3.2 Implement host or application security solutions Flashcards
An essential security application and an example of a host-based IDS (HIDS). It provides both preventive and correction security controls. It monitors the local system for evidence of malware in memory, in active processes, and in storage.
Antivirus Software (AV)
A more modern and all-inclusive term to replace antivirus. However, some claim that anti-malware will potentially detect a wider range of malicious code and potentially unwanted applications (PUA) than that of traditional AV.
Anti-malware
Seeks to detect, record, evaluate, and respond to suspicious activities and events, which may be caused by problematic software or by valid and invalid users.
Endpoint Detection and Response (EDR)
.
Data Loss Prevention (DLP)
A unified threat management (UTM) device which is based on a traditional firewall with numerous other integrated network and security services, such as application filtering, deep packet inspection, intrusion prevention, TSL offloading and/or inspection, domain name and website filtering, QoS, bandwidth management, antimalware, authentication services, and identity management.
Next -Generation Firewall (NGFW)
Monitors the local system for malicious activity and attempted intrusions. Its purpose is to prevent attacks from becoming successful.
Host-Based Intrusion Prevention System
Monitors a local machine for symptoms of unwanted activity. Its purpose is to detect malicious activity or intrusions that have already taken place or that are still occurring on the monitored system.
Host-Based Intrusion Detection System (HIDS)
A security application that is installed on client systems. It provides protection for the local system from the activities of the user and from communications from the net-work or Internet.
Host-Based Firewall
Is protected using a range of mechanisms that attempt to prevent malicious manipulation of the boot files, firmware code, and device settings that are necessary to boot into a secure OS environment.
Boot Integrity
Provides support for all of the same functions as BIOS with many improvements, such as support for larger hard drives (especially for booting), faster boot times, enhanced security features, and even the ability to use a mouse when making system changes. It also includes a CPU-independent architecture, a flexible pre-OS environment with networking support, measured boot, boot attestation (a.k.a. secure boot), and backward and forward compatibility.
Boot Security/ Unified Extensible Firmware Interface (UEFI)
An optional feature of UEFI that takes a hash calculation of every element involved in the booting process.
Measured Boot
is a feature of UEFI that aims to protect the local operating system by preventing the loading of or installing of device drivers or an operating system that is not signed by a preapproved digital certificate.
Boot Attestation
A means to protect sensitive data, such as PII, by replacing it with a token that represents the sensitive data.
Tokenization
.
Salting
.
Hashing
