Ebook Endpoint Security, by Mark Kadrich
We will certainly reveal you the best and easiest means to get book Endpoint Security, By Mark Kadrich in this world. Lots of collections that will certainly support your obligation will certainly be below. It will certainly make you feel so excellent to be part of this internet site. Ending up being the member to consistently see just what up-to-date from this book Endpoint Security, By Mark Kadrich website will make you really feel ideal to hunt for guides. So, recently, as well as below, get this Endpoint Security, By Mark Kadrich to download as well as wait for your precious deserving.
Endpoint Security, by Mark Kadrich
Ebook Endpoint Security, by Mark Kadrich
Endpoint Security, By Mark Kadrich. Accompany us to be member here. This is the internet site that will certainly give you ease of browsing book Endpoint Security, By Mark Kadrich to review. This is not as the various other website; guides will be in the forms of soft data. What advantages of you to be member of this site? Get hundred compilations of book link to download and install and also get consistently upgraded book on a daily basis. As one of guides we will certainly offer to you currently is the Endpoint Security, By Mark Kadrich that includes a very completely satisfied principle.
But right here, we will certainly reveal you unbelievable thing to be able always review guide Endpoint Security, By Mark Kadrich anywhere and whenever you take area and also time. Guide Endpoint Security, By Mark Kadrich by only could aid you to recognize having the publication to check out every time. It will not obligate you to always bring the thick publication anywhere you go. You can merely maintain them on the gadget or on soft documents in your computer system to always read the room at that time.
Yeah, hanging out to read the publication Endpoint Security, By Mark Kadrich by on the internet can also give you positive session. It will certainly relieve to communicate in whatever problem. By doing this can be much more intriguing to do as well as easier to check out. Now, to obtain this Endpoint Security, By Mark Kadrich, you could download in the web link that we give. It will aid you to obtain simple means to download the publication Endpoint Security, By Mark Kadrich.
The books Endpoint Security, By Mark Kadrich, from straightforward to difficult one will be a really useful operates that you could require to alter your life. It will certainly not give you adverse declaration unless you don't obtain the significance. This is certainly to do in checking out a book to overcome the meaning. Typically, this publication qualified Endpoint Security, By Mark Kadrich is checked out considering that you really such as this type of publication. So, you could get much easier to understand the perception and definition. Again to constantly bear in mind is by reviewing this publication Endpoint Security, By Mark Kadrich, you could satisfy hat your interest start by finishing this reading e-book.
A Comprehensive, Proven Approach to Securing All Your Network Endpoints!
Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones.
Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today’s newest threats, and prepare yourself for tomorrow’s attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to “trusted computing.”
Unlike traditional “one-size-fits-all” solutions, Kadrich’s approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more.
You’ll learn how to:
• Recognize dangerous limitations in conventional
endpoint security strategies
• Identify the best products, tools, and processes to secure your specific devices and infrastructure
• Configure new endpoints securely and reconfigure existing endpoints to optimize security
• Rapidly identify and remediate compromised
endpoint devices
• Systematically defend against new endpoint-focused malware and viruses
• Improve security at the point of integration between endpoints and your network
Whether you’re a security engineer, consultant, administrator, architect, manager, or CSO, this book delivers what you’ve been searching for:
a comprehensive endpoint security strategy that works.
Mark Kadrich is President and CEO of The Security Consortium, which performs in-depth testing and evaluation of security products and vendors. As Senior Scientist for Sygate Technologies, he was responsible for developing corporate policies, understanding security trends, managing government certification programs, and evangelization. After Symantec acquired Sygate, Kadrich became Symantec’s Senior Manager of Network and Endpoint Security.
His 20 years’ IT security experience encompasses systems level design, policy generation, endpoint security, risk management, and other key issues.
