A company monitors the performance of all web servers using WMI.
A network administrator informs the security engineer that web servers hosting the company's client-facing portal are running slowly today.
After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.
Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The security engineer has identified that multiple IP addresses are attempting to enumerate host information via SNMP, which is causing the web servers to run slowly. The best technique to prevent reconnaissance activity is to disable SNMP on the web servers. Here is why:
A. Installing a Host-based Intrusion Prevention System (HIPS) on the web servers may help prevent some types of attacks but it is not specifically targeted at preventing reconnaissance activity via SNMP. Furthermore, HIPS can be resource-intensive and may cause additional performance overhead on the web servers, which could further degrade their performance.
B. Disabling inbound traffic from offending sources may be effective in preventing reconnaissance activity from those specific IP addresses. However, if the attackers are using a botnet or are spoofing their IP addresses, this technique may not be effective. Additionally, this technique may prevent legitimate traffic from accessing the web servers, which could impact the company's business operations.
C. Disabling SNMP on the web servers is the best technique to prevent reconnaissance activity via SNMP. SNMP is a protocol used to manage and monitor network devices, and is not required for the operation of web servers. Disabling SNMP will prevent attackers from gathering information about the web servers via this protocol, which will reduce the likelihood of successful attacks against them.
D. Installing anti-DDoS protection in the DMZ is not directly related to preventing reconnaissance activity via SNMP. Anti-DDoS protection is designed to mitigate distributed denial of service (DDoS) attacks by blocking or filtering traffic from multiple sources. While it may help protect the web servers from some types of attacks, it will not prevent reconnaissance activity via SNMP.
In conclusion, the best technique for the security engineer to employ in an attempt to prevent reconnaissance activity via SNMP is to disable SNMP on the web servers. This will reduce the likelihood of successful attacks against the web servers and minimize the impact on their performance.