Min 150 words .....
Do you agree or disagree
Defense-in-depth is important to an enterprise environment. Having layers of security starting with physical and implementing granular security can help in protecting the data from being compromised.
To assist the network from any possible attacks the administrators can implement and deploy IPS, IDS, and EWS to protect from attacks over the wire. Other tools and strategies the use of antivirus software to protect the endpoint devices. There are two possible ways to protect and prevent a virus as described by Kaur, Gurpreet,
1. Place the node in a protective shield isolated and disconnected from the internet.
2. Install an antivirus program designed to protect a node from malicious code.
Antivirus programs start by caning the host if there is something that is found an alert is triggered and in a computer, it can be displayed in the screen, on servers it is sent as an alert via email. During the scan, the program compares the information scanned against a database with known viruses also known as signatures.
Signatures are represented by a series of stream of bytes in a file or a hash that has been used to identify the malicious code. This at times could be difficult as some viruses change the signature making it harder to detect, also there is often malware not recorded therefore no signature has been created in the database.
Other ways this software helps prevent malware is by heuristics. Heuristics uses an algorithm to examine the file searching for suspicious characters, or dangerous activity patterns on malware without a signature. The third is behavioral detection, this is done after establishing a baseline and using it to compare thebehavior of the running program. Key behaviors are unpacking of malware code, any modifications to host files or recording of keystrokes.
Antivirus software is very essential and necessary to prevent any infected devices. This is true now more than ever because most devices are connected to the internet and that increases the risk of security.
In my work we have several points of security, Illumio is a firewall that works on every node and connects to a centralized policy computing engine (PCE), the brains of the software. This technology enforces security on all the nodes by using a virtual enforcement node (VEN). Different from other firewalls working and enforcing rules based on IP address, Illumio uses labels to enforce security.
The labels allow for organization. Enforcing on every node secures that nothing communicated through the wire without being allowed in the PCE.
Kaur, G. (2016) Network Security:antivirus, from international journal from advanced research in computer science, 7(6), 79-84.