Foreword
Preface
About the Author
Chapter 1 Defining Endpoints
Chapter 2 Why Security Fails
Chapter 3 Something Is Missing
Chapter 4 Missing Link Discovered
Chapter 5 Endpoints and Network Integration
Chapter 6 Trustworthy Beginnings
Chapter 7 Threat Vectors
Chapter 8 Microsoft Windows
Chapter 9 Apple OS X
Chapter 10 Linux
Chapter 11 PDAs and Smartphones
Chapter 12 Embedded Devices
Chapter 13 Case Studies of Endpoint Security Failures
Glossary
Index
- Sales Rank: #1872299 in Books
- Published on: 2007-04-09
- Original language: English
- Number of items: 1
- Dimensions: 9.00" h x .90" w x 6.90" l, 1.59 pounds
- Binding: Paperback
- 384 pages
From the Back Cover
A Comprehensive, Proven Approach to Securing All Your Network Endpoints! Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones. Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today's newest threats, and prepare yourself for tomorrow's attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to "trusted computing." Unlike traditional "one-size-fits-all" solutions, Kadrich's approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more. You'll learn how to: - Recognize dangerous limitations in conventional endpoint security strategies - Identify the best products, tools, and processes to secure your specific devices and infrastructure - Configure new endpoints securely and reconfigure existing endpoints to optimize security - Rapidly identify and remediate compromised endpoint devices - Systematically defend against new endpoint-focused malware and viruses - Improve security at the point of integration between endpoints and your network Whether you're a security engineer, consultant, administrator, architect, manager, or CSO, this book delivers what you've been searching for: a comprehensive endpoint security strategy that works. Mark Kadrich is President and CEO of The Security Consortium, which performs in-depth testing and evaluation of security products and vendors. As Senior Scientist for Sygate Technologies, he was responsible for developing corporate policies, understanding security trends, managing government certification programs, and evangelization. After Symantec acquired Sygate, Kadrich became Symantec's Senior Manager of Network and Endpoint Security. His 20 years' IT security experience encompasses systems level design, policy generation, endpoint security, risk management, and other key issues.
Foreword
Preface
About the Author
Chapter 1 Defining Endpoints
Chapter 2 Why Security Fails
Chapter 3 Something Is Missing
Chapter 4 Missing Link Discovered
Chapter 5 Endpoints and Network Integration
Chapter 6 Trustworthy Beginnings
Chapter 7 Threat Vectors
Chapter 8 Microsoft Windows
Chapter 9 Apple OS X
Chapter 10 Linux
Chapter 11 PDAs and Smartphones
Chapter 12 Embedded Devices
Chapter 13 Case Studies of Endpoint Security Failures
Glossary
Index
About the Author
For the past 20 years, Mark Kadrich has been a contributing member of the security community. His strengths are in systems-level design, policy generation, endpoint security, and risk management. Mr. Kadrich has been published numerous times and is an avid presenter.
Mr. Kadrich is presently president and CEO of The Security Consortium (TSC), a privately held company whose mission is to provide better security product knowledge to their customers. TSC performs in-depth testing and evaluation of security products and the vendors that provide them. As CEO and chief evangelist, Mr. Kadrich is responsible for ensuring that the company continues to grow successfully. After the Symantec acquisition of Sygate Technologies, Mr. Kadrich took a position as senior manager of network and endpoint security with Symantec. His role was to ensure that the Symantec business units correctly interpreted security policy during their pursuit of innovative technology solutions.
Mr. Kadrich was senior scientist with Sygate Technologies prior to the Symantec acquisition. In his role as senior scientist, Mr. Kadrich was responsible for developing corporate policies, understanding future security trends, managing government certification programs, and evangelizing on demand. Mr. Kadrich joined Sygate through the acquisition of a start-up company (AltView) of which he was a founding member. As a founding member of AltView, Mr. Kadrich was the principal architect of a system that scanned and contextualized the network, the endpoints on it, and built a detailed knowledge base. Eventually known as Magellan, the system could determine what endpoints were on a network, how the network was changing, what endpoints were manageable, and if they were being managed.
As CTO/CSO for LDT Systems, Mr. Kadrich assisted with the development and support of a Web-based system used to securely capture and track organ-donor information. Mr. Kadrich was director of technical services for Counterpane Internet Security. He was responsible for the generation of processes that supported and improved Counterpane’s ability to deploy and support customer-related security activities Mr. Kadrich was director of security for Conxion Corporation. As the director of security, his role was to plot the strategic course of Conxion’s information security solutions.
