Endpoint Security Technologies

Question 1

Traditional Firewall

Answer 1

• Installed on a Network to Control and enforce traffic policies between networks

Question 2

Host-Based Firewall

Answer 2

• also known as personal Firewalls
• Installed on an operating system to control and enforce traffic policies of an individual host.
• Most Common Rules are based on protocols.
• some can permit or deny based on Black or White lists rules
• Some can implement rules based on different classes of networks, such as work, home, and public.
• Have reporting and alerting capabilities via logs.

Question 3

Linux / Unix Host-Based Firewall

Answer 3

• IPtables - implemented in the kernel. Works at the network layer.
• TCPwrappers - implemented in user space, works at the application layer, permit deny services.
• Uncomplicated Firewall - simple front end IPtables.

Question 4

Host-Based Anti-Virus

Answer 4

• Detect and remove computer viruses.
• not as effective
Other types of malware that they can prevent: keystroke loggers, Backdoors, Rootkits, Browser hijackers, Trojan horses, Ransomware
Prevents Malware via: Signature Based Detection, Heuristics, Behavioral Based Detection

Question 5

HIPS

Answer 5

• Host-Based Intrusion Prevention Systems
• Combines the capabilities of antivirus, antispyware, and personal Firewalls
• monitors host processes and services.
• To detect suspicious activity. HIPS uses: Signature-Based IPS, Anomaly-Based IPS, Any combination of the three

Question 6

Signature Alarm/Alert Categories

Answer 6

• False Positive - alert is generated, but not threat/benign
• False Negative - does NOT detect and report a real malicious activity.
• True Positive - correctly generates an alarm due to real malicious activity.
• True Negative - System does not generate an alarm, NO threat is present, Traffic is benign or non-intrusive.