{"description": "Enterprise techniques mitigated by Network Segmentation, ATT&CK mitigation M1030 (v1.2)", "name": "Network Segmentation (M1030)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1098", "comment": "Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1098.001", "comment": "Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1557", "comment": "Network segmentation can be used to isolate infrastructure components that do not require broad network access. This may mitigate, or at least alleviate, the scope of AiTM activity.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1557.001", "comment": "Network segmentation can be used to isolate infrastructure components that do not require broad network access. This may mitigate, or at least alleviate, the scope of AiTM activity.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1612", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1613", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1136", "comment": "Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1136.002", "comment": "Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1136.003", "comment": "Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1602", "comment": "Segregate SNMP traffic on a separate management network.(Citation: US-CERT TA17-156A SNMP Abuse 2017)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1602.001", "comment": "Segregate SNMP traffic on a separate management network.(Citation: US-CERT TA17-156A SNMP Abuse 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1602.002", "comment": "Segregate SNMP traffic on a separate management network.(Citation: US-CERT TA17-156A SNMP Abuse 2017) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1565", "comment": "Identify critical business and system processes that may be targeted by adversaries and work to isolate and secure those systems against unauthorized access and tampering.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1565.003", "comment": "Identify critical business and system processes that may be targeted by adversaries and work to isolate and secure those systems against unauthorized access and tampering.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1610", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1482", "comment": "Employ network segmentation for sensitive domains.(Citation: Harmj0y Domain Trusts).", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1048", "comment": "Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.(Citation: TechNet Firewall Design)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1048.001", "comment": "Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.(Citation: TechNet Firewall Design)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1048.002", "comment": "Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.(Citation: TechNet Firewall Design)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1048.003", "comment": "Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.(Citation: TechNet Firewall Design)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1190", "comment": "Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1210", "comment": "Segment networks and systems appropriately to reduce access to critical systems and services to controlled methods.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1133", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1046", "comment": "Ensure proper network segmentation is followed to protect critical servers and devices.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1040", "comment": "Deny direct access of broadcasts and multicast sniffing, and prevent attacks such as [Name Resolution Poisoning and SMB Relay](https://attack.mitre.org/techniques/T1557/001)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1095", "comment": "Properly configure firewalls and proxies to limit outgoing traffic to only necessary ports and through proper network gateway systems. Also ensure hosts are only provisioned to communicate over authorized interfaces.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1571", "comment": "Properly configure firewalls and proxies to limit outgoing traffic to only necessary ports for that particular network segment.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1563", "comment": "Enable firewall rules to block unnecessary traffic between network security zones within a network.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1563.002", "comment": "Enable firewall rules to block RDP traffic between network security zones within a network.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1021", "showSubtechniques": true}, {"techniqueID": "T1021.001", "comment": "Do not leave RDP accessible from the internet. Enable firewall rules to block RDP traffic between network security zones within a network.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1021.003", "comment": "Enable Windows firewall, which prevents DCOM instantiation by default.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1021.006", "comment": "If the service is necessary, lock down critical enclaves with separate WinRM infrastructure and follow WinRM best practices on use of host firewalls to restrict WinRM access to allow communication only to/from specific devices.(Citation: NSA Spotting)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1489", "comment": "Operate intrusion detection, analysis, and response systems on a separate network from the production environment to lessen the chances that an adversary can see and interfere with critical response functions.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1072", "comment": "Ensure proper system isolation for critical network systems through use of firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1199", "comment": "Network segmentation can be used to isolate infrastructure components that do not require broad network access.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1552", "showSubtechniques": true}, {"techniqueID": "T1552.007", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1669", "comment": "Network segmentation can be used to isolate infrastructure components that do not require broad network access. Separate networking environments for Wi-Fi and Ethernet-wired networks, particularly where Ethernet-based networks allow for access to sensitive resources.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Network Segmentation", "color": "#66b1ff"}]}