271 indexed
D3FENDD3FEND defensive techniques
271 MITRE D3FEND defences across 7 tactics (Model, Harden, Detect, Isolate, Deceive, Evict, Restore). Filter to a tactic or browse the full set. Authored by Adam Lundqvist.
57 in Isolate · 271 total
| ID | Title | Summary |
|---|---|---|
| D3-ABPI | Application-based Process Isolation | Application code which prevents its own subroutines from accessing intra-process / internal memory space. |
| D3-AMED | Access Mediation | |
| D3-APA | Access Policy Administration | |
| D3-BDI | Broadcast Domain Isolation | Broadcast isolation restricts the number of computers a host can contact on their LAN. |
| D3-CF | Content Filtering | |
| D3-CFC | Content Format Conversion | Content format conversion is mechanical transformation from one format to another which may be normalization or specifically flattening. |
| D3-CM | Content Modification | Modify content that does not comply with policy. |
| D3-CNE | Content Excision | Removing specific, potentially malicious, parts of content |
| D3-CNR | Content Rebuild | Rebuild the file according to the spec so any unreferenced components or objects are removed. |
| D3-CNS | Content Substitution | Modifies specific digital content information by replacing it with something else. |
| D3-CQ | Content Quarantine | Transfer content that does not comply with policy to a quarantine zone. |
| D3-CTS | Credential Transmission Scoping | Limiting the transmission of a credential to a scoped set of relying parties. |
| D3-CV | Content Validation | Verify and validate contents complies with policy |
| D3-DNL | Directional Network Link | Enforce one-way network communication by preventing two-way communication. |
| D3-DNSAL | DNS Allowlisting | Permitting only approved domains and their subdomains to be resolved. |
| D3-DNSDL | DNS Denylisting | Blocking DNS Network Traffic based on criteria such as IP address, domain name, or DNS query type. |
| D3-DTP | Domain Trust Policy | Restricting inter-domain trust by modifying domain configuration. |
| D3-EAL | Executable Allowlisting | Using a digital signature to authenticate a file before opening. |
| D3-EBWSAM | Endpoint-based Web Server Access Mediation | Endpoint-based web server access mediation regulates web server access directly from user endpoints by implementing mechanisms such as client-side certificates… |
| D3-EDL | Executable Denylisting | Blocking the execution of files on a host in accordance with defined application policy rules. |
| D3-EF | Email Filtering | Filtering incoming email traffic based on specific criteria. |
| D3-EI | Execution Isolation | |
| D3-EPL | Physical Locking | Employ a mechanical locking device for securing moveable portions of physical barriers (e.g., doors, gates, drawers) in a secured position. |
| D3-ET | Encrypted Tunnels | Encrypted encapsulation of routable network traffic. |
| D3-FCDC | File Content Decompression Checking | Checking if compressed or encoded data sections can be successfully decompressed or decoded. Can follow with further analysis with semantic knowledge |
| D3-FFV | File Format Verification | Verifying that a file conforms to its expected format specifications |
| D3-FISV | File Internal Structure Verification | The process of checking specific static values within a file, such as file signatures or magic numbers, to ensure they match the expected values defined by the… |
| D3-FMBV | File Magic Byte Verification | Utilizing the magic number to verify the file |
| D3-FMCV | File Metadata Consistency Validation | The process of validating the consistency between a file's metadata and its actual content, ensuring that elements like declared lengths, pointers, and checksu… |
| D3-FMVV | File Metadata Value Verification | The process of checking specific static values within a file, such as file signatures or magic numbers, to ensure they match the expected values defined by the… |
| D3-FRDDL | Forward Resolution Domain Denylisting | Blocking a lookup based on the query's domain name value. |
| D3-FRIDL | Forward Resolution IP Denylisting | Blocking a DNS lookup's answer's IP address value. |
| D3-HBPI | Hardware-based Process Isolation | Preventing one process from writing to the memory space of another process through hardware based address manager implementations. |
| D3-HDDL | Hierarchical Domain Denylisting | Blocking the resolution of any subdomain of a specified domain name. |
| D3-HDL | Homoglyph Denylisting | Blocking DNS queries that are deceptively similar to legitimate domain names. |
| D3-IOPR | IO Port Restriction | Limiting access to computer input/output (IO) ports to restrict unauthorized devices. |
| D3-ITF | Inbound Traffic Filtering | Restricting network traffic originating from untrusted networks destined towards a private host or enclave. |
| D3-KBPI | Kernel-based Process Isolation | Using kernel-level capabilities to isolate processes. |
| D3-LAMED | LAN Access Mediation | LAN access mediation encompasses the application of strict access control policies, systematic verification of devices, and authentication mechanisms to govern… |
| D3-LFAM | Local File Access Mediation | Local file access mediation is the process of an operating system granting or denying a specific access request to a local file. |
| D3-LFP | Local File Permissions | Local file permissions is the systematic process of defining, implementing, and managing access control policies that dictate user permissions for accessing fi… |
| D3-NAM | Network Access Mediation | Network access mediation is the control method for authorizing access to a system by a user (or a process acting on behalf of a user) communicating through a n… |
| D3-NI | Network Isolation | |
| D3-NRAM | Network Resource Access Mediation | Control of access to organizational systems and services by users or processes over a network. |
| D3-NTF | Network Traffic Filtering | Restricting network traffic originating from any location. |
| D3-OPR | Operating Mode Restriction | Restricting unauthorized changes to the operating mode prevents devices from switching into inappropriate or vulnerable states during normal use. |
| D3-OTF | Outbound Traffic Filtering | Restricting network traffic originating from a private host or enclave destined towards untrusted networks. |
| D3-OVAR | OT Variable Access Restriction | Assign read/write access controls on designated registers or data tags to prevent unauthorized writes. |
| D3-PAM | Physical Access Mediation | Physical access mediation is the process of granting or denying specific requests to enter specific physical facilities (e.g., Federal buildings, military esta… |
| D3-PBWSAM | Proxy-based Web Server Access Mediation | Proxy-based web server access mediation focuses on the regulation of web server access through intermediary proxy servers. |
| D3-RAM | Routing Access Mediation | Routing access mediation is a network security approach that manages and controls access at the network layer using VPNs, tunneling protocols, firewall rules, … |
| D3-RFAM | Remote File Access Mediation | Remote file access mediation is the process of managing and securing access to file systems over a network to ensure that only authorized users or processes ca… |
| D3-RRID | Reverse Resolution IP Denylisting | Blocking a reverse lookup based on the query's IP address value. |
| D3-SCF | System Call Filtering | Controlling access to local computer system resources with kernel-level capabilities. |
| D3-UAP | User Account Permissions | Restricting a user account's access to resources. |
| D3-WSAM | Web Session Access Mediation | Web session access mediation secures user sessions in web applications by employing robust authentication and integrity validation, along with adaptive threat … |
| D3F-UGPH | User Group Permissions | Access control where access is determined based on attributes associated with users and the objects being accessed. |