Configuring and Implementing Endpoint Security Controls
This chapter covers the following topics:
Hardening Techniques: This section covers removing unneeded services, disabling unused accounts, using images/templates, removing end-of-life devices, removing end-of-support devices, local drive encryption, enabling the no execute (NX)/execute never (XN) bit, disabling central processing unit (CPU) virtualization support, secure encrypted enclaves/memory encryption, shell restrictions, and address space layout randomization (ASLR).
Processes: This section covers patching of firmware and applications, logging, and monitoring.
Mandatory Access Control: This section covers Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid), ...