Friday, October 25, 2013

Endpoint Security

Endpoint Security

Shock Sale Endpoint Security very cheapYou looking to find the "Endpoint Security" Good news! You can purchase Endpoint Security with secure price and compare to view update price on this product. And deals on this product is available only for limited time.

Endpoint Security On Sale

   Updated Price for Endpoint Security now
Purchase Endpoint Security low price

Product Description

A Comprehensive, Proven Approach to Securing All Your Network Endpoints!

Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones.

Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today� s newest threats, and prepare yourself for tomorrow � s attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to “trusted computing.”

Unlike traditional “one-size-fits-all solutions, Kadrich� s approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more.

You� �ll learn how to:

�� Recognize dangerous limitations in conventional

endpoint security strategies

� ��  Identify the best products, tools, and processes to secure your specific devices and infrastructure

� �� Configure new endpoints securely and reconfigure existing endpoints to optimize security

 � Rapidly identify and remediate compromised

endpoint devices

� � Systematically defend against new endpoint-focused malware and viruses

� �   Improve security at the point of integration between endpoints and your network


</p>

Endpoint Security Review

I really looked forward to reading Endpoint Security. I am involved in a NAC deployment, and I hoped this book could help. While the text does contain several statements that make sense (despite being blunt and confrontational), the underlying premise will not work. Furthermore, simply identifying and understanding the book's central argument is an exercise in frustration. Although Endpoint Security tends not to suffer any technical flaws, from conceptual and implementation points of view this book is disappointing.

This is a tough review to write, because the non-product-specific chapters (1-7) are conceptually all over the map. Let me start with the items I found true and useful in Endpoint Security. I appreciated this perception on p 15: "I don't agree with the notion that the perimeter has disappeared. It's just moving too fast to see." This is true on p 20: "[B]asic engineering processes aren't at work in the security industry... We continue to suffer failures, and we have no way of knowing when our security solutions are successful." And this, on p 33: "[W]e've failed the first test because we can't describe secure... because we don't understand the problem well enough, we don't have a way to predict success; the converse is that we can't predict failure." And this, on p 34: "[W]e, the security industry, are not using sound engineering or the scientific method to figure out what is wrong. Worse yet, we continue to make the same mistakes year after year. We rely on the vendors to tell us what the solution should be instead of turning the formulation of a solution into a science." I loved this, on p 39: "[M]any people honestly believe that the network is too complex to understand and that 'security' is the purview of hackers and vendors. I've actually had security people tell me in meetings that their network is too large, too distributed, and too complex to identify all the endpoints on it!" By now I was excited; I thought we had a winner.

In reality, on page 1 I knew Endpoint Security was going to have problems. The author starts by using an HVAC system as a process model. He completely ignores that an HVAC system is not being attacked by intelligent adversaries. If your model does not account for the creativity, persistence, and rule-breaking of an intelligent adversary, then your model will fail in the real world. For example, on p 39 the author says "This is not how engineers do things, and for all practical purposes, no matter how we got here, we are engineers." This is not true; if we are engineers at all, we are combat engineers -- and our systems are being assaulted. Building on the HVAC idea, the author tries to introduce control theory and closed-loop process control (CLPC) (without really saying what an "open" loop looks like). I say "tries" because his "explanation" makes no sense, despite the use of examples. I found the coverage on Wikipedia to get to the heart of the issue quicker and clearer. For example, the author mentions "PID" on p 55 and 64, but only expands the acronym on p 73 to show PID means proportional-integral-derivative. On p 46 he mentions "proportional process control methodology" as if the reader should know what this means. I found myself wondering if several sections were written out of order, and I only pieced together the argument by flipping around.

To save you the same trouble, the author's premise is that networks need a "basic proportional control," meaning "protocols, hardware, and software ... [that] automatically reconfigure themselves based on our dictated policy" (p 79). NAC is a means to "close the loop" by having a "basic proportional control" that ensures "each time the endpoint connects to the network... it represents a minimum level of compliance with corporate security policy" (p 175).

The huge conceptual holes in Endpoint Security are 1) the assumption that "feedback" for CLPC is reliable and trustworthy; and 2) compliance = integrity = trustworthiness. Regarding 1, the author is in one place bashing vendors, and in another relying on vendors to produce anti-virus, IDS, and other mechanisms to be reliable -- or else his model fails! For example, p 62 states "we can make some basic assumptions about our network: A) We have a system for probing our network for vulnerabilities; B) We have some way of identifying intrusion attempts." While A is possible to some degree, it is impossible to simply "assume away" the problems of B. An IDS isn't a thermometer that accurately reports temperature.

Regarding 2, Endpoint Security states on p 78 that answering the following questions "yes" means a "minimum level of trust." In brief, they are patched? firewalled? anti-virus? authorized applications? and authorized user? Unfortunately, answering "yes" to these questions does very little to presume the endpoint is trustworthy. Sadly, the author mocks Microsoft's (correct) stance on this issue. On p 172 Microsoft says "Network Access Quarantine Control is not a security solution. It is designed to help prevent computers with unsafe configurations from connecting to a private network, not to protect a private network form malicious users who have obtained a valid set of credentials."

Conceptual issues aside (and there are more, like calling embedded devices or handhelds "threats" instead of "assets" with "vulnerabilities" and "exposures"), Endpoint Security has practical problems. Each chapter on specific technologies features sections called "initial health check." The idea is to run these "tests" to validate integrity in case you don't start with a clean build. That is a recipe for disaster, and some of the book's recommendations are laughable. If your rootkit detection methodology relies on comparing netstat and Nmap output, you're going to lose. The Windows chapter is decent, but looking at a handful of registry keys is no way to assess security. (Check out Harlan Carvey's recent book instead.) The Linux chapter is sad; who uses Xandros as a commercial Linux distro? Why not use Red Hat Enterprise Linux (emphasis on Enterprise). Who remotely administers a Linux box with VNC? Mac OS X is not a FreeBSD variant; kernel mode rootkits written for FreeBSD will not work on Mac OS X. Worse, the author cannot recommend any host integrity tools (p 119); if this is true, how can the integrity of a host be assessed? Using those five criteria mentioned earlier? Forget it.

Worst of all, the author builds his entire model on implementing CLPC via NAC, relying on "closing the loop" as "the missing link" to security nirvana. Yet, when we read the product specific chapters (Windows, Linux, Mac OS X, PDAs/Smartphones, and Embedded) only Windows can "close the loop." Is this for real? Build a model and then say it can't be done right now? I appreciate the desire to look ahead, but why did I just read this book?

I didn't give this book 2 stars, because I reserve that rating for books with glaring technical errors. Endpoint Security gets 3 stars for its sound observations of the security space (listed above), but I found the rest of the book not worth reading (although I read the whole thing). I cannot fathom how the reviewers and editors of this book allowed such a confusing argument and unworkable premise and prescription to be published.

PS: The story about the "Patent Office" on p 13 is an urban myth; Google "Charles Duell".

Most of the consumer Reviews tell that the "Endpoint Security" are high quality item. You can read each testimony from consumers to find out cons and pros from Endpoint Security ...

Buy Endpoint Security Cheap

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)