Threat P.L.OSAPNaS.3

URI: P.L.OSAPNaS.3

Package: ProcessComms

< prev | next >

Description: Remote control of service Service using a back door from LogicalSubnet: an attacker with access to LogicalSubnet can exploit a privileged network path to Service via that subnet, and use a previously installed back door to take control of the service, gaining access to the rights of Service on SHost.

Threat Type: Primary Threat

Matching Pattern:

P.L.OSAPNaS.3
MP-OSAPNaS

Finds a host running a service, an open service attack path to the service from a logical subnet, the location access contexts where the service is accessible via this attack path, and optionally the managers of the service and its host.

        (empty)

        (empty)

CSG-ClientAddressWhitelisting

The service Service has a whitelist of network addresses from which it accepts client requests, and all the network interfaces from which requests may come have addresses that are fixed or in a restricted range not available to attackers.

CSG-DisableServiceChannel-Runtime

Firewall rules that normally allow access to service Service by clients on otherwise blocked network paths are switched off to prevent an attack. This strategy may represent a run-time adaptation in response to a threat, or a permanent restriction introduced by design or in accordance with an operational policy or user preference to avoid accessing Service over certain networks. It also triggers threats representing side effects that would be caused by such a restriction where they affect all available network paths used by a client.