Endpoint Security PDF

Summary

This document provides an overview of endpoint security. It discusses various aspects of endpoint security, including the definition of endpoints and the devices that can be considered an endpoint. It also elaborates on the importance of endpoint security in a network and different threats that an endpoint faces.

Full Transcript

Endpoint Security
 Why Endpoint Security ?

Times are changing, networks are becoming more borderless, network
attacks are now more strategic and targeted at specific endpoints,
security threats and risks are increasing enormously therefore
information security on endpoints must become more sophisticated and
effective to combat these recent security concerns.

How then can this be achieved?
Outline

✓ Defining & Identifying common Endpoints in Information Networks

✓ Importance of Endpoint Security in an Information Network

✓ What is an Endpoint Protection Platform?

✓ Identifying common security threats & attacks which call for Endpoint security

✓ Identifying Risks of not implementing Endpoint Security in any Information Network.

✓ Ways to improve the effectiveness of Endpoint Security
 Defining & Identifying Common Endpoint
Devices In Information Networks.
Endpoint devices are electronic machines or any ICT gadgets which has the
intelligence of integrating a user to a network in order to access available
network resources.

Although, many mobile devices acting as endpoints now render almost all
networks borderless which increases the vulnerability, security risks,
accessibility among other features.

In short, Today every endpoint is a potential entry point for the hackers.

ICT gadget is a small, portable device that you can use for
various tasks related to information and communication
technology (ICT)
Defining & Identifying Common Endpoint Devices In
Information Networks (Cont’d)
Examples of endpoint devices are: PCs (Desktop, laptops, etc.), Tablets, Ipads,
Notebooks, IoT-enabled smart devices, Wearables, such as smartwatches, ATM machines,
Industrial machines, Printers, Servers, mobile phones & other PDAs.

The goal of using endpoint devices is to deliver services to end users in such a
manner that the end user remains unaware of whether the service is located
and managed locally or in the cloud (i.e. remote location).
Importance of Endpoint Security In An
Information Network

Endpoint security can be deployed as a client/server or standalone
information security (IS) on each device on the network by monitoring
status and controlling operations, processes, host-services and other
network related activities of each host that is protected.

The importance of protecting endpoints in an information network is to
ensure that network resource availability, privacy, integrity, reliability and
many other business goals are sustained.
In network security, securing endpoints is: protecting all network hosts
from all network attacks which are not limited to physical damage, device
theft, data theft, viruses, worms, Trojan, ransomware, malwares, spywares,
zero-day and so on.
The ultimate goal of this security is corporate network protection which
translates to Business profitability.
 What is an Endpoint Protection Platform?
Endpoint protection platforms (EPPs)
provide the facility to deploy agents or
sensors to secure managed endpoints,
including desktop PCs, laptop PCs, servers
and mobile devices.
EPPs are designed to prevent a range of
known and unknown malicious attacks. In
addition, they provide the ability to
investigate and remediate any incidents that
evade protection controls.
EPPs ensure the “CIA” in networks.
Identifying Common Security Threats & Attacks Which
Call For Endpoint Security.
Recently, network security threats and attacks have been reported to be more tactical
and sophisticated. Unfortunately, many security breaches have been reported to have be
sourced from the trusted/internal networks simply because users have higher privilege
levels and access to sensitive resources on the network with little or no security
restrictions.

This makes trusted endpoints become main targets for attackers. So, a successful
compromise of an endpoint in a financial institution could result to a catastrophic end of
such organization if no remedy is implemented rapidly.
Identifying Common Security Threats & Attacks
Which Call For Endpoint Security (Cont’d)

Endpoints can be compromised as the primary point of infiltration (Jump-off) in to
the network. After an endpoint has been successfully compromised, its trust is
exploited to gain access to other sensitive resources in the network as shown in
the scenario above.
 Identifying Common Security Threats & Attacks
Which Call For Endpoint Security (Cont’d)
Based on this, attackers from the untrusted networks make efforts to compromise
internal endpoints, users (people) among other resources in the network to launch their
attacks successfully.
Note: There is no successful attack from outside a network without the influence of an
internally trusted network resource. Successful compromise of an endpoint frustrates the
user’s productivity.
 Identifying Common Security Threats & Attacks
Which Call For Endpoint Security (Cont’d)
Denial of Service (DoS) Packet Sniffing

