(1) Secure Endpoint Management Flashcards
What is a very important way that a system admin can protect endpoints against attacks?
One of the best ways that system admins can protect endpoints is by hardening configurations.
When a system admin hardens a configuration, what does that entail?
Hardening configurations can include (but is not limited to):
-Disabling unnecessary services
-Disable unnecessary ports
-Keep software and firmware up to date
-Use security standards and guidelines
What is patch management?
Patch management is about determining what security patches to apply to endpoints based on a bunch of factors, such as:
-If the patch fixes a vulnerability that the company actually needs to worry about
-If the patch won’t break something that the company really needs to use
-If the company is going to update the vulnerable system to something where the issue doesn’t exist anyway.h
What are two points of emphasis when it comes to patch management?
When it comes to patch management, 2 points to consider are:
-If an organization waits too long to apply a patch, then the patch may be exploited by an attacker
-An org should always test a patch on a sandbox system before deploying it to a production system
What are Group Policies?
What is Microsoft’s Group Policy Object (GPO)
Group policies let system admins manage security and other sys config settings for a huge number of devices.
Microsoft’s Group Policy Object (GPO) lets admins break corporate machines into groups and then either apply settings to them all or specific groups.
What is Endpoint Security Software?
What should Endpoint Security Software report to?
Endpoint Security Software encompasses a wide variety of services meant to protect endpoint systems. This could include:
-Antivirus
-Firewalls
-Other protective means
Endpoint Security Software should report its status to a centralized management system that lets security admins keep an eye on the enterprise from a centralized point.
What are Mandatory Access Controls (MAC)? Are they used very much?
MAC are very useful in highly secure systems. Admins set security parameters and they are very hard set, they cannot be changed.
The problem with this setup is that it can cause a lot of roadblocks to productivity so it is only commonly used in very high risk (government, military, etc.) style systems and no where else.