Prior to Conxion, he was a principal consultant for International Network Services (INS), for which he created a methodology for performing security assessments and interfaced with industry executives to explain the benefits of a well-implemented security program.
Mr. Kadrich is a CISSP, holds a Bachelor of Science degree in Management Information Systems from the University of Phoenix, and has degrees in Computer Engineering and Electrical Engineering (Memphis, 1979). Publications contributed to include TCP Unleashed, Publish Magazine, Planet IT, RSA, CSI, and The Black Hat Briefings.
Excerpt. © Reprinted by permission. All rights reserved.
Preface Preface
"That was some of the best flying I've seen to date –
right up to the part where you got killed."
Jester to Maverick in the Movie Top Gun
Introduction
I suppose that's the thing that bothers me the most: the fact that we think that we're doing great right up to the moment that the network melts down. Over the years we've seen the number of security tools deployed on our networks increase to the point where we are completely surprised when our computing environments are devastated by some new worm. But how can this happen you ask? How can we be spending so much money to increase our security and still be feeling the pain of the worm de jour? And not just feeling this pain once or twice a year, we're feeling it all the time.
To begin to answer this question, all one has to do is pop 'vulnerability' into Google and sit back and wait. My wait took a mere .18 seconds and returned over 69 million hits. Adding the word 'hacker' added an additional .42 seconds but did have the benefit of reducing the pool of hits to a tad over 4.2 million. Over 4 million pieces of information in less then half a second and for free! Now that's value.
So, getting back to our problem and looking at the results pretty much sums up our present situation. We're buried under all sorts of vulnerabilities and we're constantly struggling to get on top of the things. The problem of patching vulnerabilities is so big that an entire industry has sprung up just to address the problem. The problem of analyzing and generating patches is so big that Microsoft changed its release policy from an "as needed" to a "patch Tuesdays".
What are they really trying to address with the patches? One may think that it's about protecting the endpoint. What we're going to call endpoint security. This is a big topic of discussion. If we go back to Google and type in 'endpoint security' we get a little over 2.5 million hits. We can reduce that stratospheric result by typing in the word 'solution'. Now we're down to a much more manageable 1,480,000 hits.
So what's the point? The point is that there are a lot of folks talking about the problem but they're doing it from the perspective of a vendor customer relationship: a relationship that is predicated on them selling you something, a solution, and you paying them for it. The shear motive of profit motivates vendors to produce products that they can sell. Marketing departments are geared toward understanding what people need and how to shape their product in a way that convinces you that they can fill your need. How many times have you gone back to visit a vendor web page only to be surprised that they now address your problem? Look at how many vendors moved from PKI (Public Key Infrastructure) to SSI (Single Sign On) and finally to IM (Identity Management). Why? Because nobody was buying PKI because of the enormous expense so the marketing departments decided to switch names or "repurpose" their product. Now it was about "leveraging their synergies" with the multiple sets of user credentials and promises of vastly simplified user experiences. When that tanked the marketing people invented IM. Yep, that's what I said, they invented IM so they could once again distance themselves from a failed marking ploy and get more people to give them more money. Profit.
Ask any CEO what his or her mission is and if they don't reply, "to maximize shareholder value" I'll show you a CEO soon to be looking for a new job. It's all about making sales numbers and generating profit. The more profit, the happier vendors and their shareholders are.
Now don't get me wrong, profit is a good thing. It keeps our system working and our people motivated. But when the system of generating profit still refuses to produce a good solution one must ask, "what is the real problem that we're trying to solve here?" I don't want to be part of the solution that says that the problem is how to maximize shareholder value; I want to be part of a solution that says that the problem was understanding a well defined set of criteria that ensured that my enterprise and the information that it produced were safe, trustworthy, and secure.
But for some strange vendor driven reason we can't seem to do that.
Overview
This book makes the assumption that if we've been doing the same thing for years and we continue to fail then we must be doing something wrong. Some basic assumption about what we're doing and why we're doing it is incorrect. Yes, incorrect. But we continue to behave as if nothing is wrong. The pain is there but now the problem is that it's so ubiquitous that we've become desensitized to it. Like the buzzing the florescent lights make (yes, they do make an annoying sound) or the violence on TV, we've just gotten so used to having it around we've come up with coping mechanisms to deal with it. Why hasn't anyone asked why the pain is there in the first place?
