Deceive, Detect, Engage

Deceptive Firewall Rules

Goal: Disrupt attacker reconnaissance and lateral movement by configuring deceptive firewall rules.

Approach: Creating firewall rules that mislead attackers about network segmentation and access controls.

Configure firewall rules that appear to block access to critical systems or sensitive data, but actually redirect traffic to honeypots or decoy networks. This can mislead attackers about the network topology and hinder their progress.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0016 Network Manipulation, EAC0018 Security Controls

Name of Element: Deceptive Firewall Rules

Description of Element:

Goal: Disrupt attacker reconnaissance and lateral movement by configuring deceptive firewall rules.

Approach: Creating firewall rules that mislead attackers about network segmentation and access controls.

Technical Context:

This element requires access to firewall configuration and the ability to create custom rules. This aligns with the MITRE ATT&CK technique T1562.004 (Impair Defenses: Disable or Modify System Firewall).

Other:

Combine this with deceptive network scanning results to further reinforce the illusion.

Deceptive Firewall Rules

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense