7. Threat Vectors
One can attack an endpoint in numerous ways, but for the most part the truly devastating methods leverage the power afforded by the operating system. If you “own” the operating system, you can do anything you want. If you’re the system administrator or the root user, you can turn off the firewall, kill the intrusion detection system (IDS), and clear out the logs. When attackers have that kind of access, they can cover their tracks and make it very difficult for you to find them.
Many operating systems are pretty loose with who they allow to run programs with administrative privileges, whereas others don’t allow any to run with executive status. Minimizing the list of applications, and users, that run with that level of privilege ...
Get Endpoint Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.