In this video,

you will learn to describe how host insertions are used to

compromise a network. Describe what measures can be taken
to protect against unauthorized insertion of a new host on your network
>> Host insertions, right, so the ability once an insider threat,
the ability to place a computer client on the network or
a server on the network with that intent. So this actually goes on to the network,
hoping that it's not going to be detected and contained,
move on to its nefarious goals. These are done both as clients and
as server, so how can one protect
against host insertions? Slide 21 talks about the idea
about maintaining accurate inventories of computer
hosts by MAC addresses. This is the fundamental technology
behind asset management. Solid asset management is part
of a larger governance program. It also applies directly to patch
maintenance and vulnerability management. So the idea about a scanner,
Qradar has a scanner internally that can generate very accurate inventories
of computer assets on the network. So not just hosts, but all of this,
the servers, the network criteria, all of those can be listed by MAC address. So
with a constant or
continual scanning capability you will determine the scanner
will ascertain computer clients or hosts that are not on the whitelist. So missing
hosts are okay. This is where system's turned
off either for maintenance, or it's a notebook computer
that's off of the network. New hosts that are not on
that MAC address whitelist, that's bad news, and that's when
the red lights and the sirens go off. Some of the remaining security threats
to keep in mind are that of the rogue software processes. This is a software
program,
software agent, that has been inserted maliciously
on the internal network. This can be inserted both by
the internal and the external threat. Once again, a whitelist approach
about being able to maintain a list of viable and legitimate software
applications in the enterprise. A key part of a solid governance
program will help identify unwanted and uninvited software processes
in the enterprise. Once those are identified, right, a vulnerability management
software can
help eradicate those software processes. These generally are inserted onto a host,
right, a computer platform, either a client or
a server, intentionally. The other variation of this
is that a legitimate software process is modified for evil purposes. So what would
they do for this? Obviously, track network traffic
monitoring to be able to ghost or understand the network traffic patterns. So we
talked earlier also in the first
module about traffic flow analysis. Well, these are are actually the tools
that observe traffic flow and in turn, ascertain and try to obtain
intelligence, or at least information, about the enterprise, given the way
the traffic patterns are shaped. And additionally, this is also used for
the exfiltration of sensitive data. We think about customer information,
credit cards, but crypto keys also are a target for
exfiltration.