David works as a Network Administrator for a large company. The company recently decided to extend their intranet access, to allow trusted third party vendors access to the corporate intranet, what is the best approach for David to take in securing intranet?

A.
Tighten user access controls on the intranet servers

B.
Patch the OS on the intranet servers

C.
Place intranet servers in a DMZ so both corporate users and trusted vendors can access it

D.
Install an IDS on the intranet servers

Explanation:
By placing the intranet servers in a DMZ, external vendors accessing those servers would be separated from the corporate network. The most significant threat from allowing outside vendors access to internal resources, is that an attack could originate from their network.

Answer option D is incorrect. An IDS is always a good idea, however it will only warn you that an attack is occurring, not make the attack less likely.

Answer option A is incorrect. Managing user controls is always a good idea. However, in this case the real problem is segmenting the external users from the internal network.

Answer option B is incorrect. One should always be patching the OS regardless of the situation.

Topic 2, Volume B