Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|---|
just-in-time_vm_access | Just-in-Time VM Access | protect | minimal | T1190 | Exploit Public-Facing Application |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at exploitation of a public-facing application unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured. The score is minimal, since this control only applies to specific applications requiring credentialed access, as opposed to a public webserver
References
|
just-in-time_vm_access | Just-in-Time VM Access | protect | significant | T1133 | External Remote Services |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at utilizing external remote services, such as RDP or a VPN, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.
References
|
just-in-time_vm_access | Just-in-Time VM Access | protect | significant | T1110 | Brute Force |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.
References
|
just-in-time_vm_access | Just-in-Time VM Access | protect | significant | T1110.003 | Password Spraying |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.
References
|
just-in-time_vm_access | Just-in-Time VM Access | protect | significant | T1110.001 | Password Guessing |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.
References
|
just-in-time_vm_access | Just-in-Time VM Access | protect | significant | T1110.004 | Credential Stuffing |
Comments
This control can be configured to completely block inbound access to selected ports until access is requested. This prevents any attempt at brute forcing a protocol, such as RDP or SSH, unless the attacker has the credentials and permissions to request such access. Even if permission has been granted to an authorized user to access the virtual machine, a list of authorized IP addresses for that access can be configured.
References
|