Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 13: Endpoint Security, image, image, image, image, image, image,…
Module 13: Endpoint Security
13.0 Introduction
13.0.1 Why Should I Take this Module?
The network has evolved to include traditional endpoints and new, lightweight, portable, consumerized endpoints such as smartphones, tablets, wearables, and others.
13.0.2 What Will I Learn in this Module?
Explain endpoint vulnerabilities and protection methods.
13.1 Endpoint Security Overview
13.1.1 LAN Elements Security
Various network security devices are required to protect the network perimeter from outside access.
Endpoints
Hosts commonly consist of laptops, desktops, servers, and IP phones which are susceptible to malware-related attacks.
Network infrastructure
LAN infrastructure devices interconnect endpoints and typically include switches, wireless devices, and IP telephony devices.
13.1.2 Traditional Endpoint Security
Historically, employee endpoints were company-issued computers which resided within a clearly defined LAN perimeter.
Antivirus/Antimalware Software
This is software that is installed on the local host to monitor and report on the system configuration and application activity,
Host-based IPS
This is software that is installed on a host that restricts incoming and outgoing connections to those initiated by that host only.
Host-based firewall
This is software installed on a host to detect and mitigate viruses and malware.
13.1.3 The Borderless Network
The network has evolved to include traditional endpoints and new, lightweight, portable, consumerized endpoints such as smartphones, tablets, wearables, and others.
13.1.4 Security for Endpoints in the Borderless Network
Larger organizations now require protection before, during, and after an attack.
13.1.5 Network-Based Malware Protection
New security architectures for the borderless network address security challenges by having endpoints use network scanning elements.
13.1.6 Hardware and Software Encryption of Local Data
Endpoints are also susceptible to data theft. For instance, if a corporate laptop is lost or stolen, a thief could scour the hard drive for sensitive information, contact information, personal information, and more.
13.1.7 Network Access Control
The purpose of network access control (NAC) is to allow only authorized and compliant systems, whether managed or unmanaged, to access the network.
Profiling and visibility
This recognizes and profiles users and their devices before malicious code can cause damage.
Guest network access
This manages guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal.
Security posture checking
This evaluates security-policy compliance by user type, device type, and operating system.
Incident response
This mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention.
13.1.8 NAC Functions
The goal of NAC systems is to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network.
13.2 802.1X Authentication
13.2.1 Security Using 802.1X Port-Based Authentication
The IEEE 802.1X standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports.
13.2.2 Control the 802.1X Authorization State
It may be necessary to configure a switch port to override the 802.1X authentication process.
13.2.3 802.1X Configuration
A PC is attached to F0/1 on the switch and the device is will be authenticated via 802.1X with a RADIUS server.
13.3 Endpoint Security Summary
13.3.1 What Did I Learn in this Module?
Introducing Endpoint Security
Traditionally endpoints included PCs, servers, and printers. However, in today’s network, endpoints also include phones, tablets, laptops, Internet of Things devices, network video cameras and many other things.
802.1X Authentication
802.1X provides a means by which authenticator network access switch can act as an intermediary between a client and an authentication server.
