Endpoints

Transcript

1. Endpoint & Device Security: From Antivirus to Mobile Protection Antivirus/EDR,

   Patch Management, Configuration Hardening, and Mobile Security

2. Lesson Outcomes • Understand how Antivirus and EDR protect endpoints

   • Recognize the importance of patch management & secure configurations • Apply mobile security best practices in corporate environments • Gain hands-on practice with key security tools

3. What is Endpoint Protection? • Endpoints = laptops, desktops, servers,

   mobile devices • Threats: Malware, ransomware, trojans, spyware • Solutions: Antivirus (AV), Anti-malware, EDR

4. Antivirus vs EDR • Antivirus: Signature-based detection, quarantines known malware

   (Example: ClamAV) • EDR: Real-time monitoring, detects unknown/fileless attacks, forensic data & auto-response

5. Hands-on Demo: ClamAV • Install: sudo apt install clamav •

   Update signatures: freshclam • Scan directory: clamscan -r --bell -i /home/user/ • Detects EICAR test file

6. Practical Tools for Endpoint Analysis • file <filename>: Identify file

   type • strings <filename>: Extract readable strings • Detect suspicious API calls, IPs, domains

7. Activity: Using strings & file • file suspicious.exe • strings

   suspicious.exe | less • Look for domains, DLL imports, embedded passwords

8. Why Patch Management Matters • 60–70% of breaches = unpatched

   vulnerabilities • Example: WannaCry (2017) exploited Windows SMB • Patching closes known attack doors

9. Configuration Hardening • Default settings are insecure • Disable unused

   services, enforce least privilege • Strong authentication policies, file integrity monitoring

10. Hands-on Demo: enum4linux • Command: enum4linux -a 192.168.1.10 • Outputs:

    SMB shares, user accounts, password policies, misconfigurations

11. Patch Management Best Practices • Centralized patching (WSUS, SCCM, Ansible)

    • Test before deploying • Automate updates • Maintain asset inventory

12. Mobile Devices in the Enterprise • Common endpoint for corporate

    access • Risks: loss/theft, rogue Wi-Fi, malicious apps • BYOD challenges

13. Best Practices for Mobile Security • Enforce device encryption •

    Use Mobile Device Management (MDM) • Remote wipe capability • Strong PIN/biometric policies • Containerization (work/personal data separation)

14. Mobile Threat Landscape • Malware in third-party app stores •

    Smishing (SMS phishing) • Rogue Wi-Fi access points • Rooted/jailbroken devices

15. Case Study: Corporate Data Breach • Employee lost unencrypted phone

    • Cached corporate emails accessed by attacker • Prevention: MDM + remote wipe

16. Defense-in-Depth • Antivirus/EDR = detect & respond • Patching &

    hardening = reduce attack surface • Mobile security = protect mobile workforce • Layered defense = resilience

17. Hands-On Recap • file & strings → Basic malware analysis

    • ClamAV → Antivirus scanning • enum4linux → Misconfig discovery

18. Key Takeaways • Antivirus/EDR stop endpoint threats • Patch &

    harden systems to prevent exploitation • Mobile devices = corporate endpoints too • Security = continuous process, not one-time

19. Final Thought • Cybersecurity is not about eliminating all risk—it’s

    about managing risk through layered defense and continuous vigilance