Segmenting the Network with Firewalls

The CSIRT is reviewing the lessons learned from a recent incident.

A worm was able to spread unhindered throughout the network and infect a large number of computers and servers.

Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

A.

Install a NIDS device at the boundary.

B.

Segment the network with firewalls.

C.

Update all antivirus signatures daily.

D.

Implement application blacklisting.

B.

The best recommendation to mitigate the impacts of a similar incident in the future would be to segment the network with firewalls (Option B). This would involve dividing the network into smaller subnetworks, with each subnetwork having its own security controls, such as firewalls and access controls. This would help prevent the spread of a worm or other malware by limiting its ability to move between different subnetworks.

Installing a NIDS device at the boundary (Option A) would help detect malicious activity and attacks on the network, but it would not necessarily prevent the spread of a worm or other malware once it has entered the network. Similarly, updating antivirus signatures daily (Option C) is important to detect and prevent malware infections, but it is not a comprehensive solution and would not necessarily prevent the spread of a worm.

Implementing application blacklisting (Option D) would be useful in preventing the execution of known malicious applications, but it would not prevent the spread of a worm or other malware that is not yet known or recognized by the blacklist.

Therefore, segmenting the network with firewalls is the most effective solution to prevent the spread of malware and mitigate the impacts of a similar incident in the future.