This book does.
This book is different because it uses a basic tenant of science to understand what the problem is and how to manage it. This book uses a process control model to explain why securing the endpoint is the smartest thing you can do to manage the problem of network contamination and infestation. We'll explain the differences between endpoints and how to secure them at various levels. We start with the basic tools and settings that come with each endpoint, move to those required tools such as antivirus, and progress to endpoints that have been upgraded with additional security protocols and tools, such as 802.1x and the supplicant, that enable a closed loop process control model that enforces a minimum level of security.
Intended Audience
If you're a security manager, security administrator, desktop support person, or someone that will be or is managing, responding or responsible for the security issues of the network, this book is for you. If your job depends on ensuring that the network is not just 'up' but functional as a tool for generating, sharing, and storing information, you'll want to read this book. If you've ever been fired because some script kiddie managed to gain access to the CEO's laptop, you'll want this book on your shelves. If you're worried about Barney in the cube next to yours downloading the latest 'free' video clip or the latest cool chat client, you want to buy this book and give it to your desktop administrator.
Intended Purpose
Many books describe how systems can be exploited or how vulnerabilities can be discovered and leveraged to the dismay of the system owner. If you're looking for a book on hacking, this isn't it. If that's what you want to do, this is the wrong book for you. Give it to your admin friend since I'm sure they're going to need it after you go get your book on hacking. So, Instead of the "hacker's eye" view, we're going to give you something a bit more useful to you: the practitioners eye view.
This book not only shows you what to look for, it also tells you why you should be looking for it. Yes, in some places it is somewhat of a step-by-step guide, but we believe in the axiom "give a man a fish and he eats for a day, but teach a man to fish and he eats for the rest of his life." It's a corny saying but it gets the message across pretty well.
We intend on teaching the reader how to configure his or her network to be secure by addressing the issue at its root: the endpoint.
This book also takes a look at how we got here in the hopes that we won't make the same mistakes again. Some of my reviewers took offence at chapter 2 because I placed a portion of the blame for much of our situation squarely on the shoulders of the vendors that have been crafting our solutions. Yes, there are open source security tools but they don't drive our security market.
My hope is that when you are done with this book that you will understand why I believe a closed loop process control model works and how to apply it in your day-to-day security solutions.
On Ignoring Editors, Who is "We", and "Them"
Editors are wonderful people. Many writers hate editors because they change the magnificent prose that the author has spent hours generating and refining. They reinterpret what the author has said and change the way the ideas are presented to the reader by changing the order of words or the use of tone. Some authors hate that. Not me. I'm a rookie and I'm lazy. This is a bad combination for a writer so I don't mind some constructive criticism. Usually.
We.
A simple word that when used by an author is supposed to imply that an intimacy between the author and the reader exists when the reader is engaged in the pages of the book. When an author says "we" it's supposed to mean that small group of people that the reader is tied to by the story line of the book.
That is unless the author isn't using the second person as a construct. For instance, the writer could mean the "we" of the group exclusive of the reader as in "we hacked into this computer to find evidence of kiddy porn". The reader is clearly not included in that group of "we".
So, why have I brought this up at the beginning of a book that's about endpoint security you might be asking? Because I made the mistake of using the word "we" throughout the book without explaining who "we" was each and every time. I thought it was obvious who "we" is.
My editor hated that. Politely, concisely, but nonetheless, she hated it.
Every time I got a chapter back the word "we" was highlighted and a very polite note was attached asking who "we" was. "Mark, who is we? Please tell us who 'we' is". Yep. Each and every time I used "we" I would get a highlight and a note. I was quite annoyed since I thought that it was clear who "we" was. So, in an effort to find the final answer, I asked an authority – my girlfriend Michelle, to read some of the magnificent prose that I'd generated with the hope that she would agree with me. I should know better by now. "Who is 'we'?" she asked. Since this was not the response I was expecting, all I could do was look at her blankly and stammer, "well, um, we is us!"
