A customer has submitted a request for a new wireless connection in the main office so visitors can reach the Internet to check their email.
The customer is concerned about security and does not want visitors to be able to access the internal finance server.
Which of the following BEST describes the correct configuration?
A.
The LAN and WLAN should be configured in the same zone with dynamic DENY ALL rules. B.
The LAN and WLAN should be configured in the DMZ so traffic is denied automatically. C.
The LAN and WLAN should be marked as trusted during work hours and untrusted during off hours. D.
The LAN and WLAN should be configured in separate zones with a firewall in between.
D.
A customer has submitted a request for a new wireless connection in the main office so visitors can reach the Internet to check their email.
The customer is concerned about security and does not want visitors to be able to access the internal finance server.
Which of the following BEST describes the correct configuration?
A.
The LAN and WLAN should be configured in the same zone with dynamic DENY ALL rules.
B.
The LAN and WLAN should be configured in the DMZ so traffic is denied automatically.
C.
The LAN and WLAN should be marked as trusted during work hours and untrusted during off hours.
D.
The LAN and WLAN should be configured in separate zones with a firewall in between.
D.
The correct configuration for a new wireless connection in the main office that allows visitors to access the internet but prevents them from accessing the internal finance server would be to configure the LAN and WLAN in separate zones with a firewall in between, as described in option D.
Option A suggests configuring both LAN and WLAN in the same zone, which would not be a recommended practice as it could lead to security vulnerabilities. While dynamic DENY ALL rules could be implemented to restrict access to the internal finance server, it would still be risky to have both LAN and WLAN in the same zone.
Option B suggests configuring LAN and WLAN in the DMZ, which is typically a demilitarized zone between the internal network and the internet where publicly accessible servers are placed. However, this configuration would not be appropriate for a wireless connection meant for visitors, as DMZ is generally reserved for servers and devices that need to be accessed by external users.
Option C suggests marking the LAN and WLAN as trusted during work hours and untrusted during off hours, which would not be a practical solution to the problem as visitors may need to access the internet outside of regular work hours.
Option D, on the other hand, suggests configuring the LAN and WLAN in separate zones with a firewall in between. This configuration would allow visitors to access the internet while preventing them from accessing the internal finance server. The firewall can be configured to allow only certain types of traffic between the two zones and block everything else, providing a secure separation between the LAN and WLAN.
In conclusion, option D would be the best configuration to meet the customer's requirements for a new wireless connection that allows visitors to access the internet while maintaining the security of the internal network.