you will learn to describe how host insertions are used to
compromise a network. Describe what measures can be taken to protect against unauthorized insertion of a new host on your network >> Host insertions, right, so the ability once an insider threat, the ability to place a computer client on the network or a server on the network with that intent. So this actually goes on to the network, hoping that it's not going to be detected and contained, move on to its nefarious goals. These are done both as clients and as server, so how can one protect against host insertions? Slide 21 talks about the idea about maintaining accurate inventories of computer hosts by MAC addresses. This is the fundamental technology behind asset management. Solid asset management is part of a larger governance program. It also applies directly to patch maintenance and vulnerability management. So the idea about a scanner, Qradar has a scanner internally that can generate very accurate inventories of computer assets on the network. So not just hosts, but all of this, the servers, the network criteria, all of those can be listed by MAC address. So with a constant or continual scanning capability you will determine the scanner will ascertain computer clients or hosts that are not on the whitelist. So missing hosts are okay. This is where system's turned off either for maintenance, or it's a notebook computer that's off of the network. New hosts that are not on that MAC address whitelist, that's bad news, and that's when the red lights and the sirens go off. Some of the remaining security threats to keep in mind are that of the rogue software processes. This is a software program, software agent, that has been inserted maliciously on the internal network. This can be inserted both by the internal and the external threat. Once again, a whitelist approach about being able to maintain a list of viable and legitimate software applications in the enterprise. A key part of a solid governance program will help identify unwanted and uninvited software processes in the enterprise. Once those are identified, right, a vulnerability management software can help eradicate those software processes. These generally are inserted onto a host, right, a computer platform, either a client or a server, intentionally. The other variation of this is that a legitimate software process is modified for evil purposes. So what would they do for this? Obviously, track network traffic monitoring to be able to ghost or understand the network traffic patterns. So we talked earlier also in the first module about traffic flow analysis. Well, these are are actually the tools that observe traffic flow and in turn, ascertain and try to obtain intelligence, or at least information, about the enterprise, given the way the traffic patterns are shaped. And additionally, this is also used for the exfiltration of sensitive data. We think about customer information, credit cards, but crypto keys also are a target for exfiltration.