Preventions
- Home
- - Preventions
- -PV018
- ID: PV018
- Created: 01st June 2024
- Updated: 24th July 2024
- Contributor: The ITM Team
Network Intrusion Prevention Systems
Network Intrusion Prevention Systems (NIPs) can alert on abnormal, suspicious, or malicious patterns of network behavior, and take autonomous actions to stop the behavior, such as resetting a network connection.
Sections
ID | Name | Description |
---|---|---|
ME006 | Web Access | A subject can access the web with an organization device. |
ME009 | FTP Servers | A subject is able to access external FTP servers. |
ME010 | SSH Servers | A subject is able to access external SSH servers. |
PR021 | Network Scanning | A subject conducts a scan of a network to identify additional systems, or services running on those systems. |
IF020 | Unauthorized VPN Client | The subject installs and uses an unapproved VPN client, potentially violating organizational policy. By using a VPN service not controlled by the organization, the subject can bypass security controls, reducing the security team’s visibility into network activity conducted through the unauthorized VPN. This could lead to significant security risks, as monitoring and detection mechanisms are circumvented. |
IF011.001 | Intentionally Weakening Network Security Controls For a Third Party | The subject intentionally weakens or bypasses network security controls for a third party, such as providing credentials or disabling security controls. |
IF004.006 | Exfiltration via Python Listening Service | A subject may employ a Python-based listening service to exfiltrate organizational data, typically as part of a self-initiated or premeditated breach. Python’s accessibility and versatility make it a powerful tool for creating custom scripts capable of transmitting sensitive data to external or unauthorized internal systems.
In this infringement method, the subject configures a Python script—often hosted externally or on a covert internal system—to listen for incoming connections. A complementary script, running within the organization’s network (such as on a corporate laptop), transmits sensitive files or data streams to the listening service using common protocols such as HTTP or TCP, or via more covert channels including DNS tunneling, ICMP, or steganographic methods. Publicly available tools such as PyExfil can facilitate these operations, offering modular capabilities for exfiltrating data across multiple vectors.
Examples of Use:
Detection Considerations:
|