Analyzing Security Output 2.4

Question 1

Host-Based Detection Systems

Answer 1

Intrusion Detection/Prevention Systems. Anti-Virus and ID/PS used to be separate apps however now they are often integrated together.

Question 2

Endpoint Security

Answer 2

Not just Antivirus. Endpoint security aims to protect the IT infrastructure at large by protecting the endpoints as gateways to it. As such, it does protect against malware and other external threats. Endpoint security doesn’t just focus on endpoints; it also protects the data stored on them. Data Loss Prevention monitors data on your corporate endpoints, can block any unwarranted traffic, and notify your IT security team of anomalies. You should have a clear idea of where sensitive data moves in and out of your network.

Question 3

Antivirus

Answer 3

Analyzes attacks, bad URL’s, ransomware attacks, malicious installation packages. Alerts upon recognition.

Question 4

File Integrity Check

Answer 4

Software built into many OS’s. In Windows its known as SFC. It will scan your system and make sure your core OS files are good. If it detects corruption, it will repair it. It will generate a large log of what it checked and the details.

Question 5

Host-Based Firewalls

Answer 5

Built into many apps. Basically required for mobile devices. Restricts apps and network port numbers.

Question 6

Application Whitelisting

Answer 6

Setting up rules via the OS on what apps are allowed to run on it. Also built into an centralized OS to manage all of the devices on the network. You can whitelist using Application Hash (unique identifiers) or through digitally signed certificates. Additionally only certain application paths can be allowed to run. Lastly whitelisting an entire network zone.

Question 7

USB Devices

Answer 7

Security vulnerability. Windows Event log can track USB use and will log the filenames copied to/from USB/portable hard drives.

Question 8

Advanced Malware Tools

Answer 8

Antivirus cant handle systems that get infected by malware. These tools are specifically designed to remove malware. Malware is very pervasive. It’s generally easiest to delete your system and restore it from a good backup if able. Stay diligent and prevent it.

Question 9

Patch Management Tools

Answer 9

Windows tracks important security logs about patches on your computer.

Question 10

Unified Threat Management (UTM)

Answer 10

Also known as web security gateways. Combine many security technologies into one device such as Router/Switch/Firewall/URL Filter etc.

Question 11

Data Execution Prevention (DEP)

Answer 11

Your CPU can work in conjunction with your OS to allocate specific protected locations to prevent executables. If an executable is attempting to run from within these areas, the code will not be able to run and the malware and viruses will be prevented from executing. The OS must support this feature. Windows calls it Data Execution Prevention (DEP). Can be viewed in Event Viewer.

Question 12

Web Application Firewall (WAF)

Answer 12

Not like a traditional network firewall. It’s looking at conversation between web client and web server. If it detects unauthorized input, it stops it. SQL injections for example.