A security technician is attempting to improve the overall security posture of an internal mail
server. Which of the following actions would BEST accomplish this goal?
A.
Monitoring event logs daily
B.
Disabling unnecessary services
C.
Deploying a content filter on the network
D.
Deploy an IDS on the network
Explanation:
We are after the BEST action to improve the overall security posture on a MAIL SERVER
INCORRECT ANSWERS:
A. Monitoring event logs daily – This is more an administrative task. In addition to that, it would be a very time consuming task that would produce very little dividends
C. Deploying a content filter on the network – On the INTERNET, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability WEB PAGES or E-MAIL that is deemed objectionable. So this has more to do with the CONTENT of emails rather than the SECURITY of emails
D. Deploy an IDS on the network – An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. This works therefore at NETWORK level, monitoring network traffic, hence and of very little use for the internal workings of a MAIL SERVER. A Host Intrusion Prevention System (HIPS) would have been a better option.
So the best answer remains – B. Disabling unnecessary services
One of the most basic practices for reducing the attack surface of a specific host is to disable unnecessary services. Services running on a host, especially network services provide an avenue through which the system can be attacked. If a service is not being used, disable it.
0
0