Disable or Remove Feature or Program
Jump to navigation
Jump to search
Disable or Remove Feature or Program | |
---|---|
Mitigation | |
ID | M1042 |
NIST SP 800-53 Rev. 4 | CM-7 |
IEC 62443-3-3:2013 | SR 7.7 |
IEC 62443-4-2:2019 | CR 7.7 |
Description
Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.
Techniques Addressed by Mitigation
Name | Use |
---|---|
Command-Line Interface | Consider removing or restricting features that are unnecessary to an asset's intended function within the control environment. |
Commonly Used Port | Ensure that unnecessary ports and services are closed to prevent risk of discovery and potential exploitation. |
Data Historian Compromise | Consider the disabling or removal of features or programs which are not required by that asset's function within the environment. |
Device Restart/Shutdown | Ensure remote commands that enable device shutdown are disabled if they are not necessary. Examples include DNP3's 0x0D function code or unnecessary device management functions. |
Exploitation of Remote Services | Ensure that unnecessary ports and services are closed to prevent risk of discovery and potential exploitation. |
External Remote Services | Consider removal of remote services which are not regularly in use, or only enabling them when required (e.g., vendor remote access). Ensure all external remote access point (e.g., jump boxes, VPN concentrator) are configured with least functionality, especially the removal of unnecessary services.1 |
Man in the Middle | Disable unnecessary legacy network protocols that may be used for MiTM if applicable. |
Network Service Scanning | Ensure that unnecessary ports and services are closed to prevent risk of discovery and potential exploitation. |
Replication Through Removable Media | Consider the disabling of features such as AutoRun. |
Scripting | Consider removal or disabling of programs and features which may be used to run malicious scripts (e.g., scripting language IDEs, PowerShell, visual studio). |