SNMPv3 to use the highest level of security (authPriv) available.(Citation: US-CERT TA17-156A SNMP Abuse 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1602.002", "comment": "Configure SNMPv3 to use the highest level of security (authPriv) available.(Citation: US-CERT TA17-156A SNMP Abuse 2017) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1213", "comment": "Encrypt data stored at rest in databases. ", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1213.006", "comment": "Encrypt data stored at rest in databases.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1565", "comment": "Consider encrypting important information to reduce an adversary\u2019s ability to perform tailored data modifications.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1565.001", "comment": "Consider encrypting important information to reduce an adversary\u2019s ability to perform tailored data modifications.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1565.002", "comment": "Encrypt all important data flows to reduce the impact of tailored modifications on data in transit.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1114", "comment": "Use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1114.001", "comment": "Use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1114.002", "comment": "Use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1114.003", "comment": "Use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070", "comment": "Obfuscate/encrypt event files locally and in transit to avoid giving feedback to an adversary.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070.001", "comment": "Obfuscate/encrypt event files locally and in transit to avoid giving feedback to an adversary.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070.002", "comment": "Obfuscate/encrypt event files locally and in transit to avoid giving feedback to an adversary.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1040", "comment": "Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1003", "comment": "Ensure Domain Controller backups are properly secured.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1003.003", "comment": "Ensure Domain Controller backups are properly secured.(Citation: Metcalf 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1649", "comment": "Ensure certificates as well as associated private keys are appropriately secured. Consider utilizing additional hardware credential protections such as trusted platform modules (TPM) or hardware security modules (HSM). Enforce HTTPS and enable Extended Protection for\nAuthentication.(Citation: SpecterOps Certified Pre Owned)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1558", "comment": "Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.(Citation: AdSecurity Cracking Kerberos Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1558.002", "comment": "Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.(Citation: AdSecurity Cracking Kerberos Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1558.003", "comment": "Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.(Citation: AdSecurity Cracking Kerberos Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1558.004", "comment": "Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.(Citation: AdSecurity Cracking Kerberos Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1552", "comment": "When possible, store keys on separate cryptographic hardware instead of on the local system. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1552.004", "comment": "When possible, store keys on separate cryptographic hardware instead of on the local system. For example, on Windows systems use a TPM to secure keys and other sensitive credential material.(Citation: Microsoft Primary Refresh Token)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1550", "showSubtechniques": true}, {"techniqueID": "T1550.001", "comment": "File encryption should be enforced across email communications containing sensitive information that may be obtained through access to email services.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1669", "comment": "Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure that web traffic that may contain credentials is protected by SSL/TLS.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Encrypt Sensitive Information", "color": "#66b1ff"}]}