Endpoint Devices Covered in this Course

00:00

come back to intermediate endpoint security course. In this lesson, I'm going to talk about 10 point devices that are going to be covered.

00:08

Um, also, I'm going to talk about types of devices and challenges they pose so

00:14

and pointing devices in this course I'm going to be limited to

00:19

BC's

00:20

ONDA. This means desktop PC's like,

00:25

for example, the standards business that's the PC, or all in ones or ah, even micro desktop PCs, which are fancy looking

00:37

or business graphics workstations. So regardless of the type, we all freedom is that stops in this course,

00:46

and also I'm going to talk about name notebooks, and also I'm going to cover a lot of different kinds of notebooks. I No, I'm not. I'm going to think about all of them and I talk about no books, so it's going to be. But they're graphics workstation or a standard business. No book or, um,

01:03

extra 60 the notebook that can be folded over or some kind off tablet with keyboard

01:11

or even rugged PC's Richard taken by technicians on the field. Also, I'm going to be talking about printing devices, which means

01:21

printers, and I say print is a really mean just the printers. So basically, the devices that can only print like laser printers or injured printers or multi function devices. So devices that beside printing can do,

01:38

uh, copying, scanning, sending emails are saving. Girls can files toe folder,

01:46

and they can be from small ones that sit on a desktop toe Really big one that sit in the whole way that have, ah, additional things like paper punchers or paper staplers or starting, um, a Don's

02:05

so

02:06

it can anything that can print and sits on the network and is intelligent enough to pose a security risk. I'm going toe cover them in this course.

02:16

So let's do a quick over you off challenges that are presented to the somebody looking into endpoint security today.

02:27

First thing is something that has started almost 10 years ago. Look a bit less, actually, and it's ah, genial invention that has been proven to be catastrophic and completely idiotic, which is called Bring Your own Device

02:43

because at one point people had started complaining toe their managers, and I t that the pieces that have been provided to them to you to do work in the company are too ugly and not too appealing,

02:58

and they are ashamed in front of customer. For example, if they're sales people and they asked, Okay, can I bring my own PC? And then, you know, their managers said yes. So they decided to go with the convenience. And the problem is that comedians has been mortal enemy of security,

03:17

always. So. If something is easy to use communion stews, it's also easy to crack. It doesn't have to be on Lee connected to PC's and computers. It is with pretty much everything, including the simple walks on your doors.

03:36

So then this bring your own devices had changed slightly and most of the companies to choose your own device, which means that there is a list device which have been chosen not only by their hardware capabilities but also by their looks. And then employees can choose one of these.

03:58

Uh, so what is the problem with? Bring your own devices? Sometimes these devices don't satisfy the minimum harder requirements for the job, and I'm not talking about the process or strength or speed and memory and size of the hard drive. I'm talking about this thing here, which is called TPM

04:17

and it's a trip that has to exist on the mother board in order for it to be considered minimally secure. A ble device

04:27

and trustful profit model is a chip, for example, that assures integrity has a random number generator, which is important in generating encryption keys,

04:38

which it does, by the way. It also can create nearly unfortunately, Heskey summary. It's used for biding encrypts data using TP in buying key tools for ceiling. So basically, it's a piece of harder that cannot be manipulated

04:57

by itself and therefore provides a high level of security. So

05:01

if the device doesn't have ah DPM, you have a problem.

05:08

Second thing is, you have bios and you have to be able to do things in BIOS which improve security, for example, to shut down each use be connected separately.

05:20

So, for example, if you have AH

05:23

desktop PC, which is sitting in a semi public space like some kind off retail office or something, you should be able to shut down on aled the USB connectors on the device except those that are not used by mouse or keyboard for them.

05:41

Also, you should be able to disable memory devices being used overuse being on the bias level. So because if it's ah

05:49

disabled in bios, then no intervention from the braking system side, including some viruses, can enable it.

05:58

And of course, at the end you have to be able to set them.

06:02

I used the password so that no unauthorized president connects is the bias and change the settings.

06:11

Next thing, which is big change for PCs, is that in most companies that I know users are having administrative rants on their account when they log in their PC,

06:24

which makes them vulnerable to some kind of manipulation. Because if somebody gets a hold of your PC while you're not looking, they can install whatever software doing on because you have administrative privileges.

06:38

And, of course, there is a major problem with PCs, which is called convenience. Convenience is saying, Okay, we have seen the software. It gives us the great opportunity to to, for example, online calls or, ah, online meetings and stuff like that.

06:56

And it happens all the time that every now and then somebody discovers that this is a security risk. Business managers air not educated enough on 90 security, and when enough people in their teams come to them, say we need to use this. This isn't D best double whatsoever.

07:15

They came in and then they start using it and then you have a security risk that pops up

07:21

without anybody knowing it. I have seen it so many times. It's a big, big pain for I t. Security, and

07:31

this is one challenge that is happening every day.

07:39

When it comes to printing devices, they have little or no oversight. You have a bunch of printing devices in your network and you are looking at them and

07:50

you probably just look it there there. So if somebody has not stolen them, are they working because the priorities they can print, so are the drivers. There are

08:01

are the

08:01

connected to the network, and that's pretty much it that everybody is looking at them. Nobody's using the security features off the monitoring softer.

08:11

The other problem is that more and more of them and used on the contract so basically also sorry Printing toe external company. They put their devices, retract their property in your space, and you just pay by page printing every month.

08:26

A number of pages printed every month So in this situation, you essentially don't have the influence on the security of these devices, and they can act as a Trojan horse inside your network.

08:41

And the biggest problem is that most people are not aware off the potential off printing devices, so they're now printing capable computers with processes going up to 1.2 gigahertz frequency.

08:56

Memory of these devices can go up to eight gigabytes, and some kind of storage can be upto one terabyte. So they have hard drives.

09:05

They have memory, they have processes, and they have proprietary or in the system there, the U. S is. But if you know how to write the script or our code for that device,

09:18

you simply can generate some kind of malicious activity on the printer, which, by the way, usually nobody's looking at.

09:30

So let's do the short learning check. Why is bring your own device is bad concept? Is it because there is no controls over device when it's taken home? Is it because there is no control over devices performance? Or is it because there is no control over devices security capabilities

09:46

on DFO um, security perspective? The right answer is there is no control over devices security capabilities.