Network Perimeter Upgrade Solution
Question
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router.
The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization.
Which of the following is the BEST solution?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The elevated UDP traffic reported by the IDS may be indicative of a potential threat or attack against the network. Additionally, the high utilization reported by the internal routers may indicate excessive traffic or inefficient routing. In this scenario, the network engineer should implement the best solution to address the reported issues.
Option A: Reconfiguring the firewall to block external UDP traffic may provide a quick fix for the reported issue, but it may not be the best solution. UDP is a commonly used protocol for various legitimate applications, and blocking it altogether may cause unintended consequences, such as breaking important applications that rely on UDP. Additionally, it may not address the root cause of the elevated UDP traffic, which could still pose a threat to the network.
Option B: Establishing a security baseline on the IDS is a good practice for monitoring and detecting potential threats. However, it may not address the high utilization reported by the internal routers. Therefore, it may not be the best solution to the reported issue.
Option C: Blocking echo reply traffic at the firewall may reduce network traffic, but it may not address the root cause of the reported issue. Additionally, echo reply traffic is a legitimate traffic and is used by various network tools and applications for diagnostic purposes. Blocking it may hinder the effectiveness of these tools and applications.
Option D: Modifying the edge router to not forward broadcast traffic may help alleviate the high utilization reported by the internal routers. Broadcast traffic is a common cause of excessive traffic and can be effectively controlled by disabling the forwarding of such traffic. This solution may also indirectly address the elevated UDP traffic reported by the IDS, as excessive broadcast traffic could contribute to the issue.
Therefore, the best solution in this scenario would be Option D: Modify the edge router to not forward broadcast traffic. This solution effectively addresses the high utilization reported by the internal routers and may also indirectly address the elevated UDP traffic reported by the IDS.
