Multi-factor Authentication

From attackics
Revision as of 14:14, 10 April 2021 by Oalexander (talk | contribs) (Oalexander moved page Multi-factor Authentication to Multi-factor Authentication)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Multi-factor Authentication
Mitigation
ID M0932
NIST SP 800-53 Rev. 4 IA-2
IEC 62443-3-3:2013 SR 1.7
IEC 62443-4-2:2019 CR 1.7

Description

Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.

Within industrial control environments assets such as low-level controllers, workstations, and HMIs have real-time operational control and safety requirements which may restrict the use of multi-factor.


Techniques Addressed by Mitigation

NameUse
External Remote ServicesUse strong multi-factor authentication for remote service accounts to mitigate an adversary's ability to leverage stolen credentials. Be aware of multi-factor authentication interception techniques for some implementations.
Network SniffingUse multi-factor authentication wherever possible.
Valid AccountsIntegrating multi-factor authentication (MFA) as part of organizational policy can greatly reduce the risk of an adversary gaining access to valid credentials that may be used for additional tactics such as initial access, lateral movement, and collecting information. MFA can also be used to restrict access to cloud resources and APIs.