7 - 1: Host Security Flashcards
Security baselines
Limit administrative access
GPO
Group Policy Object
Patch Management
Policy to ensure patches are issued in a timely manner, critical for security issues. Analyze the outcomes of patching
System Hardening
Remove unnecessary software and OS components, lockdown host firewall, disable default credentials, verify sysconfig settings
Viruses
Spread because of human activity
Worms
Spread by themselves
Trojan horses
Act as wanted/expected software while carrying malware
Spyware
Gathers information and user activity
Antivirus mechanisms
Signature detection and behavior/heuristic
Signature detection
Watches for known patterns of activity. Requires updating signature files.
Behavior/Heuristic detection
Model normal behavior, then alerts when there is deviant behavior
EDR
Endpoint Detection and Response, goes deeper than regular antivirus software, real-time protection using endpoint agents and automated responses
Sandboxing
Isolates malicious content when it runs, sending it off for monitoring
Spam filtering
Blocks unwanted mail
Malware logging
Keep a centralized reporting location to review security incidents
Application control
Restricts the software that runs on endpoints, typically reported to SIEMs
Whitelisting
For tightly controlled environments, its what software can only be used
Blacklisting
For looser environment, it is a list of prohibited applications
Host Software Baselining
Standard list of software expected on endpoints, then reports deviations to identify unwanted software
Firewalls
Restrict traffic and only allow devices that meet security policy to proceed
Default Deny Rule
Firewalls, by default, block any network connection not explicitly allowed
Firewall Types
Network firewalls and host firewalls. Network access requires BOTH to be configured
Network firewalls
Hardware devices that regulate connections between two networks
Host firewalls
Software components of an operating system that limit connections to a server
