Malicious traffic from an internal network has been detected on an unauthorized port on an application server.
Which of the following network-based security controls should the engineer consider implementing?
A.
ACLs
B.
HIPS
C.
NAT
D.
MAC filtering
Explanation:
ExplanationExplanation/Reference:
If the port is “unathorized” then why isn’t it closed?
The only network-based solutions I see are C and D.
A is certainly wrong.
NAT isn’t really a security control, and I don’t see how it will help on the internal network.
I suppose the correct answer must be MAC filtering, although anyone doing this exam must realize MACs can easily be spoofed.
0
4
MAC filtering is in reference more to a Layer 2… this port is a logical port, not physical. The only two network based options are NAT and ACLs. Of these two, ACLs will allow you to restrict and block traffic and specifics ports. NAT has nothing to do with security. HIPS is more of an aplication (software). At least that’s the way I saw this.
13
0
Good points were made in here:
If the port is “unauthorized” then why isn’t it closed?
I think that this question, like many others, is badly written
What I think they mean is that “Malicious/ unauthorized traffic from an internal network has been detected on a port on an application server.”
Which of the following network-based security controls should the engineer consider implementing?
So what I am after is a “network-based security control” which should prevent the Malicious/ unauthorized traffic” in the first place.
In short, we are talking about “control of network traffic”
Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network.
I concur with VIN – The only two network based options are NAT and ACLs. Of these two, ACLs will allow you to restrict and block traffic and specifics ports. NAT has nothing to do with security. HIPS are more of an application (software).
3
0