Analyzing Security Output 2.4 Flashcards
Host-Based Detection Systems
Intrusion Detection/Prevention Systems. Anti-Virus and ID/PS used to be separate apps however now they are often integrated together.
Endpoint Security
Not just Antivirus. Endpoint security aims to protect the IT infrastructure at large by protecting the endpoints as gateways to it. As such, it does protect against malware and other external threats. Endpoint security doesn’t just focus on endpoints; it also protects the data stored on them. Data Loss Prevention monitors data on your corporate endpoints, can block any unwarranted traffic, and notify your IT security team of anomalies. You should have a clear idea of where sensitive data moves in and out of your network.
Antivirus
Analyzes attacks, bad URL’s, ransomware attacks, malicious installation packages. Alerts upon recognition.
File Integrity Check
Software built into many OS’s. In Windows its known as SFC. It will scan your system and make sure your core OS files are good. If it detects corruption, it will repair it. It will generate a large log of what it checked and the details.
Host-Based Firewalls
Built into many apps. Basically required for mobile devices. Restricts apps and network port numbers.
Application Whitelisting
Setting up rules via the OS on what apps are allowed to run on it. Also built into an centralized OS to manage all of the devices on the network. You can whitelist using Application Hash (unique identifiers) or through digitally signed certificates. Additionally only certain application paths can be allowed to run. Lastly whitelisting an entire network zone.
USB Devices
Security vulnerability. Windows Event log can track USB use and will log the filenames copied to/from USB/portable hard drives.
Advanced Malware Tools
Antivirus cant handle systems that get infected by malware. These tools are specifically designed to remove malware. Malware is very pervasive. It’s generally easiest to delete your system and restore it from a good backup if able. Stay diligent and prevent it.
Patch Management Tools
Windows tracks important security logs about patches on your computer.
Unified Threat Management (UTM)
Also known as web security gateways. Combine many security technologies into one device such as Router/Switch/Firewall/URL Filter etc.
Data Execution Prevention (DEP)
Your CPU can work in conjunction with your OS to allocate specific protected locations to prevent executables. If an executable is attempting to run from within these areas, the code will not be able to run and the malware and viruses will be prevented from executing. The OS must support this feature. Windows calls it Data Execution Prevention (DEP). Can be viewed in Event Viewer.
Web Application Firewall (WAF)
Not like a traditional network firewall. It’s looking at conversation between web client and web server. If it detects unauthorized input, it stops it. SQL injections for example.