11 Endpoint Security Flashcards
Exam Essentials
Understand operating system and hardware vulnerabilities. Operating systems may be vulnerable, host vulnerable services or applications, or may have weak or insecure configurations that need to be addressed. Patching, configuration management, and security baselines all play a role in operating system security. Hardware security frequently focuses on firmware updates and security as well as life cycle management to properly address end-of-life and legacy hardware issues.
Hardening and protecting systems relies on security tools and technology to keep systems secure. Securing endpoint devices requires considering the entire device: how it boots, how data is secured, how it is configured, what services it provides, if its communications are secure, and how it is protected against network threats. Fortunately, security professionals have a wide range of tools, including secure and trusted boot, to protect against attacks on the boot process or drivers. Antivirus, antimalware, EDR, XDR, and data loss prevention tools provide insight into what systems are doing and where issues may exist while adding more controls that administrators and security professionals can use to keep systems and data secure. Network security tools like host intrusion prevention and detection systems, host firewalls, and similar tools can detect and often stop attacks from the network.
Hardening endpoints also relies on configuration, settings, policies, and standards to ensure system security. Although tools and technology are important to protect endpoints, configuration and settings are also an important part of the process. Disabling unnecessary services, changing default passwords, applying settings in the Windows Registry or operating systems settings in Linux, and otherwise using built-in and add-on configuration options to match security configurations to the device’s risk profile is critical. Finally, patch management for the operating system and the applications installed on devices protects against known vulnerabilities and issues.
Specialized systems like SCADA, ICS, and IoT systems exist throughout your organization and require unique security solutions. SCADA and ICS or industrial control systems are used to manage and monitor factories, power plants, and many other major components of modern companies. IoT systems are Internet-connected devices that perform a wide variety of tasks, from monitoring to home automation and more. They may be controlled by third parties or have other security implications that must be addressed as part of a security plan to keep each endpoint secure.
Explain the importance of asset management for software, data, and hardware. Assets must be managed from acquisition through their life cycle until disposal or decommissioning. Proper management includes ensuring that ownership and classification are maintained and tracked, and that inventories of assets are up to date and include appropriate information to support operations, security, and incident response needs.
Drive encryption and sanitization help prevent data exposure. Encrypting drives and media helps keep them secure if they are stolen or lost. Full-disk encryption covers the entire drive, whereas volume or file encryption protects portions of the contents. Sanitizing drives and media involves wiping them using a secure deletion process, or their destruction to ensure that the data cannot be recovered. Using appropriate processes based on the security requirements for the data and the type of drive or media involved is critical to making sure that the data is properly removed.
What are common vulnerabilities in operating systems?
Operating systems may be vulnerable, host vulnerable services or applications, or may have weak or insecure configurations.
Addressing these vulnerabilities requires patching, configuration management, and security baselines.
What role does hardware security focus on?
Hardware security frequently focuses on firmware updates and security as well as life cycle management.
This approach addresses end-of-life and legacy hardware issues.
What is essential for hardening and protecting systems?
Security tools and technology are essential to keep systems secure.
This includes considering how devices boot, how data is secured, and how they are protected against network threats.
What are some tools used to secure endpoint devices?
- Secure and trusted boot
- Antivirus
- Antimalware
- EDR
- XDR
- Data loss prevention tools
These tools provide insight into system activities and help maintain security.
What is the importance of configuration in endpoint hardening?
Configuration, settings, policies, and standards are crucial to ensure system security.
This includes disabling unnecessary services and changing default passwords.
What is patch management’s role in endpoint security?
Patch management protects against known vulnerabilities and issues for the operating system and applications.
It is essential for maintaining the security of devices.
What are SCADA and ICS systems used for?
SCADA and ICS are used to manage and monitor factories, power plants, and other major components of modern companies.
They require unique security solutions.
What is the significance of asset management?
Assets must be managed from acquisition through their life cycle until disposal or decommissioning.
Proper management includes tracking ownership, classification, and maintaining up-to-date inventories.
How does drive encryption help secure data?
Drive encryption helps keep data secure if drives or media are stolen or lost.
Full-disk encryption covers the entire drive, while volume or file encryption protects specific contents.
What does sanitizing drives and media entail?
Sanitizing involves wiping drives using a secure deletion process or destroying them to ensure data cannot be recovered.
Choosing appropriate processes is critical based on the data’s security requirements.
Fill in the blank: __________ is important for ensuring endpoint security by matching configurations to risk profiles.
Configuration and settings
True or False: IoT systems do not require unique security considerations.
False
IoT systems may have security implications that must be addressed in a security plan.
