Allows more broad control than edge based controls such as firewalls - can control by user group, location, application, etc
. In a BYOD environmnet, must to an assessment of the 'host' device before allowing it on the network. Are antiviruses, OS, and apps up to date, etc? Is it encrypted?
. Software that is installed and stays on the device to do health checks
. Runs during posture assessment of the BYOD device but installed and terminates itself when no longer required
. Integrated with Active Directory and checks are made during logon and logoff, can't be scheduled
. The BYOD failed the posture assessment, so placed here so that it can download and install the necessary fixes before proceeding
. A server that filters unwanted email before it reaches the user, based on rules, antivirus software (stopping viruses), DLP (not letting leaks of info out)
. Only let in list of known good locations that you can receive emails from
. Let in all by default, and block only those on this list
. Compare the domain the email came from to the IP address of that domain - block those whose don't match
. Technique to intentionally slow down conversation between sending and receiving email servers in order to discourage spammers
. Offloads the SSL handshaking process to another device then send it on to improve performance of the webserver (go from https to http)
. Examine outgoing SSL (like from your computer to your bank) - opens it, reads it for threats,then sends it on its way - relies on trust between browser certificates and the site
. If there is an 'internal certificate', you know there has to be a SSL proxy somewhere along that way that is taking the public certificate
. Special cryptographic equipment device used in large environments that also stores backups of all of your keys
. Converts Public Switch Telephone Networks to VoIP; uses SIP protocol on one end and H323 protocol on the other - big DLP and DoS vulnerabilities
.
