NIST SPECIAL PUBLICATION 1800-25
Data Integrity:
Data Integrity:¶
Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
Jennifer Cawthra
Michael Ekstrom
Lauren Lusty
Julian Sexton
John Sweetnam
FINAL
This publication is available free of charge from https://www.nccoe.nist.gov/projects/building-blocks/data-integrity/identify-protect.
NIST SPECIAL PUBLICATION 1800-25
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
Jennifer Cawthra
National Cybersecurity Center of Excellence
NIST
Michael Ekstrom
Lauren Lusty
Julian Sexton
John Sweetnam
The MITRE Corporation
McLean, Virginia
FINAL
December 2020
U.S. Department of Commerce
Wilbur Ross, Secretary
National Institute of Standards and Technology
Walter G. Copan, Undersecretary of Commerce for Standards and Technology and Director
- 1 Summary
- 2 How to Use This Guide
- 3 Approach
- 4 Architecture
- 5 Security Characteristic Analysis
- 5.1 Assumptions and Limitations
- 5.2 Build Testing
- 5.3 Scenarios and Findings
- 5.3.1 Ransomware via Web Vector and Self-Propagation
- 5.3.2 Destructive Malware via USB Vector
- 5.3.3 Accidental VM Deletion via Maintenance Script
- 5.3.4 Backdoor Creation via Email Vector
- 5.3.5 Database Modification via Malicious Insider
- 5.3.6 File Modification via Malicious Insider
- 5.3.7 Backdoor Creation via Compromised Update Server
- 5.3.8 New Employee
- 6 Future Build Considerations
- Appendix A List of Acronyms
- Appendix B Glossary
- Appendix C References
- Appendix D Functional Evaluation
- D.1 Data Integrity Functional Test Plan
- D.2 Data Integrity Use Case Requirements
- D.3 Test Case: Data Integrity IP-1
- D.4 Test Case: Data Integrity IP-2
- D.5 Test Case: Data Integrity IP-3
- D.6 Test Case: Data Integrity IP-4
- D.7 Test Case: Data Integrity IP-5
- D.8 Test Case: Data Integrity IP-6
- D.9 Test Case: Data Integrity IP-7
- D.10 Test Case: Data Integrity IP-8
- 1 Introduction
- 2 Product Installation Guides
- 2.1 Active Directory and Domain Name System (DNS Server)
- 2.2 Microsoft Exchange Server
- 2.3 Windows Server Hyper-V Role
- 2.4 MS SQL Server
- 2.5 Microsoft IIS Server
- 2.6 GreenTec WORMdisks
- 2.7 CryptoniteNXT
- 2.8 Backups
- 2.9 Semperis Active Directory Forest Recovery
- 2.10 Semperis Directory Services Protector
- 2.11 Micro Focus ArcSight Enterprise Security Manager
- 2.12 Tripwire Enterprise
- 2.13 Tripwire Log Center
- 2.14 Cisco Web Security Appliance
- 2.15 Symantec Data Loss Prevention
- 2.16 Cisco Identity Services Engine
- 2.16.1 Initial Setup
- 2.16.2 Inventory: Configure SNMP on Routers/Network Devices
- 2.16.3 Inventory: Configure Device Detection
- 2.16.4 Policy Enforcement: Configure Active Directory Integration
- 2.16.5 Policy Enforcement: Enable Passive Identity with AD
- 2.16.6 Policy Enforcement: Developing Policy Conditions
- 2.16.7 Policy Enforcement: Developing Policy Results
- 2.16.8 Policy Enforcement: Enforcing a Requirement in Policy
- 2.16.9 Policy Enforcement: Configuring a Web Portal
- 2.16.10 Configuring RADIUS with Your Network Device
- 2.16.11 Configuring an Authentication Policy
- 2.16.12 Configuring an Authorization Policy
- 2.17 Tripwire IP360
- 2.18 Integration: Tripwire Log Center and Tripwire Enterprise
- 2.19 Integration: Tripwire Log Center and Tripwire IP360
- 2.20 Integration: Tripwire Enterprise and Backups
- 2.21 Integration: Cisco ISE and CryptoniteNXT
- 2.22 Integration: Backups and GreenTec
- 2.23 Integration: Micro Focus ArcSight and FileZilla
- 2.24 Integration: Micro Focus ArcSight and Tripwire
- 2.25 Integration: Micro Focus ArcSight and Cisco WSA
- 2.26 Integration: Micro Focus ArcSight and Cisco ISE
- 2.27 Integration: Micro Focus ArcSight and Symantec DLP
- 2.28 Integration: Micro Focus ArcSight and CryptoniteNXT
- 2.29 Integration: Micro Focus ArcSight and Semperis DSP
- 2.30 Integrations: CryptoniteNXT
- 2.30.1 Active Directory and DNS
- 2.30.2 Microsoft Exchange
- 2.30.3 FileZilla
- 2.30.4 GreenTec
- 2.30.5 Tripwire Enterprise
- 2.30.6 ArcSight ESM
- 2.30.7 Cisco ISE
- 2.30.8 Semperis DSP
- 2.30.9 Symantec DLP
- 2.30.10 Cisco WSA
- 2.30.11 Tripwire IP360
- 2.30.12 FileZilla and ArcSight
- 2.30.13 Cisco ISE and ArcSight
- 2.30.14 Cisco WSA and ArcSight
- 2.30.15 Semperis DSP and ArcSight
- 2.30.16 Symantec DLP and ArcSight
- Appendix A List of Acronyms