A company has been attacked and their website has been altered to display false information. The
security administrator disables the web server service before restoring the website from backup.
An audit was performed on the server and no other data was altered. Which of the following
should be performed after the server has been restored?
A.
Monitor all logs for the attacker’s IP
B.
Block port 443 on the web server
C.
Install and configure SSL to be used on the web server
D.
Configure the web server to be in VLAN 0 across the network
This is C. Blocking 443 on the web server is going to block HTTPS. Of course, blocking 80 and 443 would ensure that nobody can access the web server, though the application won’t really be accessible unless running the server on an alternative port. :-/
0
0
I agree with you David, It’s C
0
0
There is no evidence to show the server is no longer being used as a web server. I don’t understand why blocking port 443. Obviously, the correct answer is C as long as it is a web server.
0
0