Network-Based Malware Protection

Posted on by examcert

Network-Based Malware Protection (39.4.4)

New security architectures for the borderless network address security challenges by having endpoints use network scanning elements. These devices provide many more layers of scanning than a single endpoint possibly could, as shown in Figure 39-10. Network-based malware prevention devices are also capable of sharing information among themselves to make better-informed decisions.

Figure 39-10 Protection for Borderless Networks

Protecting endpoints in a borderless network can be accomplished using network-based as well as host-based techniques, as shown in Figure 39-10. The following are examples of devices and techniques that implement host protections at the network level:

  • Cisco Secure Endpoint—This provides endpoint protection from viruses and malware.
  • Cisco Secure Email—This provides filtering of spam and potentially malicious emails before they reach the endpoint. An example is the Cisco ESA.
  • Cisco Umbrella—This uses DNS requests to provide filtering of websites and blocklisting to prevent hosts from reaching dangerous locations on the web. Cisco Umbrella provides control over how users access the Internet and can enforce acceptable use policies, control access to specific sites and services, and scan for malware.
  • Network Admission Control (NAC)—This permits only authorized and compliant systems to connect to the network.

Check Your Understanding—Antimalware Protection (39.4.5)
Refer to the online course to complete this activity.

Firewalls and Host-Based Intrusion Prevention (39.5)
Detecting and preventing access data that may be harmful to end devices or the network is a critical part of any security infrastructure.

Firewalls (39.5.1)
A firewall is a system, or group of systems, that enforces an access control policy between networks, as shown in Figure 39-11.

Figure 39-11 Firewalls Enforce Access Control Policies

Common Firewall Properties
All firewalls share some common properties:

  • Firewalls are resistant to network attacks.
  • Firewalls are the only transit point between internal corporate networks and external networks because all traffic flows through the firewall.
  • Firewalls enforce the access control policy.

Firewall Benefits
There are several benefits of using a firewall in a network:

  • They prevent the exposure of sensitive hosts, resources, and applications to untrusted users.
  • They sanitize protocol flow, which prevents the exploitation of protocol flaws.
  • They block malicious data from servers and clients.
  • They reduce security management complexity by off-loading most of the network access control to a few firewalls in the network.

Firewall Limitations
Firewalls also have some limitations:

  • A misconfigured firewall can have serious consequences for the network, such as becoming a single point of failure.
  • The data from many applications cannot be passed over firewalls securely.
  • Users might proactively search for ways around the firewall to receive blocked material, which exposes the network to potential attack.
  • Network performance can slow down.
  • Unauthorized traffic can be tunneled or hidden as legitimate traffic through the firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *