adam's notes

Endpoint Protection

  • segmentation
  • isolation
    • refers to segregating individual devices within a network to limit their interaction with other devices and systems
  • antivirus/antimalware
  • full disk encryption (FDE)
    • requires the secure storage of the key used to encrypt the drive contents
      • stores encryption key on a trusted platform module (TPM)
  • patch management
    • in home/residential networks
      • major OS updates are usually done automatically
        • Windows
          • Windows Update
        • Linux
          • via yum-cron or apt unattended-upgrades
    • in enterprise networks
      • automated deployment can break workflows or cause incompatibilities
      • use patch management suite instead
        • e.g., Microsoft System Center Configuration Manager (SSCM)/Endpoint Manager

Graph View

Backlinks