SANS Institute

The most trusted source for computer security training, certification and research.

Internet Security Tools for Defense In-Depth

Home

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
28,186

This is a must for anyone that is considering taking the CISSP exam
-Leigh Lopez, CSUN

Check Them Out!

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

Applicable Sections in Compliance Mandates

Click for a complete view of all vendor products PDF icon

Defensive Wall 3: Summary

If an attack gets through the network defenses, the PCs, workstations, and servers should be prepared to stop it or at least minimize the damage. On PCs individual protection products are being replaced by broader endpoint protection platforms that use common engines and management interfaces to provide equivalent or stronger protection with reduced acquisition and operations costs.

Defensive Wall 3: Blocking Attacks: Host Based

3.1 Endpoint Security

Endpoint security includes anti-virus, anti-spyware, personal firewalls, host-based IPS, and related technologies that are installed on devices used by employees.

Compliance Mandates: PCI DSS Requirement 5, 10.6, SOX DS5.9, GLBA 16CFR Part 314.4 (b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1),(2) and (6), 164.310(c), 164.312(a)(1), FISMA SI-3, SI-8, SC-18, AC-2, ISO 27001-27002 11.7.1, 11.7.2

Tools:
McAfee Total Protection for Endpoint
Symantec Endpoint Protection
Kasperksy OpenSpace Security
IBM ISS RealSecure
Cisco Security Agent

top^

3.2 Network Access Control (NAC)

When any computer connects to the corporate network, NAC determines if the computer is known to the network, who is using the computer, and verifies secure configurations and patch levels. NAC should also determine if malicious software is present on an endpoint. Personal computers that do not meet the enterprise standards can be denied access until their configurations have been corrected.

Compliance Mandates: SOX A13.2, DS5.3, DS5.4, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1),(2) and (6), 164.312(a)(1), 164.312(d), FISMA SI-4, AC-3, AC-4, AC-17, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 15.1.5

Tools:
McAfee NAC
Cisco NAC Appliance
StillSecure Safe Access
InfoExpress CyberGatekeeper
Symantec Network Access Control
Mirage Networks Mirage NAC

top^

3.3 System Integrity Checking Tools

Checks for unauthorized changes to files.

Compliance Mandates: PCI DSS 10.5.5, 11.5, 12.9.5, SOX DS5.5, GLBA 16 CFR Part 314.4(b) and (3), HIPAA 164.312(e)(1), FISMA AC-19, CP-9, SI-1, SI-7, ISO 27001/27002 12.3, 12.5.1, 12.5.3, 15.3

Tools:
Tripwire Enterprise
Configuresoft Enterprise Configuration Manager (ECM)
nCircle CCM File Integrity Monitor
AIDE (free)
Samhain (free)

top^

3.4 Application Control and Configuration Hardening Tools

Tests security configurations for variance from standards and enforces security policy against applications that are not trusted.

Compliance Mandates: PCI DSS 2.2, SOX A13.2, HIPAA 164.308(a)(1), 164.310(c), FISMA CA-7, CM-1, CM-2, CM-3, CM-4, CM-6, CP-10, PL-3, SA-4, ISO 27001/27002 10.4.2, 10.10.1

Tools:
Configuresoft Enterprise Configuration Manager (ECM)
HP Business Service Automation solutions
BMC Configuration Automation

top^

<< previous wall | next wall >>