Module 13 Flashcards
Where do many attacks originate from?
Inside the network
Traditional host-based security measures
Antivirus/Antimalware Software
Host-based IPS
Host-based firewall
Antivirus/Antimalware Software
Installed on a host to detect and mitigate viruses and malware
Host-based IPS
Installed on the local host to monitor and report on the system configuration and application activity, provide log analysis, event correlation, integrity checking, policy enforcement, rootkit detection, and alerting
Host-based firewall
Installed on a host that restricts incoming and outgoing connections to those initiated by that host only
Spam filtering
Prevents spam emails from reaching endpoints
Blocklisting
Prevents endpoints from connecting to websites with bad reputations by immediately blocking connections based on the latest reputation intelligence
Data Loss Prevention (DLP)
Prevents sensitive information from being lost or stolen
Advanced Malware Protection (AMP)
Provides endpoint protection from viruses and malware
Email Security Appliance (ESA)
Provides filtering of SPAM and potentially malicious emails before they reach the endpoint
Web Security Appliance (WSA)
Provides filtering and blocking of websites to prevent hosts from reaching dangerous locations on the web
What does Cisco WSA provide?
Control over how users access the internet and can enforce acceptable use policies, control access to specific sites and services, and scan for malware
Network Admission Control (NAC)
Permits only authorized and compliant systems to connect to the network
What is susceptible to data theft?
Endpoints
NAC system capabilities
Profiling and visibility
Guest network access
Security posture checking
Incident response
Profiling and visibility
Recognizes and profiles users and their devices before malicious code can cause damage
Guest network access
Manages guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal
Security posture checking
Evaluates security-policy compliance by user type, device type, and operating system
Incident response
Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention
Cisco Identity Services Engine (ISE) combines?
AAA and network device profiling into a single system
How do network access devices function as the enforcement layer?
They force the clients to query for authentication and authorization. They can query other devices, such as an antivirus server, and reply to the network enforcers
What does IEEE 802.1X standard define?
A port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. It authenticates each workstation before making available any services offered by the switch or LAN
Supplicant (Client)
Workstation that requests access to LAN and switch services and then responds to requests from the switch. Workstation has to run 802.1X-compliant client software
Authenticator (Switch)
Controls physical access to the network based on the authentication status of the client
