cisco certification print out

cisco certification print out.HIDS/HIPSAbility to see all network traffic, allowing better correlation with eventsCan only see traffic to and from specific hostsConnectivity 222 Chapter 4 Introduction to Access ControlRequires additional processing of packets, introduces latency Can slow down a host's operating systemNo way to know if an attack was successful Can verify that an attack against a specific host was successfulCan do nothing about encrypted packets Can inspect encrypted packets Can contain attacks launched through encrypted packetsAttacks can be blocked at the entry point of the network Attack traffic can reach the attack target before it is blocked4.10.7 The terms "anti-virus" and "antimalware" are often used interchangeably to refer to software installed on a computer to detect and protect against malicious software and, in some cases, to quarantine an infected computer, eradicate malware, and restore system operation. computer, eradicate the malware, and restore the system to operation. As originally conceived, anti-virus software is a signature-based software that scans the system or files downloaded by the user for matches in a signature database. The signatures typically reside on the host's local hard drive, and users need to download new signatures to maintain protection. Most new anti-malware software not only has the basic features of antivirus software, but also adds new features to protect against modern attacks and new malware. Today, signature-based functionality is retained and extended with cloud-based monitoring, where anti-malware software performs checks with a cloud-based system based on the reputation of a particular file. Similar to the intrusion detection and intrusion prevention systems described in the previous section, most anti-malware software has the same heuristic-based detection and anomaly-based detection capabilities. Anti-malware technologies can be implemented in two modes:host-based and network-based, again similar to IDS and IPS. The advantages and disadvantages of host-based and network-based anti-malware are also similar to those of HIDS and NIDS. For example, a network-based malware protection system cannot determine whether malware actually arrives at an endpoint, and a host-based malware protection system can only block malware on the host where it is installed. In networks with high security requirements, both types of malware protection systems can be deployed together for maximum application layer security. Network-based malware protection systems can be combined with devices that have other capabilities, such as mail gateways, Web proxies, or intrusion prevention systems. Features such as Cisco ESA, Cisco WSA, and Cisco FirePower Next-Gen IPS are available for malware protection. The Cisco Anti-Malware Protection (AMP) system combines host-based anti-malware (called AMP for Endpoint Hosts [CiscoAMPforEndpoints]) and network-based anti-malware (called AMP for Networks [AMPforNetworks]) capabilities. ) feature. Both features use cloud-based signature detection, heuristic-based detection, and machine learning methods to protect hosts. The anti-virus scanning capabilities supported by the Cisco Mail Security Appliance (E-mailSecurityAppliance, ESA) are among the network-based anti-virus and anti-malware solutions that are integrated into other appliances, which incorporate anti-virus engines from well-known anti-virus vendors such as McAfee and Sophos. Inside the "body" of the mail gateway, the anti-virus engine is used to scan the content of emails in order to prevent the spread of viruses via email. If the mail gateway does not support anti-virus scanning, users will have to rely on a host-based anti-virus solution. To learn more about Cisco AMP and Cisco ESA, read Section 24.10 Implementation of Identity and Access Control Mechanisms in Chapter 223. Anti-malware techniques applied to endpoints are further described in Chapter 10. The differences between network-based antivirus and anti-malware solutions and host-based antivirus and anti-malware solutions are shown in Table 4.11.