How we tested the various endpoint security products.Each server/console was installed on a fully patched Windows 2000 server. All nine consoles were running in individual operating-system installations on one box using VMware virtualization software. That server was a Pentium 4, 3-GHz system with 2G bytes of RAM. The clients were running on Windows XP on a Pentium 4, 3-GHz system with 2G bytes of RAM. We also used VMware to support the client software on this machine.We installed the central server/console for each product as defined in the installation instructions and deployed client installations with tools provided. If the product didn’t contain deployment tools, we installed them from URL, CD or file share.We configured each product to send alerts by e-mail to an alert address and created a test group for the client computers within a domain we controlled. To test policy functionality, we attempted to create and deploy a policy that would block all inbound traffic except remote desktop, block outbound traffic to Port 23 on remote systems, block Netcat from binding to Port 468 and block Solitaire (sol.exe) from running.To test whether these products could help defend against attacks, we looked at each product in four areas: • Application control – How well the product would contain a malicious or prohibited application.• Intrusion detection – How well the product worked as a detector of attempted network intrusions.• Intrusion prevention – How well the product detected network attacks by using anomaly detection.• Defense resilience – How the product behaved if it were attacked.We tested application control by running Netcat to listen on TCP Port 468 and using a telnet client to connect to it. We tested intrusion-detection features by using NMAP and Nessus to perform TCP and User Datagram Protocol (UDP ) port scans. We tested intrusion-prevention features by using Netcat to send a malformed Universal Plug and Play request.We then reviewed the alerts and log information available based on our policy tests and attack information. We also tried to create reports. First, we wanted a report showing clients that have not checked in with the server in a period of time. Second, we attempted to generate a report showing alert statistics for a specified time period. Back to review: “Endpoint security products aid in client defense” Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Mergers and Acquisitions news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe