DMD 141 - IT System Components

Week 5: - Endpoint Protection

- Vulnerability Scanning

Course Coordinator: - Essam Osaisi

- [email protected]
 Endpoint Protection Outline

▸ Definition of Endpoint Protection

▸ Devices Classified as an Endpoints
▸ Risks of Not Implementing Endpoint Security in Any Network.
▸ Types of Endpoint Protection
▸ Elements of Endpoint Protection Software
▸ Ways to Improve The Effectiveness of Endpoint Security
 Definition of Endpoint Protection

▸ Endpoint security, or endpoint protection refers to securing endpoints such as

desktops, laptops, and mobile devices, from cybersecurity threats.

▸ Endpoints can create entry points to organizational networks which cybercriminals

can exploit. Endpoint security protects these entry points from malicious attacks.
 Devices Classified as an Endpoints

✓ Laptops
✓ Tablets
✓ Desktop computers
✓ Mobile devices
✓ Internet of Things devices
✓ Wearables
✓ Digital printers
✓ Scanners
✓ Point of sale (POS) systems
✓ Medical devices
Risks of Not Implementing Endpoint Security
in Any Network.

▸ Unauthorized access to endpoints

▸ Unplanned downtime (i.e. unavailability)
▸ Sensitive Data theft
▸ High rate of valuable data loss
▸ Reduced income for all employees of such organization
▸ Uncertain growth of business.
▸ Failure of the network.
 Types of Endpoint Protection

1) Internet of Things Security: Software that protects IoT devices is one of the most
important types of endpoint security for enterprises. The more IoT devices you have,
including ones operated by customers that may interface with your network the more
thorough you have to be when it comes to your security fabric. Each one could be
used as an access point to your digital assets.
2) Network Access Control: NAC focuses on managing which users and devices gain
access to your network, as well as what they do and which segments, they interact
with.
 Types of Endpoint Protection (Cont.)

3) Data Loss Prevention: DLP strategy focuses on ensuring that your most secure
data resources are protected against exfiltration. One of the best ways to safeguard
these assets is to keep employees informed about phishing tactics, as well as
installing antimalware to prevent data loss from malicious programs hackers install on
your endpoints.
4) Insider Threats Protection: Insider threats come from those within your
organization. Controlling who has access to which area of your network, monitoring
what they are doing, and ensuring all sessions are properly terminated can protect
your endpoints.
5) Uniform Resource Locator Filtering: (URL) filtering involves blocking potentially
malicious websites so internal users cannot access them. This is often accomplished
using either a hardware or software firewall.
 Types of Endpoint Protection (Cont.)

6) Cloud Perimeter Security: Cloud perimeter security in endpoints involves protecting

your cloud resources from devices and users that can access them. You can use a
cloud firewall to control which people and devices have access to your cloud
resources. You can also use cloud-based web filtering tools.
7) Endpoint Encryption: Endpoint encryption secures the data on your devices by
ensuring anyone who does not have a decryption key cannot read it. This works for
many types of endpoints, providing worry-free browsing and downloading and even
access to sensitive financial information.
 Elements of Endpoint Protection Software

1. Machine-learning to detect zero-day threats.

2. An integrated firewall to prevent hostile network attacks.
3. An email gateway to safeguard against phishing and other social engineering attempts.
4. Insider threat protection to guard against threats from within the organization, either
malicious or accidental.
5. Advanced antivirus and anti-malware protection to detect and remove malware across
endpoint devices and operating systems.
6. Proactive security to facilitate safe web browsing.
7. Endpoint, email, and disk encryption to protect against data exfiltration.
 Ways to Improve The Effectiveness of Endpoint
Security

I. Endpoint Security Awareness for Users: Organizations should enhance the

learning of all users from top management to the least management level by training
all employees on how to support the achievement of endpoint security through the
use of endpoint systems.
II. Enforcement of Acceptable Use Policy (AUP) on all Endpoints: (AUP) is a set of
instructions or guidelines that guard against abusive use of endpoints in an
organization. If an organization does not enforce the AUP on all users, endpoints
may be compromised and used as a jump-off point to other sensitive endpoints
within the network.
 Ways to Improve The Effectiveness of Endpoint
Security (Cont.)

III. Practice Least-Privilege Access on Endpoints: Organizations should practice

assigning only the privilege or user right that is needed by each user to perform
his/her duty on the endpoint. This limits the chances of trust exploitation on
endpoints.
IV. Schedule regular software updates on all endpoints: With respect to the
vulnerabilities that are found in operating systems and application software, it is now
imperative to ensure that all software operating on each endpoint are well updated to
the latest security patch or version. This can be achieved by downloading latest
version directly from the vendor’s website (standalone model) or a central server of
the organization (client/server model).
 Ways to Improve The Effectiveness of Endpoint
Security (Cont.)

V. Disable unused services on all Endpoints: Before any attack is launched,

preliminary “stealth-mode” or “silent” checks are done to provide information on
services that are active on an endpoint. This check is referred to as “Port Scanning”
and “Packet Sniffing”. This is a powerful step that usually precedes most successful
attacks. With these wealth of useful information about an endpoint, an attacker is
aware of the unprotected port through which an endpoint can be compromised.
Therefore, disable all unused services on all endpoints and in some cases, do not
install irrelevant or unneeded application on endpoints.
 Ways to Improve The Effectiveness of Endpoint
Security (Cont.)
VI. Place all endpoints in positions where intruders cannot reach them: In
corporate environments, securing workstations physically by deploying access-
controlled doors, surveillance cameras, security agent to man sensitive points,
security signage, among others physical protective measures are helpful ways of
improving the effectiveness of endpoint security.

