Joe the system administrator has noticed an increase in network activity from outside sources. He
wishes to direct traffic to avoid possible penetration while heavily monitoring the traffic with little to
no impact on the current server load. Which of the following would be BEST course of action?
A.
Apply an additional firewall ruleset on the user PCs.
B.
Configure several servers into a honeynet
C.
Implement an IDS to protect against intrusion
D.
Enable DNS logging to capture abnormal traffic
Joe wants to * Analyse the traffic in question”, without allowing said traffice to compromise the network.
The best way to do so is for said traffic to continue to flow, yet to divert it somewhere else away from production.
The best answer is to divert the traffic to a “honeynet” where each server is a “honeypot”
0
0