Module 22 Endpoint Protection Flashcards
Why are endpoints threats?
Malware, malicious software.
How to define endpoints?
Hosts on the network that can access or be accessed by other hosts in the network
Where do many attacks originate from - inside or outside the network?
Inside
What are the two internal LAN element to secure?
Enpoints and network infrastructure.
What is host based malware protection?
Endpoints, mobile devices can use host based antimalware software.
Antimalware programs use three diff techniques to detect malware?
Signature, heuristics-based and behavior based.
What is heuristics based
Recognizes general features shared by various types of malware
What is behavior based?
Employs analysis of suspicious behavior
What is signature based
Recognizes various characteristics of known malware files
Explain the host based firewall?
Restricts incoming and outgoing connections, it CAN prevent a host from being infected and stop hosts from spreading malware.
What are host based security suites?
Host based suite of security products. Anti-virus, anti-phishing, safe browsing, firewall, intrusion prevention sys, etc
What is network based malware protection?
AMP, ESA, WSA AND NAC
What is NAC?
Network Admission Control - permits only authorized system to connection to the network
What is ESA
Email Security appliance, provides filtering of SPAN and malicious emails.
What is WSA?
Web Security Appliance - provides filtering of websites and blacklisting
What is AMP
Advanced Malware protection - endpoint protection from viruses and malware. Good for public/private cloud
What are some examples of host based firewalls
Windows defender firewall, iptables for Linux, nftables (successor for iptables), TCP wrappers (access control and logging for Linux
What is nftables?
Linux firewall application that uses a virtual machine in a Linux Kernel
What is HIDS?
Host based Intrusion Deteciton
What does HIDS do?
Protects hosts against unknown and unknown malware. Combines antimalware and firewall functionality.
- detailed monitoring and reporting on system config and application activity
How does HIDS detect malware?
Signature detection, also policy and anomaly based.
What is policy based?
Violation of rules that are predefined. Violation of these rules causes a shutdown of software processes.
What is an attack surface?
Total sum of vulnerabilities in a given system that is accessible to an attacker.
What are components of the attack surface?
Network Attack Surface, Software Attack Service and Human Attack Service/
What is application blacklisting and Whitelisting
Limiting access to potential threats by creating a blacklist (apps not permitted to run on a computer), vs whitelist (apps that can))
Explain a sandbox
Place to test vulnerabilities
