Menu

3.2 Given a scenario, configure and implement endpoint security controls.

Hardening techniques

 Removing unneeded services

 Disabling unused accounts

 Images/templates

 Remove end-of-life devices

 Remove end-of-support devices

 Local drive encryption

 Enable no execute (NX)/execute never (XN) bit

 Disabling central processing unit (CPU) virtualization support

 Secure encrypted enclaves/memory encryption

 Shell restrictions

 Address space layout randomization (ASLR)

Processes

 Patching

  Firmware
  Application

 Logging

 Monitoring

Mandatory access control

 Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid)

 Kernel vs. middleware

Trustworthy computing

 Trusted Platform Module (TPM)

 Secure Boot

 Unified Extensible Firmware Interface (UEFI)/basic input/output system (BIOS) protection

 Attestation services

 Hardware security module (HSM)

 Measured boot

 Self-encrypting drives (SEDs)

Compensating controls

 Antivirus

 Application controls

 Host-based intrusion detection system (HIDS)/Host-based intrusion prevention system (HIPS)

 Host-based firewall

 Endpoint detection and response (EDR)

 Redundant hardware

 Self-healing hardware

 User and entity behavior analytics (UEBA)

Security Engineering and Cryptography

CASP+ Home