NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION
SC-30 — Concealment and Misdirection
Employ the following concealment and misdirection techniques for {{ insert: param, sc-30_odp.02 }} at {{ insert: param, sc-30_odp.03 }} to confuse and mislead adversaries: {{ insert: param, sc-30_odp.01 }}.
Supplemental Guidance
Concealment and misdirection techniques can significantly reduce the targeting capabilities of adversaries (i.e., window of opportunity and available attack surface) to initiate and complete attacks. For example, virtualization techniques provide organizations with the ability to disguise systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. The increased use of concealment and misdirection techniques and methods—including randomness, uncertainty, and virtualization—may sufficiently confuse and mislead adversaries and subsequently increase the risk of discovery and/or exposing tradecraft. Concealment and misdirection techniques may provide additional time to perform core mission and business functions. The implementation of concealment and misdirection techniques may add to the complexity and management overhead required for the system.
Practitioner Notes
Use concealment and misdirection techniques to make it harder for attackers to target your systems. If they cannot find or understand your infrastructure, they cannot attack it effectively.
Example 1: Randomize your server naming conventions so hostnames do not reveal function (do not name servers "DC01" or "SQL-PROD"). Use opaque names that give attackers no clues about what each system does.
Example 2: Change the default ports for management services. Move SSH from port 22 to a non-standard port. Move RDP from 3389. This does not stop a determined attacker but it defeats automated scanning tools and reduces noise in your logs.