Bob is a new security administrator at a financial institution. The organization has experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns?
i. Commands and data should not take place in cleartext
ii. SSH should be used, not Telnet.
iii. Truly critical systems should be administered locally instead of remotely.
iv. Only a small number of administrators should be able to carry out remote functionality.
v. Strong authentication should be in place for any administration activities.
A.
All of them
B.
None of them
C.
ii, iii
D.
iv, v
Explanation:
The following should take place to ensure secure remote administration;
– Commands and data should not take place in cleartext (that is, should be
encrypted). For example, SSH should be used, not Telnet.
– Truly critical systems should be administered locally instead of remotely.
– Only a small number of administrators should be able to carry out this remote
functionality.
– Strong authentication should be in place for any administration activities.