A network administrator is redesigning network security after an attack.
During the attack, an attacker used open cubicle locations to attach devices to the network.
The administrator wants to be able to monitor future attacks in a safe environment and determine the method of attack.
Which of the following should the administrator do to BEST meet this requirement?
A.
Create a VLAN for the unused ports and create a honeyspot on the VLAN. B.
Install a BPDU guard on switchports and enable STP. C.
Create a DMZ for public servers and secure a segment for the internal network. D.
Install antivirus software and set an ACL on the servers.
A.
A network administrator is redesigning network security after an attack.
During the attack, an attacker used open cubicle locations to attach devices to the network.
The administrator wants to be able to monitor future attacks in a safe environment and determine the method of attack.
Which of the following should the administrator do to BEST meet this requirement?
A.
Create a VLAN for the unused ports and create a honeyspot on the VLAN.
B.
Install a BPDU guard on switchports and enable STP.
C.
Create a DMZ for public servers and secure a segment for the internal network.
D.
Install antivirus software and set an ACL on the servers.
A.
Option A: Create a VLAN for the unused ports and create a honeyspot on the VLAN.
This option involves creating a separate VLAN for unused ports and setting up a honeypot on that VLAN. A honeypot is a decoy system designed to attract and trap attackers. By monitoring the activity on the honeypot, the administrator can gain insight into the methods used by the attacker and take appropriate action.
This approach is a good way to monitor future attacks in a safe environment, as the honeypot is separate from the production network and can be closely monitored without interfering with normal network traffic.
Option B: Install a BPDU guard on switchports and enable STP.
This option involves enabling Spanning Tree Protocol (STP) and installing a BPDU guard on switchports. STP is a protocol used to prevent network loops, while a BPDU guard is used to prevent unauthorized devices from connecting to the network.
While this approach can help to prevent future attacks, it may not provide the level of monitoring and analysis required to determine the method of attack.
Option C: Create a DMZ for public servers and secure a segment for the internal network.
This option involves creating a DMZ (Demilitarized Zone) for public servers and securing a separate segment for the internal network. A DMZ is a network segment that sits between the public internet and the internal network, providing an additional layer of security.
While this approach can help to prevent future attacks, it may not provide the level of monitoring and analysis required to determine the method of attack.
Option D: Install antivirus software and set an ACL on the servers.
This option involves installing antivirus software on the servers and setting an Access Control List (ACL) to restrict access to the servers. While this approach can help to prevent future attacks, it may not provide the level of monitoring and analysis required to determine the method of attack.
Conclusion:
Of the four options given, Option A is the BEST choice to meet the requirement of monitoring future attacks in a safe environment and determining the method of attack. Creating a separate VLAN for unused ports and setting up a honeypot on that VLAN provides a safe environment for monitoring and analysis, while also helping to prevent future attacks.