Earlier in the book, I discussed intrusion prevention, primarily
from a network perspective. In this appendix, we ’ ll look at
security from the perspective of the host, what has been called
endpoint security. An endpoint is defi ned as anything that can be construed to be a host,
such as a desktop computer, a laptop computer, a smartphone, and so on. For the purpose
of this discussion, a server can also be an endpoint. For example, a host intrusion prevention
system is a form of endpoint security. It guards against an attack to host computers and
servers and is usually deployed in an enterprise setting. In addition to an introduction to
endpoint security, we will look at the threat posed by buffer overfl ows. Then we will look
at the various products used by Cisco to address endpoint security. Finally, I will discuss
endpoint security best practices.
Introduction to
Endpoint Security
Endpoint security is another part of a layered approach to an enterprise ’ s security posture.
I ’ ve talked about network security a great deal in this book, but there ’ s also the need to
secure hosts. With the multitude of threats that exist today, there ’ s always the chance that
a host can be infected by a virus or a user might inadvertently download malware from a
website. Many other types of host threats exist.
The enterprise network used to be an entity with a hardened security perimeter around it and
that was it. But today ’ s network is used by telecommuters, business partners, and wireless users.
This network needs demilitarized zones (DMZs). In other words, the perimeter is everywhere
and nowhere, all at the same time. So there needs to be a way to secure the host as well as the
network. This is where endpoint security comes into play.
Cisco has a number of security elements, as shown in Table C.1, which are geared to
protect the host device.