A security administrator is reviewing the web logs and notices multiple attempts by users to access: http://
www.comptia.org/idapsearch?user-*
Having identified the attack, which of the following will prevent this type of attack on the web server?
A.
Input validation on the web server
B.
Block port 389 on the firewall
C.
Segregate the web server by a VLAN
D.
Block port 3389 on the firewall
The WEB pages needs to be accessed, so blocking Ports is not the best option
Port 389 is for LDAP
Port 3389 – Port is IANA registered for Microsoft WBT Server, used for Windows Remote Desktop and Remote Assistance connections (RDP – Remote Desktop Protocol). Also used by Windows Terminal Server.
This eliminates B & D.
In addition to that, even if we segregate the server to a different vlan, it still must be accessible. Also as a rule, web server are place in the DMZ, which means that they are already “segregated” – This eliminates C
So A- Input validation on the web server is the best answers.
0
0