Removing points of vulnerability for hosts and networks is referred to as hardening. SCEP (System Center Endpoint Protection) plays a role in hardening through malware detection and the ability to detect abnormal host and network activity.
- [Instructor] Sometimes, taking steps ahead of time can reduce problems later down the road, and in this video, we're going to talk about that. We're going to discuss hardening. Hardening reduces the attack surface of a system whether we're talking about a host or an entire network. What we're really talking about doing is reducing the number of vulnerabilities available for exploit by malicious users. And in this day and age with cloud computing, hardening applies not only to our On-Premises systems and devices, but also to anything that we've deployed in the cloud, like Virtual Machines.
So we're really talking about hardening both hardware and software, things like physical as well as virtual machines. So many malware infections then are preventable because had we gone through proper hardening techniques, we could have potentially have prevented machines from being infected in the first place. Hardening techniques that we use though will really vary depending on the solutions that we're using in our environment. Keven Mitnick is probably the most famous of social engineering experts and hackers, and from his book, The Art of Intrusion, there was a quote that says, "Every time some developer says, 'Nobody will go to the trouble of doing that,' there's some kid in Finland who will go to the trouble." And this is great because it feeds us reasons why we should be hardening.
Even though we might not think that we're a target individually or as an enterprise, we really need to take precautions, and that's really what hardening is about, doing it ahead of time. So part of hardening is following best practices for pretty much any type of IT system. User awareness and training. For example, making sure that users are aware they shouldn't be clicking on file attachments in email messages that they weren't expecting. Principle of least privilege which states that we don't grant privileges beyond what's needed to complete a task. The disabling of unnecessary components and user accounts.
Also having an intrusion and detection prevention system to detect abnormal activity. This is also part of what's built in to the network inspection system component built into System Center Endpoint Protection. Then there are firewalls that can be used for hardening, where they should be configured to block all traffic by default, and then we make allowances or exceptions for things that should be allowed. Now that's not to say that the firewall itself will block malware, because often that's not the case. We still need it on all of our endpoints.
Then we also have the option of configuring things like multifactor authentication to make it harder for a hacker to crack something as simple as just a username and a password. This can also be used to authenticate one machine to another. And then of course we should be encrypting data in transit over the network as well as data at rest on storage media. All of these lend themselves to a layered defense approach in addition to using anti-malware solutions. Firmware updates can also be applied to hardware like routers and switches and IoT devices, which are notorious for not being updateable in the first place.
Physical security can also prevent physical security breaches in the form of things like locked doors, alarm systems, and lockdown cables. Now let's get into the software side where System Center Endpoint Protection really comes into play. Now when we talk about hardening software, we're talking about the operating system itself, drivers, and applications. So we should be changing default configurations and applying patches as well as tracking that those patches were applied successfully.
Now this would definitely be important to make sure that the System Center Endpoint Protection client or engine itself is patched, as well as having the latest virus signature databases. Having centralized logging lets us easily track from a central location how things are doing, whether patches were applied or whether they were not. So in summary, hardening means that we are reducing the attack surface, or reducing the amount of vulnerabilities, and it can proactively reduce malware infections.
Now the techniques will be different depending on what you're using in your environments, but certainly a part of that is using System Center Endpoint Protection with a CCN to centrally make sure that we prevent malware infections from occurring in the first place.
- Malware types
- Getting Endpoint Protection up and running
- Deploying the SCEP Windows client
- Removing malware on a SCEP client
- Configuring custom policies
- Planning an update strategy
- Windows firewall settings
- Using PowerShell cmdlets for monitoring