An organization is considering connecting a critical PC-based system to the Internet. Which of the
following would provide the BEST protection against hacking?

A.
An application-level gateway

B.
A remote access server

C.
A proxy server

D.
Port scanning

Explanation:

An application-level gateway is the best way to protect against hacking because it can define with
detail rules that describe the type of user or connection that is or is not permitted, it analyzes in

detail each package, not only in layers one through four of the OSI model but also layers five
through seven, which means that it reviews the commands of each higher-level protocol (HTTP,
FTP, SNMP, etc.). For a remote access server, there is a device (server) that asks for a username
and password before entering the network. This is good when accessing private networks, but it
can be mapped or scanned from the Internet creating security exposure. Proxy servers can
provide protection based on the IP address and ports. However, an individual is needed who really
knows how to do this, and applications can use different ports for the different sections of the
program. Port scanning works when there is a very specific task to complete, but not when trying
to control what comes from the Internet, or when all the ports available need to be controlled. For
example, the port for Ping (echo request) could be blocked and the IP addresses would be
available for the application and browsing, but would not respond to Ping.