9.3.6 Lab – Recommend Endpoint Security Measures
Objectives
- Part 1: Recommend Mitigation Procedures to Address Vulnerabilities
- Part 2: Recommend an Endpoint Protection Product for a New Network
Background / Scenario
To provide security, professionals typically implement a number of network security measures that work together in a layered security approach. Firewalls and other devices protect the network perimeter from attack; however, it is always possible that threats can elude these defenses. Therefore, it is not only necessary to protect the network perimeter, but also take action to protect individual network hosts from compromise. In this lab, you will read two case studies and recommend endpoint threat mitigations that are appropriate to address the exploits.
Required Resources
- Internet access
Instructions
Part 1: Recommend Mitigation Procedures to Address Vulnerabilities
You work on a security team for a manufacturing company. A new customer requires that, before the company can be granted the contract, it must comply with more stringent standards. A vulnerability assessment of the network was completed and a number of vulnerabilities were found, including the following endpoint security issues:
- The company uses supervisory control and data acquisition (SCADA) systems to monitor and control their manufacturing processes. The SCADA software runs on the Windows XP operating system.
- Critical systems allow the use of unknown USB media.
- Users can access the network with personal computing devices such as smartphones, tablets, and laptops.
- Users are able to freely browse the WWW, including known malware sites.
- Inconsistent anti-virus software installed on hosts, included legacy versions with unknown signature update status.
Using the material covered in this course and additional information that you locate on the internet, complete the table below.
| Issue | Recommendation |
|---|---|
| Out of date operating system versions | Update operating systems to latest supported versions. If applications are not compatible with new versions, isolate systems on their own network to prevent exploits. |
| Critical systems allow use of USB media | Activate malware scanning of USB media in endpoint protection software. |
| Use of personal computing devices on the network | Use Network Access Control to verify that systems that are logging on to the network comply with security policies regarding security and OS configurations. |
| Users are able to freely browse the WWW | Implement a web security appliance or other means of filtering web requests to known malicious websites. |
| Antivirus issues | Standardize on one security platform or system that manages antivirus software and signature updates. |
Part 2: Recommend an Endpoint Protection Product for a New Network
A friend has recently received venture capital funding for a promising new product. Rapid growth is predicted. He is opening a location for his startup and has asked you to help him with recommendations for endpoint security measures to implement in the new network.
Use your learning in the course and internet research to recommend a comprehensive endpoint security product. Keep in mind that the company is currently small, but will grow quickly. Provide reasons for your decision based on features of the product.
Record Your Chosen Product:
| Feature | Value |
|---|---|
| advanced malware protection | uses signature-based and behavior-based detection |
| free but upgradable to business edition | good for initial protection, if budget allows, can be upgraded to a more full-featured business version |
| scans email | scans incoming and outgoing emails for malware with use of Microsoft Outlook or Mozilla Thunderbird |
| scans data received from the web | can detect malicious scripts |
| software scan | looks for out-of-date applications that could be vulnerable |
| ransomware protection | prevents ransomware from modifying important data files |
| award-winning and well-reviewed | very popular, well-reviewed by credible sources such as AV-TEST Institute |