CSURFACE CSURFACE THREAT SENSOR
  • Home
  • Analytics
  • News
  • About
  • Tools
    • Constellation
  • Libraries
    • CWE
    • CAPEC
    • MITRE ATT&CK
    • MITRE D3FEND
    • OWASP Top 10
    • Ransomware Groups
    • References
  • Support
  • EN | PT
  1. Home
  2. MITRE D3FEND
  3. D3-NTF

D3-NTF

Isolate
Network Traffic Filtering

Definition

Restricting network traffic originating from any location.

Artifact Relationships

This defensive technique relates to specific digital artifacts.

filters
filters
filters
filters
Network Traffic Filtering
Network Traffic
OT Protocol Message
Email
Remote Command

References

Reference - Active firewall system and methodology - McAfee LLC Reference - Automatically generating rules for connection security - Microsoft Reference - FWTK - Firewall Toolkit Reference - Firewall for interent access - Secure Computing LLC Reference - Firewall for processing a connectionless network packet - National Security Agency Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency Reference - Firewalls that filter based upon protocol commands - Intel Corp Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd Reference - Network firewall with proxy - Secure Computing LLC

Source

View on MITRE D3FEND

Counters ATT&CK (48)

T1001 Data Obfuscation
T1003 OS Credential Dumping
T1008 Fallback Channels
T1011 Exfiltration Over Other Network Medium
T1018 Remote System Discovery
T1020 Automated Exfiltration
T1021 Remote Services
T1029 Scheduled Transfer
T1030 Data Transfer Size Limits
T1041 Exfiltration Over C2 Channel
T1047 Windows Management Instrumentation
T1048 Exfiltration Over Alternative Protocol
T1071 Application Layer Protocol
T1090 Proxy
T1095 Non-Application Layer Protocol
T1098 Account Manipulation
T1102 Web Service
T1104 Multi-Stage Channels
T1105 Ingress Tool Transfer
T1110 Brute Force
T1132 Data Encoding
T1185 Browser Session Hijacking
T1189 Drive-by Compromise
T1190 Exploit Public-Facing Application
T1197 BITS Jobs
T1199 Trusted Relationship
T1204 User Execution
T1205 Traffic Signaling
T1207 Rogue Domain Controller
T1210 Exploitation of Remote Services
T1218 System Binary Proxy Execution
T1219 Remote Access Tools
T1498 Network Denial of Service
T1499 Endpoint Denial of Service
T1542 Pre-OS Boot
T1546 Event Triggered Execution
T1550 Use Alternate Authentication Material
T1557 Adversary-in-the-Middle
T1558 Steal or Forge Kerberos Tickets
T1563 Remote Service Session Hijacking
T1565 Data Manipulation
T1566 Phishing
T1567 Exfiltration Over Web Service
T1568 Dynamic Resolution
T1570 Lateral Tool Transfer
T1571 Non-Standard Port
T1572 Protocol Tunneling
T1573 Encrypted Channel