I felt like an idiot. Her look confirmed it. I was an idiot.
But "we" is us. We are the security people of the world trying to solve a huge problem. So when I talk about "we" in this book, I'm referring to all of us who have tried, are trying, to create secure and reliable networks.
Now, I'm sure that "they" is going to come up next so let me attack that here. They is them – those that are not us. Vendors are great "thems" and it's usually who I'm referring to when I say "them".
So, we and us are the good guys, and they and them, well, aren't.
Why Are We Doing This?
As I said earlier, if you're doing something and it doesn't work no matter how many times you try it, you must be doing something wrong and it's time to take a step back and make an attempt at understanding why. The old stuff isn't working and it's time to try something new. Now, securing the endpoint isn't a new idea. The methods to accomplish are well known. But we have done a great deal of research that seems to indicate that without considering the endpoint as a key component in your security program, as a point of enforcement, that you are doomed, yes, doomed to failure.
OK, doomed may be a bit harsh, but if you get fired because some weasel changes two bytes of code in a virus and it rips through your network, what's the difference? You're hosed and hosed is just the past tense of doomed.
© Copyright Pearson Education. All rights reserved.
Most helpful customer reviews
10 of 10 people found the following review helpful.
A confusing book with sound observations but an unworkable premise and prescription
By Richard Bejtlich
I really looked forward to reading Endpoint Security. I am involved in a NAC deployment, and I hoped this book could help. While the text does contain several statements that make sense (despite being blunt and confrontational), the underlying premise will not work. Furthermore, simply identifying and understanding the book's central argument is an exercise in frustration. Although Endpoint Security tends not to suffer any technical flaws, from conceptual and implementation points of view this book is disappointing.
This is a tough review to write, because the non-product-specific chapters (1-7) are conceptually all over the map. Let me start with the items I found true and useful in Endpoint Security. I appreciated this perception on p 15: "I don't agree with the notion that the perimeter has disappeared. It's just moving too fast to see." This is true on p 20: "[B]asic engineering processes aren't at work in the security industry... We continue to suffer failures, and we have no way of knowing when our security solutions are successful." And this, on p 33: "[W]e've failed the first test because we can't describe secure... because we don't understand the problem well enough, we don't have a way to predict success; the converse is that we can't predict failure." And this, on p 34: "[W]e, the security industry, are not using sound engineering or the scientific method to figure out what is wrong. Worse yet, we continue to make the same mistakes year after year. We rely on the vendors to tell us what the solution should be instead of turning the formulation of a solution into a science." I loved this, on p 39: "[M]any people honestly believe that the network is too complex to understand and that 'security' is the purview of hackers and vendors. I've actually had security people tell me in meetings that their network is too large, too distributed, and too complex to identify all the endpoints on it!" By now I was excited; I thought we had a winner.
In reality, on page 1 I knew Endpoint Security was going to have problems. The author starts by using an HVAC system as a process model. He completely ignores that an HVAC system is not being attacked by intelligent adversaries. If your model does not account for the creativity, persistence, and rule-breaking of an intelligent adversary, then your model will fail in the real world. For example, on p 39 the author says "This is not how engineers do things, and for all practical purposes, no matter how we got here, we are engineers." This is not true; if we are engineers at all, we are combat engineers -- and our systems are being assaulted. Building on the HVAC idea, the author tries to introduce control theory and closed-loop process control (CLPC) (without really saying what an "open" loop looks like). I say "tries" because his "explanation" makes no sense, despite the use of examples. I found the coverage on Wikipedia to get to the heart of the issue quicker and clearer. For example, the author mentions "PID" on p 55 and 64, but only expands the acronym on p 73 to show PID means proportional-integral-derivative. On p 46 he mentions "proportional process control methodology" as if the reader should know what this means. I found myself wondering if several sections were written out of order, and I only pieced together the argument by flipping around.
To save you the same trouble, the author's premise is that networks need a "basic proportional control," meaning "protocols, hardware, and software ... [that] automatically reconfigure themselves based on our dictated policy" (p 79). NAC is a means to "close the loop" by having a "basic proportional control" that ensures "each time the endpoint connects to the network... it represents a minimum level of compliance with corporate security policy" (p 175).
