10.1: Endpoint Security Flashcards
a coordinated attack from many devices, called zombies, with the intention of degrading or halting public access to an organization’s website and resources.
Distributed Denial of Service (DDoS)
an attack in which an organization’s data servers or hosts are compromised to steal confidential information.
Data breach
an attack in which an organization’s hosts are infected with malicious software that cause a variety of problems. For example, ransomware such as WannaCry, shown in the figure, encrypts the data on a host and locks access to it until a ransom is paid.
Malware
Various network security devices are required to protect the network perimeter from outside access. These devices could include:
-Virtual Private Network (VPN)
-Next-Generation Firewall (NGFW)
-Network Access Control (NAC)
A _____-enabled router provides a secure connection to remote users across a public network and into the enterprise network.*** services can be integrated into the firewall.
VPN
Virtual Private Network
An ____ provides stateful packet inspection, application visibility and control, a next-generation intrusion prevention system (NGIPS), advanced malware protection (AMP), and URL filtering.
NGFW
Next-Generation Firewall
A ____device includes authentication, authorization, and accounting (AAA) services. In larger enterprises, these services might be incorporated into an appliance that can manage access policies across a wide variety of users and device types.
Ex: Cisco ___ (ISE)
NAC
Network Access Control
Identity Services Engine
WLCs
wireless LAN controllers
AP
access point
___ are hosts which commonly consist of laptops, desktops, servers, and IP phones, as well as employee-owned devices that are typically referred to as bring your own devices (BYODs).
Endpoints
Endpoints are particularly susceptible to ___ attacks that originate through email or web browsing.
malware-related
HIPSs
host-based intrusion prevention systems
Today endpoints are best protected by a combination of:
NAC
host-based AMP software
email security appliance (ESA)
web security appliance (WSA)
WSA
web security appliance
ESA
email security appliance
AMP
Advance Malware Protection
Cisco Email Security Appliance
___ include fine-grained control over email and web browsing for an organization’s users.
Content security appliances
Cisco Email Security Appliance
The Cisco ESA is a device that is designed to monitor ___ (SMTP)
Simple Mail Transfer Protocol
Cisco Email Security Appliance
These are some of the functions of the Cisco ESA:
Block known threats.
Remediate against stealth malware that evaded initial detection.
Discard emails with bad links (as shown in the figure).
Block access to newly infected sites.
Encrypt content in outgoing email to prevent data loss
The____ (WSA) is a mitigation technology for web-based threats.
It helps organizations address the challenges of securing and controlling web traffic.
Cisco Web Security Appliance
Certain features and applications, such as chat, messaging, video and audio, can be allowed, restricted with time and bandwidth limits, or blocked, according to the organization’s requirements.
Cisco Web Security Appliance (WSA)
