2.5 Explain the purpose of mitigation techniques used to secure the enterprise.

Segmentation

Divides networks into smaller parts to limit access and damage

Such as dividing finance and HR networks to reduce lateral movement.

Access Control

Rules that define who or what can access resources, like an HR group being exclusive to the employee records folder

Can be ACL

Permissions (ACL)

Defines user capabilities within systems, like having read only vs read write access to a shared drive

Application Allow List

Only approved apps can be run

Example: Only MS office apps are allowed to be executed on work computers

Isolation

Seperates risky systems or processes from the main environment

Such as, running malware samples in a sandbox

Patching

Fixes security flaws in software

Example: Updating OS to fix known Privilege escalation flaw

Encryption

Secures data by converting it into unreadable form

Using AES to protect sensitive emails

Monitoring

Tracks system activity for anomalies

Like a SIEM log showing a suspicious login attempt.

Least Privilege

Users only get the access needed to perform their job

Example: Interns can install software on their laptop

Configuration Enforcement

Ensures systems follow security policies

Example: Blocking the use of outdated TLS

Decommissioning

Securely retiring and removing systems, like wiping data before disposing of old servers

Encryption (Hardening)

Adds protection by encrpyting systems and communications, like a Full disk encryption on employee laptops can secure and protect the data on the device.

Endpoint (Hardening)

Installing a antivirus or endpoint detection response on devices to detect/block threats, like crowdstrike running on all company PCs

Host based firewall (Hardening)

Filters traffic on individual machines, like the windows firewall app blocking incoming FTP requests

Host based Intrusion Prevention Systems (HIPS)

Detects and blocks suspicious behavior on hosts, Example, A HIPS can stop scripts from modifying system registry

disabling ports/protocols

Closes unneccesarry services to reduce attack surfaces, such as disabling telnet and USB ports to prevent them from being attacked

change Default Credentials

replaces vendor or default credentials to prevent easy compromises, like changing a route admin:admin to a stronger and unique passowrd

Removal of unnecessary software

Reduces attack surface by uninstalling unused apps, by removing default games and trial softtware from company laptops