The huge conceptual holes in Endpoint Security are 1) the assumption that "feedback" for CLPC is reliable and trustworthy; and 2) compliance = integrity = trustworthiness. Regarding 1, the author is in one place bashing vendors, and in another relying on vendors to produce anti-virus, IDS, and other mechanisms to be reliable -- or else his model fails! For example, p 62 states "we can make some basic assumptions about our network: A) We have a system for probing our network for vulnerabilities; B) We have some way of identifying intrusion attempts." While A is possible to some degree, it is impossible to simply "assume away" the problems of B. An IDS isn't a thermometer that accurately reports temperature.
Regarding 2, Endpoint Security states on p 78 that answering the following questions "yes" means a "minimum level of trust." In brief, they are patched? firewalled? anti-virus? authorized applications? and authorized user? Unfortunately, answering "yes" to these questions does very little to presume the endpoint is trustworthy. Sadly, the author mocks Microsoft's (correct) stance on this issue. On p 172 Microsoft says "Network Access Quarantine Control is not a security solution. It is designed to help prevent computers with unsafe configurations from connecting to a private network, not to protect a private network form malicious users who have obtained a valid set of credentials."
Conceptual issues aside (and there are more, like calling embedded devices or handhelds "threats" instead of "assets" with "vulnerabilities" and "exposures"), Endpoint Security has practical problems. Each chapter on specific technologies features sections called "initial health check." The idea is to run these "tests" to validate integrity in case you don't start with a clean build. That is a recipe for disaster, and some of the book's recommendations are laughable. If your rootkit detection methodology relies on comparing netstat and Nmap output, you're going to lose. The Windows chapter is decent, but looking at a handful of registry keys is no way to assess security. (Check out Harlan Carvey's recent book instead.) The Linux chapter is sad; who uses Xandros as a commercial Linux distro? Why not use Red Hat Enterprise Linux (emphasis on Enterprise). Who remotely administers a Linux box with VNC? Mac OS X is not a FreeBSD variant; kernel mode rootkits written for FreeBSD will not work on Mac OS X. Worse, the author cannot recommend any host integrity tools (p 119); if this is true, how can the integrity of a host be assessed? Using those five criteria mentioned earlier? Forget it.
Worst of all, the author builds his entire model on implementing CLPC via NAC, relying on "closing the loop" as "the missing link" to security nirvana. Yet, when we read the product specific chapters (Windows, Linux, Mac OS X, PDAs/Smartphones, and Embedded) only Windows can "close the loop." Is this for real? Build a model and then say it can't be done right now? I appreciate the desire to look ahead, but why did I just read this book?
I didn't give this book 2 stars, because I reserve that rating for books with glaring technical errors. Endpoint Security gets 3 stars for its sound observations of the security space (listed above), but I found the rest of the book not worth reading (although I read the whole thing). I cannot fathom how the reviewers and editors of this book allowed such a confusing argument and unworkable premise and prescription to be published.
PS: The story about the "Patent Office" on p 13 is an urban myth; Google "Charles Duell".
6 of 6 people found the following review helpful.
A few sound points but otherwise all over the place
By Chris Gates
I think that Richard Bejtlich hit the nail on the head with his review. The book makes some sound points, like "we rely on the vendors to tell us what the solution should be instead of turning the formulation of a solution into a science" and "as devices connect to or leave the network, the perimeter changes, and so our security policy must adapt" but these aren't necessarily new ideas. The sound points are heavily diminished by the book's lack of focus. Its hard to say that he jumps around in a chapter because "the chapters" are laid out well and cover what they say they are going to cover but I kept reading waiting for him to get to the point of how to make my network and endpoints more secure. I got to the end of the book and I don't feel we ever got there.