Man-in-the Middle / Eavesdropping Trojan Horse
Identifying Common Security Threats & Attacks
Which Call For Endpoint Security (Cont’d)
Other kinds of network security threats and attacks are:
- Zero-day Attack
- Spoofing
- Password exploitation
- Port scanning
- Social Engineering, etc.
Identifying Risks of Not Implementing Endpoint
Security In Any Network.
Any information network is exposed to the following risks when endpoint
security is not implemented:
- Unauthorized access to endpoints
- Unplanned downtime (i.e. unavailability)
- Sensitive Data theft
- High rate of valuable data loss to the business as a whole
- Reduced income for all employees of such organization
- Uncertain growth of business.
- Failure of the network.
- Business failure.
 Match each Risk to CIA
Risk CIA Component
Unauthorized access to endpoints Confidentiality
Unplanned downtime (i.e., unavailability) Availability
Sensitive data theft Confidentiality
High rate of valuable data loss to the business or altered Integrity & Confidentiality
Failure of the network Availability
Business failure Availability
Securing Endpoints
Ways To Improve The Effectiveness of Endpoint Security
There are several techniques that have been developed to provide effective
Endpoint Security and some of these are as shown in the console suite below:
Ways To Improve The Effectiveness of Endpoint Security
(Cont’d)
In order to improve Endpoint Security, there are a couple of goals that must be achieved.
Some of which are common and focused on the administration and end users, while others
are technical related (that is logical network).

1. Identify your Endpoint devices
The first step you should take to secure endpoints
is cataloging and assessing vulnerabilities. Once
you have this data, you can enable network
access only to the approved devices and prioritize
the most risky and sensitive endpoints.
Keep in mind that any endpoint in the network
demands protection.
Ways To Improve The Effectiveness of Endpoint Security
(Cont’d)
In order to improve Endpoint Security, there are a couple of goals that must be achieved.
Some of which are common and focused on the administration and end users, while others
are technical related (that is logical network).

2. Ensure the secure boot of your Endpoint devices
The booting process on early personal computers,
both Apple Mac and Windows PC, used firmware
called the BIOS (Basic Input/Output System).
The BIOS was a chip integrated into the computer’s
motherboard.
To add functionality, an improved firmware interface
was developed to replace the BIOS Known as UEFI
(Unified Extensible Firmware Interface), it provides
several enhancements over BIOS.
 Ways To Improve The Effectiveness of Endpoint Security
(Cont’d)
3. Harden Endpoints
After boot security has been established and the endpoints have been protected, the next step is to harden the endpoints
for further protection. Hardening endpoints involves patch management and OS protections.

Patch Management: One of the most important steps in securing an endpoint computer is to promptly install patches.
Patch Distribution: Modern operating systems—such as Red Hat Linux, Apple mac OS, Ubuntu Linux, and Microsoft
Windows—frequently distribute patches.
Ways To Improve The Effectiveness of Endpoint Security
(Cont’d)

4. Endpoint Security Awareness for Users

Organizations should enhance the learning of
all users from top management to the least
management level by training all employees on
how to support the achievement of endpoint
security through the use of endpoint systems.
Ways To Improve The Effectiveness of Endpoint
Security (Cont’d)
5. Enforcement of Acceptable Use Policy (AUP) on all Endpoints.
Acceptable Use Policy (AUP) is a set of instructions or guidelines that guard against abusive
use of endpoints in an organization.
If an organization does not enforce the AUP on all users, endpoints may be compromised and
used as a jump-off point to other sensitive endpoints within the network.
AUPs may differ from organization to organization as it depends on the top management’s
decision with respect to the business requirements.
For instance; AUP of an organization may guard against internet accessibility during official
hours while another organization’s AUP may allow the use of internet connectivity during
official hours to support users productivity.
Ultimately, careful creation AUP and its enforcement is now very important in most
organizations today.
Ways To Improve The Effectiveness of Endpoint Security (Cont’d)
6. Practice least-privilege access on Endpoints
Organizations should practice assigning only the privilege or user right that is needed by each
user to perform his/her duty on the endpoint. This limits the chances of trust exploitation on
endpoints.

