Table of Contents
Endpoint Protection Platforms (EPP) EDR vs XDR Windows Hardening Linux Hardening Mobile Device Security BYOD SecurityEndpoint Protection Platforms (EPP)
EPP provides preventive security for endpoints including antivirus, anti-malware, personal firewall, and host-based intrusion prevention.
EPP vs EDR
| EPP (Prevention) | EDR (Detection & Response) |
|---|---|
| Signature-based AV | Behavioral analysis |
| Blocks known threats | Detects unknown threats |
| Minimal visibility | Full endpoint telemetry |
| Automatic blocking | Investigation + response |
EDR vs XDR
EDR (Endpoint Detection & Response) provides visibility into endpoint activity. XDR (Extended Detection & Response) correlates data across endpoints, network, cloud, and email.
Top EDR Solutions
- CrowdStrike Falcon: Cloud-native, AI-powered
- Microsoft Defender for Endpoint: Integrated with M365
- SentinelOne: Autonomous response
- Carbon Black: VMware integration
Windows Hardening
# PowerShell - Security configurations
# Disable SMBv1
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
# Enable Windows Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
# Configure Audit Policy
auditpol /set /category:"Logon/Logoff" /success:enable /failure:enable
# Enable Credential Guard
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v EnableVirtualizationBasedSecurity /t REG_DWORD /d 1
# Disable LLMNR
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0CIS Benchmark for Windows
- Password policy: 14+ characters, complexity
- Account lockout after 5 failed attempts
- Disable guest account
- Configure Windows Update (automatic)
- Enable BitLocker disk encryption
Linux Hardening
# Essential Linux hardening
# Update system
apt update && apt upgrade -y
# Disable root SSH login
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# Configure SSH key authentication only
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
# Enable firewall (UFW)
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw enable
# Install fail2ban
apt install fail2ban -y
systemctl enable fail2banMobile Device Security
- MDM/EMM: Mobile Device Management for control
- MAM: Mobile Application Management for app control
- Encryption: Device encryption mandatory
- Remote Wipe: Capability for lost/stolen devices
- Jailbreak Detection: Block compromised devices
BYOD Security
Bring Your Own Device policies balance employee flexibility with security:
- Containerization (work vs personal data)
- Conditional access based on compliance
- Minimum OS version requirements
- Certificate-based authentication
Last updated: December 2024