VII. Use Reputable Anti-virus Software on all endpoints and ensure they are
actively running background scan: This will protect the endpoints from malware,
viruses, worms among other threats that could infect the system via network
interface or mobile storage devices (flash, external hard disk drives, CD/DVD-ROM,
etc)
 Ways to Improve The Effectiveness of Endpoint
Security (Cont.)
VIII.Ensure that the host-based firewall program is always active on all network
adapters on the endpoint: This will provide a reliable protection on the endpoint
from any threat(s) that may attempt infecting them via the network.

IX. End users should practice the use of lengthy and complex passwords and
regular change of passwords: Complex passwords that are generated from the
combination of alphanumeric and special characters such as : d@$$w07D,123^_ ,
Passwords should be changed regularly to prevent password compromise.
 Vulnerability Scanning
▸ What Is Vulnerability Scanning

▸ How Does Vulnerability Scanner Work?

▸ Types of Vulnerability Scanner

▸ Vulnerability Scanning vs Penetration Testing

▸ Vulnerability Scanning Challenges

 What Is Vulnerability Scanning

➢ Vulnerability scanning, also commonly known as ‘vuln scan,' is an

automated process of proactively identifying network, application, and
security vulnerabilities.

➢ Vulnerability scanning is typically performed by the IT department of an

organization or a third-party security service provider.

➢ This scan is also performed by attackers who try to find points of entry into
your network.
 How Does Vulnerability Scanner Work?

➢ A vulnerability scanning service uses piece of software running from the

standpoint of the person or organization inspecting the attack surface in
question.

➢ The vulnerability scanner uses a database to compare details about the

target attack surface.

➢ The database references known flaws, coding bugs, packet construction

anomalies, default configurations, and potential paths to sensitive data that
can be exploited by attackers.
 How Does Vulnerability Scanner Work?
(Cont.)

➢ After the software checks for possible vulnerabilities in any devices within
the scope of the engagement, the scan generates a report. The findings in
the report can then be analyzed and interpreted in order to identify
opportunities for an organization to improve their security posture.
 Types of Vulnerability Scanner

1. Network-based vulnerability scanners

2. Agent-based vulnerability scanners
3. Web-application vulnerability scanners
 1- Network-based vulnerability scanners

➢ Network vulnerability scanners are so called because they scan your systems
across the network, by sending probes looking for open ports and services, and then
probing each service further for more information, configuration weaknesses or
known vulnerabilities.

➢ The way this works can differ, you might install a hardware appliance inside your
network, or deploy a virtual appliance on a virtual machine, and then run scans from
that machine against all others on the network.
 1- Network-based vulnerability scanners
(Cont.)
➢ One obvious benefit of network vulnerability scanners is that they can be quick to
set up, simply install your scanner and get scanning. They can quickly become more
complicated when it comes to maintenance though, keeping appliances up to date,
and keeping them in-step with changes on your network.

➢ There are two types of Network scanning:

1. External Network Scanning: Scanning the system from outside “untrusted internet
address which is outside of any of your organization's private networks”.

2. Internal Network Scanning: Find weaknesses on systems which do not expose ports or
services to the internet.
 2- Agent-based Vulnerability Scanners

➢ Agent-based scanning is performed by installing lightweight software scanners on

each device to be covered, which can run local vulnerability scans and report back
to a central server with the results
 3- Web-application vulnerability scanners

➢ Web application vulnerability scanners are a specialized type of vulnerability

scanner which focus on finding weaknesses in web applications and websites.

➢ Traditionally, they work by ‘crawling’ through a site or application in a similar way as

a search engine would, sending a range of probes to each page or form it finds to
look for weaknesses.
 Vulnerability Scanning vs Penetration Testing

✓ A vulnerability scan is an automated search for known vulnerabilities. A number of

different vulnerability scanners exist, and they operate by searching for signatures of
known vulnerabilities or common security errors (such as the use of weak passwords).
These scans are typically designed to find high-level weaknesses within an organization’s
applications and IT infrastructure.

✓ A penetration test is an assessment of an organization’s cybersecurity by a human

operator or team. This provides a more in-depth assessment because the penetration
testers will actually exploit identified vulnerabilities, enabling them to gain additional
access to the target network and identify internal issues in the network. Additionally,
penetration testers can test potential attack vectors outside the scope of a vulnerability
assessment, such as social engineering and phishing attacks.
 Vulnerability Scanning Challenges
1. A scan only represents a moment in time: Most scans are “snapshots,” not
continuous. Because your systems are changing all the time, you should run scans
regularly as your IT ecosystem changes

2. A scan may need human input or further integrations to deliver value:

Although the scanning process itself is easily automated, a security expert may still
need to review the results, complete remediation, and follow-up to ensure risks are
mitigated
 Vulnerability Scanning Challenges (Cont.)
3. A credentialed scan may require many privileged access credentials:
Depending on how thorough a scan is desired. Therefore automating management
and integration of these credentials with scanner should be considered to maximize
both the depth of the scan, and privileged access security.

4. A scan only identifies known vulnerabilities: A vulnerability scanning tool is only

as good as its database of known faults and signatures. New vulnerabilities emerge
all the time, so your tool will need to be continually updated.
 References

▸ Chandel, S. et al. (2019) “Endpoint protection: Measuring the effectiveness of

remediation technologies and methodologies for insider threat,” 2019 International

Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery

(CyberC) [Preprint].

▸ 61dd9339d05701dde50b33e5_The Ultimate Guide to Vulnerability

Scanning_Intruduction
Thank You