Most Secure Method to Prevent Administrative Access to Network Devices
Question
A Chief Information Officer (CIO) is concentrated about an attacker gaining administrative access to the company's network devices.
Which of the following is the MOST secure way to prevent this?
A.
ACL allowing only HTTP B.
ACL allowing only Telnet C.
Out-of-band modem D.
Out-of-band console router.
D.
Explanations
A Chief Information Officer (CIO) is concentrated about an attacker gaining administrative access to the company's network devices.
Which of the following is the MOST secure way to prevent this?
A.
ACL allowing only HTTP
B.
ACL allowing only Telnet
C.
Out-of-band modem
D.
Out-of-band console router.
D.
The most secure way to prevent an attacker from gaining administrative access to a company's network devices is by using an out-of-band console router.
An out-of-band console router is a separate device that is connected to the console port of a network device, such as a router or switch. This device provides secure access to the console of the network device, even if the network is compromised. Out-of-band management can be done through a serial connection or over a separate network connection that is isolated from the primary network.
Compared to in-band management methods, which rely on the same network infrastructure as the devices being managed, out-of-band management is considered more secure because it is not subject to the same vulnerabilities and attacks that can compromise the primary network.
In contrast, ACLs (Access Control Lists) are used to restrict access to network resources based on protocols, ports, and IP addresses. In this scenario, allowing only HTTP or Telnet through an ACL does not provide adequate protection against an attacker gaining administrative access to the company's network devices. An attacker could potentially use other protocols or methods to gain access to the devices.
Finally, an out-of-band modem is a device that provides remote access to the console port of a network device over a telephone line. While it is more secure than in-band management methods, it is still subject to vulnerabilities associated with the telephone network, such as eavesdropping and interception.
In summary, the most secure way to prevent an attacker from gaining administrative access to a company's network devices is by using an out-of-band console router.
