Property:Has mitigation description

From attackics
Jump to navigation Jump to search

This is a property of type Text.

Showing 20 pages using this property.
A
Restrict configurations changes and firmware updating abilities to only authorized individuals.  +
Authenticate connections from software and devices to prevent unauthorized systems from accessing protected management functions.  +
Protocols used for device management should authenticate all network messages to prevent unauthorized system changes.  +
Segment operational network and systems to restrict access to critical system functions to predetermined management systems.[[CiteRef::Guidance - DHS Defense in Depth - 201609]]  +
Filter for protocols and payloads associated with firmware activation or updating activity.  +
Devices that allow remote management of firmware should require authentication before allowing any changes. The authentication mechanisms should also support <span class="smw-format list-format "><span class="smw-row"><span class="smw-field"><span class="smw-value">[[Mitigation/M0936]]</span></span></span></span>, <span class="smw-format list-format "><span class="smw-row"><span class="smw-field"><span class="smw-value">[[Mitigation/M0927]]</span></span></span></span>, and <span class="smw-format list-format "><span class="smw-row"><span class="smw-field"><span class="smw-value">[[Mitigation/M0918]]</span></span></span></span>  +
Use host-based allowlists to prevent devices from accepting connections from unauthorized systems. For example, allowlists can be used to ensure devices can only connect with master stations or known management/engineering workstations.[[CiteRef::Guidance - DHS Defense in Depth - 201609]]  +
All devices or systems changes, including all administrative functions, should require authentication. Consider using access management technologies to enforce authorization on all management interface access attempts, especially when the device does not inherently provide strong authentication and authorization functions.  +
Utilize network allowlists to restrict unnecessary connections to network devices (e.g., comm servers, serial to ethernet converters) and services, especially in cases when devices have limits on the number of simultaneous sessions they support.  +
Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.  +
Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment.[[CiteRef::Guidance - NIST SP800-41]][[CiteRef::Guidance - NIST SP800-82]][[CiteRef::Guidance - DHS Defense in Depth - 201609]][[CiteRef::mitigation - SANS whitelisting]]  +
Provide an alternative method for alarms to be reported in the event of a communication failure.  +
Utilize network allowlists to restrict unnecessary connections to network devices (e.g., comm servers, serial to ethernet converters) and services, especially in cases when devices have limits on the number of simultaneous sessions they support.  +
Prevent unauthorized systems from accessing control servers or field devices containing industrial information, especially services used for common automation protocols (e.g., DNP3, OPC).  +
B
Utilize network allowlists to restrict unnecessary connections to network devices (e.g., comm servers, serial to ethernet converters) and services, especially in cases when devices have limits on the number of simultaneous sessions they support.  +
Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.  +
Provide an alternative method for sending critical commands message to outstations, this could include using radio/cell communication to send messages to a field technician that physically performs the control function.  +
Utilize network allowlists to restrict unnecessary connections to network devices (e.g., comm servers, serial to ethernet converters) and services, especially in cases when devices have limits on the number of simultaneous sessions they support.  +
Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.  +
Provide an alternative method for sending critical report messages to operators, this could include using radio/cell communication to obtain messages from field technicians that can locally obtain telemetry and status data.  +