7. Threat Vectors

One can attack an endpoint in numerous ways, but for the most part the truly devastating methods leverage the power afforded by the operating system. If you “own” the operating system, you can do anything you want. If you’re the system administrator or the root user, you can turn off the firewall, kill the intrusion detection system (IDS), and clear out the logs. When attackers have that kind of access, they can cover their tracks and make it very difficult for you to find them.

Many operating systems are pretty loose with who they allow to run programs with administrative privileges, whereas others don’t allow any to run with executive status. Minimizing the list of applications, and users, that run with that level of privilege ...

Get Endpoint Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.