Endpoint Protection
An endpoint protection platform is a vital part of enterprise cybersecurity for a number of reasons. Firstly, it needs to provide services for consumers, provide an identity for them and set rules that can protect them from hacks, and for many enterprises, it needs to provide a secure or managed way of being able to control the public endpoint. Secondly, it needs to contain the backdoors and/or vulnerabilities within any enterprise entity that prevent others from accessing their endpoints. Thirdly, it can give the operator of an endpoint a means to verify that the endpoint does not have any vulnerabilities that would allow access to the network and therefore to a range of sensitive data. In short, it needs to protect its endpoints against everything from tampering to even the penetration of a remote gateway. But what if the endpoint is controlled by a single person, or a handful of them? This is where the above outlined endpoint protection needs to be leveraged.
It seems that this is now starting to come into play as a threat model to network security. The state of the art is provided by the interception of communication, meaning that when network security vendors analyze network traffic, they do not normally find any signs of illegal activity on a network, unless they are watching the whole traffic cycle. However, we don’t need to go that far. The way that vulnerabilities can be leveraged to provide an application owner with additional opportunities to gain control of a network is by providing a connection to a non secure endpoint, with malware residing on a client side. For more on modern business technologies, check out this amazing paystub software.
As for many networks, e.g. corporate, many are running an operating system like Windows 2000 or XP. These operating systems have nothing of real value to an endpoint security practitioner. That is to say, the only way to protect a network is to ensure that all incoming connections and any outgoing data are encrypted. However, if an endpoint is compromised, it is not possible to prevent this endpoint from communicating with a non secure point on the network.
To overcome this, the main route of escape is through a client side firewall. By implementing a strong firewall that is capable of detecting non secure connections, the user can avoid running on to the side of the network. In Malware that Controls I demonstrate this method for the Windows 2000 operating system. The main goal in this demo is to demonstrate how this can be used to give the attacker the means of adding and maintaining a backdoor to the server. This cannot be achieved through ordinary means like using an exploit, but it can be done through the simple means of performing one or two HTTP requests and then doing a fake web request to open a non secure channel. The principle of having an interface in the client that hides the fact that an application is not secure can be applied to other platforms as well. For instance, vulnerabilities in the QLogic GRX platform, Apache Web Server and Red Hat server’s offer plenty of opportunities to re-route traffic through the client side firewall.
