Module 22 Endpoint Protection

Question 1

Why are endpoints threats?

Answer 1

Malware, malicious software.

Question 1

How to define endpoints?

Answer 1

Hosts on the network that can access or be accessed by other hosts in the network

Question 2

Where do many attacks originate from - inside or outside the network?

Answer 2

Inside

Question 3

What are the two internal LAN element to secure?

Answer 3

Enpoints and network infrastructure.

Question 4

What is host based malware protection?

Answer 4

Endpoints, mobile devices can use host based antimalware software.

Question 5

Antimalware programs use three diff techniques to detect malware?

Answer 5

Signature, heuristics-based and behavior based.

Question 6

What is heuristics based

Answer 6

Recognizes general features shared by various types of malware

Question 7

What is behavior based?

Answer 7

Employs analysis of suspicious behavior

Question 8

What is signature based

Answer 8

Recognizes various characteristics of known malware files

Question 9

Explain the host based firewall?

Answer 9

Restricts incoming and outgoing connections, it CAN prevent a host from being infected and stop hosts from spreading malware.

Question 10

What are host based security suites?

Answer 10

Host based suite of security products. Anti-virus, anti-phishing, safe browsing, firewall, intrusion prevention sys, etc

Question 11

What is network based malware protection?

Answer 11

AMP, ESA, WSA AND NAC

Question 12

What is NAC?

Answer 12

Network Admission Control - permits only authorized system to connection to the network

Question 13

What is ESA

Answer 13

Email Security appliance, provides filtering of SPAN and malicious emails.

Question 14

What is WSA?

Answer 14

Web Security Appliance - provides filtering of websites and blacklisting

Question 15

What is AMP

Answer 15

Advanced Malware protection - endpoint protection from viruses and malware. Good for public/private cloud

Question 16

What are some examples of host based firewalls

Answer 16

Windows defender firewall, iptables for Linux, nftables (successor for iptables), TCP wrappers (access control and logging for Linux

Question 17

What is nftables?

Answer 17

Linux firewall application that uses a virtual machine in a Linux Kernel

Question 18

What is HIDS?

Answer 18

Host based Intrusion Deteciton

Question 19

What does HIDS do?

Answer 19

Protects hosts against unknown and unknown malware. Combines antimalware and firewall functionality.
- detailed monitoring and reporting on system config and application activity

Question 20

How does HIDS detect malware?

Answer 20

Signature detection, also policy and anomaly based.

Question 21

What is policy based?

Answer 21

Violation of rules that are predefined. Violation of these rules causes a shutdown of software processes.

Question 22

What is an attack surface?

Answer 22

Total sum of vulnerabilities in a given system that is accessible to an attacker.

Question 23

What are components of the attack surface?

Answer 23

Network Attack Surface, Software Attack Service and Human Attack Service/

Question 24

What is application blacklisting and Whitelisting

Answer 24

Limiting access to potential threats by creating a blacklist (apps not permitted to run on a computer), vs whitelist (apps that can))

Question 25

Explain a sandbox

Answer 25

Place to test vulnerabilities