A company’s security analyst is investigating the suspected compromise of the company’s intranet web server. The compromise occurred at a time when no users
were logged into the domain. Which of the following is MOST likely to have prevented the attack from a new machine introduced to the corporate network?
A.
Domain log review
B.
802.1x
C.
NIDS
D.
Rogue detection
Using 802.1X to control who can access a network is an increasingly popular solution. It is a port-based access control method. defined by the Institute of Electrical and Electronic Engineers (IEEE) that can be configured to require mutual authentication between the client and the network. If there’s no authentication, no communications are permitted. 802.1X works with Extensible Authentication Protocol (EAP, ftp://ftp.rfc-editor.org/in-notes/rfc3748.txt) to authenticate the client to the network and the network to the client, ensuring that both sides are communicating with recognized entities.
0
0