3.2 Host and Application Security Flashcards
Endpoint protection
Concept of extending the security perimeter to the devices that are connecting to the network.
Antivirus/Anti-malware
Identify and neutralize viruses and malware
Uses signature-bases scanning to identify viruses from a signature library.
If not in the signature library it wont be found.
Heuristic Scanning
Type of Scanning that doesn’t need signatures. It looks for odd Behaviors on the OS.
EDR
Endpoint Detection and Response
A multi based detection tool that looks for other odd behaviors.
DLP
Data Loss Prevention
Endpoint DLP monitoring
Prevents sensitive data from leaving the net work
NGFW
Next-Generation Firewall
Inspecting actual traffic, the Content
Can Block a application, examine encryption data, prevent URLS
HIDS
Host-Intrusion Detection system
Focuses of SPECFIC threats.
Only Detects
Software-based firewall
HIPS
Host-based Intrusion Prevention System
Is like HIDS but actually dose something about it.
Host-based firewall
Software based firewall
Allows end user to monitor and set security policies for incoming traffic
Secure Boot
Uses hardware such as:
TPM (trusted Platform Module)
HSM (Hardware security Module)
to ensure that the boot s free form tampering.
Dynamic Ananlysis
(Fuzzing)
Brute force for input validations
Secure Cookies
Has a secure attribute that tells the browser to send over HTTPS.
Cookies are automatically sent over plain text . That is why secure cookies are needed.
HTTP Secure Headers
Tells the browser to only communicate to HTTPS, never HTTP.
Code Signing
Validates the application through digital signatures.
If the public key does not work then a prompt message will say its not a valid signature.
Allow list/Deny list
OS controls what can told what applications it can operate/download. Denies anything not listed on the allow list.