In the scenario at the right view of
this page, trust exploitation fails
when least-privilege is practiced on
endpoints.
This limits an attack to only the
endpoint that is compromised.
By this technique, the severity of
the damage caused is reduced and
remedied easily when detected.
Ways To Improve The Effectiveness of Endpoint
Security (Cont’d)
7. Disable unused services on all Endpoints.
Before any attack is launched, preliminary “stealth-mode” or “silent” checks are done to
provide information on services that are active on an endpoint. This check is referred to as
“Port Scanning” and “Packet Sniffing”. This is a powerful step that usually precedes most
successful attacks.
With these wealth of useful information about an endpoint, an attacker is aware of the
unprotected port through which an endpoint can be compromised.
Therefore, disable all unused services on all endpoints and in some cases, do not install
irrelevant or unneeded application on endpoints.
Ways To Improve The Effectiveness of Endpoint
Security (Cont’d)
A typical result of port scan and packet sniffing provide information on: service name, port
number, IP addresses, operating system (OS), OS version, etc. as shown in the snapshots
below:

Port Scan Result
Packet Sniffing Result
Ways To Improve The Effectiveness of Endpoint Security
(Cont’d)
8. Install Endpoint Protection Toolkit on all endpoints.
This should be placed on high priority on all endpoints. There are many vendors of
Endpoint Protection toolkit that are available. The toolkit provide a console which grant
access to several protection options which are as shown:
Ways To Improve The Effectiveness of Endpoint
Security (Cont’d)
9. Place all endpoints in positions where intruders cannot reach them.
In corporate environments, securing workstations physically by deploying access-controlled
doors, surveillance cameras, security agent to man sensitive points, security signage, among
others physical protective measures are helpful ways of improving the effectiveness of
endpoint security.

10. Use Reputable Anti-virus/Anti-malware Software on all endpoints and ensure
they are actively running background scan.
This will protect the endpoints from malware, viruses, worms among other threats that could
infect the system via network interface or mobile storage devices (flash, external hard disk
drives, CD/DVD-ROM, etc)
Ways to improve the effectiveness of Endpoint
Security (cont’d)
11. Ensure that the host-based firewall program is always active on all network
adapters on the endpoint.
This will provide a reliable protection on the endpoint from any threat(s) that may
attempt infecting them via the network.

Host Intrusion Detection Systems
(HIDS): is a software-based
application that runs on an
endpoint computer and can
detect that an attack has
occurred.
 Ways to improve the effectiveness of Endpoint
Security (cont’d)

Host Intrusion Prevention Systems (HIPS): As its
name implies, an intrusion prevention system not
only monitors to detect malicious activities but
also attempts to stop them.

When a HIPS blocks action, it then alerts the
user so an appropriate decision about what to
do can be made.
Ways to improve the effectiveness of Endpoint
Security (cont’d)

12. Securing storage devices.
Encrypt files on removable media to ensure
data confidentiality
On windows 10 or higher, you can use
Bitlocker, it allows you to encrypt files using
a software encryption

Use Network Attached Storage NAS ( big
hard drive) Storage device that connect
directly to your network to ensure availability
Ways to improve the effectiveness of Endpoint
Security (cont’d)

13. Data Loss Prevention systems (DLPS)
Hardware or software solutions that
monitors the data of a system while in use in
transit or at rest to detect attempts to steal
the data.
Endpoint DLP system: software that’s
installed on a workstation to monitor the
data in use on this device if someone tries to
do a file transfer it can stop this transfer or
alert the admin based on certain rules and
policies
Ways to improve the effectiveness of Endpoint
Security (cont’d)

14. End users should practice the use of lengthy and complex passwords and regular
change of passwords.
Complex passwords that are generated from the combination of alphanumeric and
special characters such as : d@$$w07D,123^_

Passwords should be changed regularly to prevent password compromise.

Note that user passwords should be lengthy to between 10 - 15 characters but this range is
dependent on the domain policy.

Use multi-factor (Username, Password, OTP, etc) authentication method
to login to your endpoint device.
 Summary

Basically, protecting any device that has the ability to integrate an authorized user into an information
network can be called endpoint security.
Endpoint security is now very important in today’s network due to the high rise in network security
attacks.

Endpoint security is not limited to logical/network protection alone, it also focuses on physical protection
of the user’s system from damage, theft and other physical factors that could result to unavailability of
the system to its user at the desired time.

Hardening the functionalities of an endpoint by reducing or eliminating all known risks and vulnerabilities
in order to prevent any security compromise is also referred to as endpoint security.

*** Important Note ***
Endpoint Security cannot all alone prevent security attacks,
it is meant to complement the other network security
measures.