Chapter 19

Configuring and Implementing Endpoint Security Controls

This chapter covers the following topics:

  • Hardening Techniques: This section covers removing unneeded services, disabling unused accounts, using images/templates, removing end-of-life devices, removing end-of-support devices, local drive encryption, enabling the no execute (NX)/execute never (XN) bit, disabling central processing unit (CPU) virtualization support, secure encrypted enclaves/memory encryption, shell restrictions, and address space layout randomization (ASLR).

  • Processes: This section covers patching of firmware and applications, logging, and monitoring.

  • Mandatory Access Control: This section covers Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid), ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.