271 indexed
D3FENDD3FEND defensive techniques
271 MITRE D3FEND defences across 7 tactics (Model, Harden, Detect, Isolate, Deceive, Evict, Restore). Filter to a tactic or browse the full set. Authored by Adam Lundqvist.
55 in Harden · 271 total
| ID | Title | Summary |
|---|---|---|
| D3-AA | Agent Authentication | |
| D3-ACH | Application Configuration Hardening | Modifying an application's configuration to reduce its attack surface. |
| D3-AH | Application Hardening | |
| D3-BA | Bootloader Authentication | Cryptographically authenticating the bootloader software before system boot. |
| D3-BAN | Biometric Authentication | Using biological measures in order to authenticate a user. |
| D3-BMA | Bus Message Authentication | Applies cryptographic primitives to individual bus frames to verify the sender's identity and ensure the integrity of the data payload. |
| D3-CBAN | Certificate-based Authentication | Requiring a digital certificate in order to authenticate a user. |
| D3-CDP | Change Default Password | Changing the default password means replacing the factory-set credentials with a strong, unique password before the device is deployed, preventing unauthorized… |
| D3-CERO | Certificate Rotation | Certificate rotation involves replacing digital certificates and their private keys to maintain cryptographic integrity and trust, mitigating key compromise ri… |
| D3-CFI | Control Flow Integrity | Enforcing legal control flow transfers during application process execution. |
| D3-CH | Credential Hardening | |
| D3-CP | Certificate Pinning | Persisting either a server's X.509 certificate or their public key and comparing that to server's presented identity to allow for greater client confidence in … |
| D3-CRO | Credential Rotation | Credential rotation is a security procedure in which authentication credentials, such as passwords, API keys, or certificates, are regularly changed or replace… |
| D3-CS | Credential Scrubbing | The systematic removal of hard-coded credentials from source code to prevent accidental exposure and unauthorized access. |
| D3-DCE | Dead Code Elimination | Removing unreachable or "dead code" from compiled source code. |
| D3-DENCR | Disk Encryption | Encrypting a hard disk partition to prevent cleartext access to a file system. |
| D3-DLIC | Driver Load Integrity Checking | Ensuring the integrity of drivers loaded during initialization of the operating system. |
| D3-DLV | Domain Logic Validation | Validation of variable state in the context of the domain application. |
| D3-DRA | Disable Remote Access | Limiting access to a computing device which is not required through or from a non-organization-controlled network. |
| D3-EHPV | Exception Handler Pointer Validation | Validates that a referenced exception handler pointer is a valid exception handler. |
| D3-EMH | Electromagnetic Radiation Hardening | The application of physical and material-level design measures to electronic systems, components, or facilities to reduce their susceptibility to damage or dis… |
| D3-FE | File Encryption | Encrypting a file using a cryptographic key. |
| D3-HBWP | Hardware-based Write Protection | Physical methods of preventing data from being written to computer storage. |
| D3-IRV | Integer Range Validation | Ensuring that an integer is within a valid range. |
| D3-MAN | Message Authentication | Authenticating the sender of a message and ensuring message integrity. |
| D3-MBSV | Memory Block Start Validation | Ensuring that a pointer accurately references the beginning of a designated memory block. |
| D3-MENCR | Message Encryption | Encrypting a message body using a cryptographic key. |
| D3-MFA | Multi-factor Authentication | Requiring proof of two or more pieces of evidence in order to authenticate a user. |
| D3-MH | Message Hardening | |
| D3-NPC | Null Pointer Checking | Checking if a pointer is NULL. |
| D3-OLV | Operational Logic Validation | Validation of variable state in the context of the control logic of the operational application. |
| D3-OTP | One-time Password | A one-time password is valid for only one user authentication. |
| D3-PAN | Pointer Authentication | Comparing the cryptographic hash or derivative of a pointer's value to an expected value. |
| D3-PEH | Physical Enclosure Hardening | Physical changes to a computer enclosure which reduce the ability for agents or the environment to affect the contained computer system. |
| D3-PH | Platform Hardening | |
| D3-PR | Password Rotation | Password rotation is a security policy that mandates the periodic change of user account passwords to mitigate the risk of unauthorized access due to compromis… |
| D3-PSEP | Process Segment Execution Prevention | Preventing execution of any address in a memory region other than the code segment. |
| D3-PV | Pointer Validation | Ensuring that a pointer variable has the required properties for use. |
| D3-PWA | Password Authentication | Password authentication is a security mechanism used to verify the identity of a user or entity attempting to access a system or resource by requiring the inpu… |
| D3-RFS | RF Shielding | Adding physical barriers to a platform to prevent undesired radio interference. |
| D3-RH | Radiation Hardening | Radiation hardening is the process of making electronic components and circuits resistant to damage or malfunction caused by high levels of ionizing radiation. |
| D3-RN | Reference Nullification | Invalidating all pointers that reference a specific memory block, ensuring that the block cannot be accessed or modified after deallocation. |
| D3-SAOR | Segment Address Offset Randomization | Randomizing the base (start) address of one or more segments of memory during the initialization of a process. |
| D3-SCH | Source Code Hardening | |
| D3-SCP | System Configuration Permissions | Restricting system configuration modifications to a specific user or group of users. |
| D3-SFCV | Stack Frame Canary Validation | Comparing a value stored in a stack frame with a known good value in order to prevent or detect a memory segment overwrite. |
| D3-SPP | Strong Password Policy | Modifying system configuration to increase password strength. |
| D3-SU | Software Update | Replacing old software on a computer system component. |
| D3-TAAN | Transfer Agent Authentication | Validating that server components of a messaging infrastructure are authorized to send a particular message. |
| D3-TB | Token Binding | Token binding is a security mechanism used to enhance the protection of tokens, such as cookies or OAuth tokens, by binding them to a specific connection. |
| D3-TBA | Token-based Authentication | Token-based authentication is an authentication protocol where users verify their identity in exchange for a unique access token. Users can then access the web… |
| D3-TBI | TPM Boot Integrity | Assuring the integrity of a platform by demonstrating that the boot process starts from a trusted combination of hardware and software and continues until the … |
| D3-TL | Trusted Library | A trusted library is a collection of pre-verified and secure code modules or components that are used within software applications to perform specific function… |
| D3-VI | Variable Initialization | Setting variables to a known value before use. |
| D3-VTV | Variable Type Validation | Ensuring that a variable has the correct type. |