Implementing Network-Based Security Controls for Malicious Traffic Detection

A.

The situation described in the question involves malicious traffic originating from an internal network that is accessing an unauthorized port on an application server. To prevent further unauthorized access to the application server, a network-based security control should be implemented.

Here are brief descriptions of the security controls listed in the answer choices:

A. Access control lists (ACLs) are a set of rules that define which network traffic is allowed to enter or exit a network. ACLs can be configured on routers, switches, and firewalls to restrict traffic flow to only authorized ports or IP addresses.

B. Host-based intrusion prevention systems (HIPS) are software programs that run on individual hosts (e.g., servers, workstations) to detect and prevent unauthorized access or malicious activities on that host. HIPS can monitor system calls, file modifications, network traffic, and other activities to identify and stop potential threats.

C. Network Address Translation (NAT) is a technique used to translate private IP addresses to public IP addresses, and vice versa. NAT is often used to allow multiple devices with private IP addresses to share a single public IP address for internet access. NAT can also provide some level of security by hiding internal IP addresses from external networks.

D. Media Access Control (MAC) filtering is a security feature that restricts access to a network based on the MAC address of a device. MAC addresses are unique identifiers assigned to network devices, such as network adapters. By filtering network traffic based on MAC addresses, administrators can limit access to specific devices on the network.

Given the situation described in the question, the most appropriate security control to implement would be ACLs. ACLs can be configured to block traffic to the unauthorized port on the application server, preventing further malicious activity. HIPS would be useful for detecting and preventing malicious activity on individual hosts, but it may not be effective at stopping traffic from other hosts on the network. NAT and MAC filtering are less applicable to this situation as they are more geared towards controlling network access and traffic flow, rather than blocking specific ports or applications.

In summary, the engineer should consider implementing access control lists (ACLs) as a network-based security control to prevent unauthorized traffic from reaching the application server on the unauthorized port.