The short answer is that he recommends using system hardening (baselining) and a NAC device to ensure secure configurations to protect your endpoints. He says end point devices are anything that extend outside your perimeter, the author breaks these up into:
Windows, Non-Windows, Embedded (printers, routers), mobile phones & PDAs, Palm, blackberry, windows CE/windows mobile, and Symbian OS. I had a couple of issues with his using a NAC as the end all, be all solution. For the sake of argument I'll concede that a NAC solution should protect my LAN from someone walking in an plugging in an unauthorized device or keeping a client that does not meet my specifications off the LAN by quarantining them (even though Ofir Arkin has spent plenty of time proving this isn't necessarily the case). What the NAC solution doesn't protect against is a public facing server with a vulnerability, those million client side "i got you to click on my link" exploits, or protect the network from any mobile devices (AV ends up being our only solution minus any baselining we can do).
I had issues with his unwaivering trust in NAC solutions and those agents that most of the time make that happen. Ch 6 starts off interestingly enough talking about how he doesn't trust software VPN solutions because they can have flaws but all throughout ch5 we are told to use NAC solutions that require a closed source agent to be installed on the endpoint. What gives? I'll take a mature open source solution over a relatively young closed source solution any day.
The book has chapters (8-12) on baselining Windows, OS X, Linux, Embedded Devices (Printers), and Mobile Devices. While not technically incorrect, its adds very little to existing information and is certainly not enough information to confidently lock down any of the systems mentioned. The Mobile Device threat and mitigation section which is probably the biggest threat to the current network is covered much better in BlackJacking. I was also disappointed to see nmap version 3.00 being used for scanning. Nmap v3.0 is years out of date.
My last set of gripes is with the author's assertion that we need to change our network diagrams (page 60). He says that we should throw out the Visio type diagrams and go with an engineering/circuit board type diagram. I found myself having to keep flipping back to see what the symbols meant. He gave the example of if you asked 3 network engineers to draw a diagram of a network you would get 3 different diagrams, but I would say that it doesn't matter if they use a firewall with a wall and flame or a wall with hatch marks 9 out of 10 times everyone will recognize that as a firewall where his version of a firewall that is two triangles with their point's meeting may not be recognized. The informIT site used to have Chapter 3 as a preview so you could see for yourself (wasn't working when I wrote this).
The book does have some good points, the idea of the ever changing perimeter that includes mobile devices as endpoints is a good way of looking at the current problem we have on hand. I also agree with the author on page 69 that "we have many security tools that can function as integral and derivative controls, but these tools are acting independently of each other and are not tied to a central controllable proportional process." I think he raises some good points but doesn't quite deliver on a solid way to fix those points in the book.
4 of 4 people found the following review helpful.
I struggled with this one
By Stephen Northcutt
The thing that does this book the most damage is the cover, the quote at the top says if you can read only one book before deciding on a NAC solution, make it this one.
Trust me, don't make this the one book you read. There is some good stuff in this, but I found I kept thinking, "and your point would be?"
Now, I need to be honest, I gave up somewhere in chapter 11, but I read the first half of the book twice thinking it would go better the second time.
One of the problems is the way the book uses charts and graphics, I am looking at figure 2-1 on page 27 for the third time and I would still be hesitant to say I "get it" enough to try to explain it to anyone else. On the next page is a terrible graphic of a fat plastic blob in a bikini with a caption saying sexy bikini-clad beauty. By the time I got to page 60 with the symbols that look a bit like circuit design, and have titles like "bang-bang", and "peer connector traffic neutral" I was done with pictures.
Don't get me wrong, there is good material in this book, I am sure the author knows his stuff, but you will have to struggle with cognitive dissonance to dig out the pearls.
If you happen to see this book in the book store, the forward by Howard Schmidt is a fun read.
See all 5 customer reviews...
Endpoint Security, by Mark Kadrich PDF
Endpoint Security, by Mark Kadrich EPub
Endpoint Security, by Mark Kadrich Doc
Endpoint Security, by Mark Kadrich iBooks
Endpoint Security, by Mark Kadrich rtf
Endpoint Security, by Mark Kadrich Mobipocket
Endpoint Security, by Mark Kadrich Kindle
Endpoint Security, by Mark Kadrich PDF
Endpoint Security, by Mark Kadrich PDF
Endpoint Security, by Mark Kadrich PDF
Endpoint Security, by Mark Kadrich PDF
