5.5 Describe components of network security design
📘CCNP Encore (350-401-ENCORE-v1.1)
1. What Is an Endpoint?
An endpoint is any device that connects to a network and communicates with other systems.
Common endpoints in an IT environment include:
- Desktop computers
- Laptops
- Mobile devices
- Servers
- Virtual machines
- IP phones
- Printers
- Network-connected IoT devices
From a security point of view, endpoints are one of the most common attack targets because:
- They are directly used by users
- They run operating systems and applications
- They frequently access internal and external resources
2. What Is Endpoint Security?
Endpoint security is the set of security controls, tools, and policies used to:
- Protect endpoints from attacks
- Prevent endpoints from becoming attack sources
- Detect and respond to malicious activity on endpoints
- Ensure only trusted and compliant devices access the network
In network security design, endpoint security works together with network security, not separately.
3. Why Endpoint Security Is Important (Exam Focus)
Cisco expects you to understand that:
- A network is only as secure as its endpoints
- Firewalls and IPS cannot fully protect compromised endpoints
- Endpoint security reduces risk from internal threats
- Endpoint security supports Zero Trust and defense-in-depth models
If endpoints are insecure:
- Malware can spread inside the network
- Credentials can be stolen
- Sensitive data can be leaked
- Network security devices can be bypassed
4. Key Goals of Endpoint Security
Endpoint security is designed to achieve the following goals:
- Prevent attacks
- Detect threats
- Respond to incidents
- Enforce security policies
- Maintain device compliance
5. Core Components of Endpoint Security (Very Important for Exam)
5.1 Antivirus (AV) and Anti-Malware
Purpose:
- Detect and block malicious software
Functions:
- Signature-based detection
- Heuristic and behavioral analysis
- Real-time scanning
- Scheduled scanning
Exam Note:
- Traditional antivirus is no longer enough by itself
- It must be combined with advanced tools
5.2 Endpoint Detection and Response (EDR)
Purpose:
- Detect advanced and unknown threats
- Monitor endpoint behavior continuously
- Respond automatically or manually to threats
Key Features:
- Behavioral monitoring
- Threat hunting
- Incident investigation
- Endpoint isolation
Difference from Antivirus:
- Antivirus focuses on known threats
- EDR focuses on suspicious behavior and advanced attacks
Cisco Context:
- Cisco Secure Endpoint (formerly AMP for Endpoints)
5.3 Host-Based Firewall
Purpose:
- Control network traffic entering and leaving the endpoint
Functions:
- Allow or block traffic based on rules
- Protect endpoints on untrusted networks
- Reduce attack surface
Important Point:
- Even if a network firewall exists, host-based firewalls provide extra protection
5.4 Patch Management
Purpose:
- Keep operating systems and applications up to date
Why It Matters:
- Many attacks exploit known vulnerabilities
- Unpatched endpoints are high-risk devices
Exam Focus:
- Endpoint security includes regular patching
- Automated patch deployment is preferred
5.5 Application Control / Application Whitelisting
Purpose:
- Control which applications are allowed to run
Methods:
- Allow only approved applications
- Block unknown or unauthorized software
Security Benefit:
- Reduces malware execution
- Limits attack tools on endpoints
5.6 Device Hardening
Purpose:
- Reduce unnecessary features and services
Examples:
- Disable unused services
- Remove default accounts
- Enforce strong password policies
- Restrict administrative privileges
Exam Note:
- Hardening reduces the attack surface of endpoints
6. Identity-Based Endpoint Security
6.1 User Authentication on Endpoints
Endpoints must verify:
- Who the user is
- What access level they should have
Methods include:
- Local authentication
- Directory-based authentication
- Multi-factor authentication (MFA)
6.2 Least Privilege Principle
Concept:
- Users and applications should have only the access they need
Benefits:
- Limits damage from compromised accounts
- Reduces unauthorized changes
7. Network Access Control (NAC) and Endpoint Security
Endpoint security is closely integrated with Network Access Control (NAC).
NAC Capabilities:
- Identify endpoints before granting access
- Check endpoint compliance
- Enforce security policies dynamically
Endpoint Checks May Include:
- Antivirus status
- OS patch level
- Security agent presence
- Device type
Cisco Example:
- Cisco Identity Services Engine (ISE)
8. Endpoint Security in Zero Trust Architecture
Cisco emphasizes Zero Trust in modern network design.
Zero Trust Assumptions:
- No endpoint is trusted by default
- Every access request must be verified
- Security is enforced continuously
Endpoint Role in Zero Trust:
- Device posture validation
- Continuous monitoring
- Identity-based access decisions
9. Endpoint Security Policy Management
Endpoint security is not only technical—it also includes policy enforcement.
Common Policies:
- Password policy
- Device usage policy
- Software installation policy
- Remote access policy
Centralized Management:
- Policies are managed from a central console
- Ensures consistent security across all endpoints
10. Monitoring and Visibility
Endpoint security tools provide visibility into:
- Device activity
- Application usage
- Threat events
- Security posture
Why This Matters:
- Faster detection
- Better incident response
- Improved security decisions
11. Incident Response and Endpoint Security
Endpoint security supports incident response by:
- Detecting suspicious behavior
- Isolating compromised endpoints
- Collecting forensic data
- Supporting recovery actions
Exam Tip:
- Endpoint isolation is a key response feature in modern tools
12. Endpoint Security vs Network Security (Exam Comparison)
| Aspect | Endpoint Security | Network Security |
|---|---|---|
| Protection Location | On the device | In the network |
| Focus | Device behavior and posture | Traffic inspection |
| Examples | AV, EDR, host firewall | Firewall, IPS, ACL |
| User Awareness | High | Low |
Key Exam Point:
- Both are required for a secure network design
13. Common Endpoint Security Challenges
Cisco expects awareness of challenges:
- User behavior risks
- Device diversity
- Remote endpoints
- Performance impact
- Management complexity
14. Best Practices for Endpoint Security Design (Exam-Ready)
- Use layered security controls
- Combine AV with EDR
- Enforce patch management
- Apply least privilege
- Integrate with NAC and identity systems
- Monitor endpoints continuously
- Automate response where possible
15. Key Exam Keywords to Remember
- Endpoint
- Endpoint Security
- Antivirus
- EDR
- Host-based firewall
- Patch management
- Application control
- Device hardening
- NAC
- Zero Trust
- Least privilege
16. Summary (For Quick Revision)
- Endpoints are major attack targets
- Endpoint security protects devices, users, and data
- It includes AV, EDR, firewalls, patching, and policies
- It integrates with NAC and Zero Trust
- Endpoint security is critical to modern network security design
