A company recently experienced data exfiltration via the corporate network.
In response to the breach, a security analyst recommends deploying an out-of-band IDS solution.
The analyst says the solution can be implemented without purchasing any additional network hardware.
Which of the following solutions will be used to deploy the IDS?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The recommended solution for deploying an out-of-band IDS (Intrusion Detection System) without purchasing additional network hardware is port mirroring.
Port mirroring is a technique used to copy network traffic from one port of a network device to another port, where the copied traffic can be analyzed by a security tool, such as an IDS. Port mirroring can be done on the same device or on a different device, depending on the network architecture.
In this scenario, port mirroring can be used to copy the network traffic from the production network to an isolated network segment, where the IDS can analyze the traffic without interfering with the production traffic. This way, the IDS can detect and alert on any suspicious traffic or behavior without impacting the normal operation of the network.
A network tap is a hardware device that is inserted into the network cable to copy the network traffic, but it requires additional network hardware and may introduce additional latency and potential points of failure.
A network proxy is a software or hardware device that acts as an intermediary between two network endpoints, but it may not be suitable for IDS deployment because it may modify or filter the network traffic.
A honeypot is a decoy system designed to lure attackers into revealing their techniques and intentions, but it is not an IDS and does not analyze the network traffic of the production network.