Endpoint Security Basics
Decoding Security
English - October 31, 2017 18:01 - 15 minutes - 12.8 MB - ★★★★★ - 6 ratingsTechnology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Endpoint security is an important piece of your overall security puzzle. Along with some of the website security tactics we've discussed previously, a strong endpoint security strategy is important for protecting your systems, and your users.
The Local Piece of Your Security Puzzle
Endpoint Security Basics
October 31, 2017 | Episode 104
Endpoint security is an important piece of your overall security puzzle. Along with some of the website security tactics we've discussed previously, a strong endpoint security strategy is important for protecting your systems and your users.
Recent News
BadRabbit
BadRabbit is similar to Petya, and has targeted Russian and Ukranian infrastructure. It uses DiskCryptor delivered through a fake Adobe Flash update to encrypt all files on a system.
WordCamp Phoenix
This weekend was WordCamp Phoenix, where the open-source community came together to discuss WordPress, along with how the open-source community can come together to stay strong, and even the benefits of side projects.
Endpoint Security
Endpoint security is one of the common threads among recent attacks, including Petya and BadRabbit. Endpoint covers the system and network you are physically using, and can include IOT devices.
There are steps you can take to avoid making mistakes, and be a secure user. When you are working in a public location, like a coffee shop, lock your computer if you step away for a moment, take your phone or tablet with you, and don’t let your devices out of your site. Be aware of phishing, and take steps like not opening suspicious emails and type URLs instead of clicking links.
If you are providing IT security for a company, set up filters, and use the available lists of known malicious URLs and IP addresses to keep those filters up to date.
Don’t believe popups that say you have malware. The popup is trying to get you to click it, which will then install malware. Don’t trust a popup that isn’t part of software you or your IT team have installed. This is essentially a modern form of social engineering.
Along the lines of social engineering, be aware of social engineering tactics. If you receive a call, never give information on that call. It is better to hang up and call the company back at a number you know is legitimate, and anyone who is from a legitimate company should not have a problem with you doing this. Even calls from management in the company you work for should be handled this way. If you don’t recognize the voice on the other end, offer to call their extension to verify that they are who they claim to be. Chances are, they will appreciate that you are helping to keep the company secure.
Related Articles:
https://www.usatoday.com/story/tech/news/2017/09/06/dozens-power-companies-breached-hackers-cybersecurity-researcher-says/638503001/
https://www.wired.com/story/crash-override-malware/
http://searchsecurity.techtarget.com/feature/Fundamentals-of-endpoint-security-Antimalware-protection-in-the-enterprise
Tip of the Day - 2FA
Two-Factor Authentication is a process where you are sent a code via email, text, or an app, so that you have to not just use your username and password, which can be compromised, you also have to prove you have your device with you. This provides an extra layer of security that will keep your accounts significantly more secure than a username and password alone.