Endpoint Security
Transcript
Hello, my name is Malusi Faith and I am your instructor for week 3. In the second topic of Week 3, we will look at Endpoint Security. However, before we begin, it is important to understand what we mean when we talk about an endpoint.
The term endpoint can be defined in many ways. However, contextually, we can call any device on a network that can be accessed by another device as an endpoint. If a device is connected to a network, it is considered an endpoint. With the growing popularity of Bring Your Own Device policy that allows employees to bring their own devices for use in the organization or institution and IoT which is the Internet of Things, the number of individual devices connected to an organization’s network can quickly reach into the tens or even hundreds of thousands.
Endpoints are usually the easiest entry points for threats and malware and as such they are a favorite target for malicious people. Endpoints can range from the more commonly thought of devices such as laptops, tablets, mobile devices, computers, printers, servers to smart watches, smart devices such as light bulbs, car sensors, cameras, pacemakers, and even your smart refrigerator. As the different types of endpoints have evolved and expanded, the security solutions that protect them have also had to adapt.
There are many ways to secure endpoints, and in this case we’ll talk about the more predominant devices like our computers, laptops and mobile phones. Typically, endpoint security software, especially in an organizational environment will include these key components:
- Advanced antimalware and antivirus protection to protect, detect, and correct malware across multiple endpoint devices and operating systems
- Proactive web security to ensure safe browsing on the web
- Data classification and data loss prevention to prevent data loss and exfiltration by malicious actors
- An Integrated firewall to block hostile network attacks
- Email gateway to block phishing and social engineering attempts targeting your employees
- Insider threat protection to safeguard against unintentional and malicious actions
- Endpoint, email and disk encryption which helps prevent data exfiltration
However, in this course, we’ll focus more on techniques that work really well for individuals as well as in a simple school network. These techniques are:
- Antimalware Software
- Host-Based Firewalls
Antimalware Software
We will begin with Antimalware software which is commonly referred to as an Antivirus. This is software that is installed on a device to detect and mitigate viruses and malware. Malware is a broad term, which comes from the combination of the words ‘malicious software’, that is used to describe all kinds of malicious or unwanted software. Common types of malware include:
- Viruses which are a piece of malicious code capable of copying or multiplying itself, thereby deleting data, stealing data, and corrupting or crashing the system.
- Trojans which is Malware disguised as legitimate software, but it performs illicit activities such as stealing passwords, deleting data when a user runs it.
- Keyloggers which is a Spyware that records keystrokes made by a computer user in order to fraudulently access confidential data such as passwords, bank account details, etc.
- Ransomware which Locks down your system or displays threatening messages to force you to pay a ransom to the attacker to regain access.
- And finally Worms which harm host networks by self-replicating to overload web servers and consume large amounts of bandwidth.
Antivirus solutions are usually installed on individual devices such as desktops, laptops and smartphones as well as on servers. They normally run constantly in the background and conduct periodic scans of device directories and files for malicious patterns which may indicate the presence of malware.
Since new malware is developed every day, antivirus software vendors constantly update their existing databases; it is these updates that pop up as notifications on your screen.
It is important to note that, if you don’t keep your antivirus software up to date, it will continue to rely on old virus definitions and will fail to detect new viruses, making you more prone to attacks. Additionally, antiviruses offer additional services such as:
- Web protection: Helps to keep your online browsing sessions and downloads from the internet safe by blocking bad results or warning you when you are about to visit a malicious web page.
- Threat identification: Identifies various types of malware.
- File quarantine: Removes or isolates infected files depending upon the severity of damage.
- Alerts and notifications: Notifies you about periodic scans and updates as well as sending alerts about infected files and potentially malicious software.
- Automatic updates: Provides remote updates about virus scan rules to keep the software upto-date and capture new viruses and threats.
Antivirus software is usually available as a stand-alone solution or as one component of an endpoint protection platform. There is a wide range of antivirus software available on the market. Examples are Windows Defender Virus & Threat Protection which comes preinstalled in all Windows Operating Systems, Kaspersky Antivirus, Bitdefender Antivirus Plus, Norton Security, McAfee, Trend Micro, and many others.
Host-Based Firewalls
Next we will look at firewalls and in particular Host-Based firewalls. This is a software that’s installed on an endpoint, usually a server or a laptop or computer that restricts incoming and outgoing connections to and from the device. Basically, firewalls work as a filtration system for the data attempting to enter or leave your computer or network. Firewalls can scan network traffic for malicious code or attack vectors that have already been identified as established threats and should a packet be flagged and determined to be a security risk, the firewall prevents it from entering the network or reaching your computer.
Firewalls are customizable depending on your needs. This means that you can add or remove filters based on several conditions. Some filters include specific IP addresses, websites, or even specific words and phrases. For example, you could instruct the firewall to block any traffic with the word “X-rated” in it. The key here is that it has to be an exact match. The “X-rated” filter would not catch “X rated” keyword because it lacks a hyphen. But you can include as many words, phrases and variations of them as you need. Whether installed completely on the host or distributed, host-based firewalls are an important
layer of network security along with network-based firewalls. Here are some examples of host based firewalls:
- First we have the Windows Defender Firewall. First included with Windows XP, Windows Firewall (now Windows Defender Firewall) uses a profile-based approach to firewall functionality. Access to public networks is assigned the restrictive Public firewall profile. The Private profile is for computers that are isolated from the internet by other security devices, such as a home router with firewall functionality. The Domain profile is the third available profile. It is chosen for connections to a trusted network, such as a business network that is assumed to have an adequate security infrastructure. Windows Firewall has logging functionality which can be used to log traffic.
- Secondly we have the UFW which stands for (Uncomplicated Firewall) – This is a simple application that allows Linux system administrators to configure network access rules.
- Finally, for devices that run Mac OSs, we have the Mac OS X Firewall – This is a built in firewall in macOS devices. By default it is not turned on, therefore it would be prudent to enable it on your device.
Now that we have looked at how antivirus software and firewalls work, it is now up to you to employ the use of these tools on your devices, to ensure that your data and information remain safe.