A company decides to deploy customer-facing, touch-screen kiosks.
The kiosks appear to have several open source service ports that could potentially become compromised.
Which of the following is the MOST effective way to protect the kiosks?
A.
Install an IDS to monitor all traffic to and from the kiosks. B.
Install honeypots on the network to detect and analyze potential kiosk attacks before they occur. C.
Enable switchport security on the ports to which the kiosks are connected to prevent network-level attacks. D.
Create a new network segment with ACLs, limiting kiosks' traffic with the internal network.
D.
A company decides to deploy customer-facing, touch-screen kiosks.
The kiosks appear to have several open source service ports that could potentially become compromised.
Which of the following is the MOST effective way to protect the kiosks?
A.
Install an IDS to monitor all traffic to and from the kiosks.
B.
Install honeypots on the network to detect and analyze potential kiosk attacks before they occur.
C.
Enable switchport security on the ports to which the kiosks are connected to prevent network-level attacks.
D.
Create a new network segment with ACLs, limiting kiosks' traffic with the internal network.
D.
The most effective way to protect customer-facing, touch-screen kiosks with open source service ports from potential attacks is to create a new network segment with access control lists (ACLs), limiting the kiosks' traffic with the internal network.
This solution is the most effective because it segregates the kiosks from the rest of the network and limits the traffic that can pass between them, reducing the potential for compromise. Additionally, ACLs can be configured to allow only necessary traffic to and from the kiosks, further limiting their exposure to potential attacks.
Installing an intrusion detection system (IDS) to monitor all traffic to and from the kiosks is another option, but it may not be as effective as creating a separate network segment. IDS can detect and alert on suspicious activity, but it may not prevent the compromise from happening in the first place.
Installing honeypots on the network to detect and analyze potential kiosk attacks before they occur is not an effective solution because honeypots are typically used to attract and analyze attacks, rather than prevent them. This option may also add complexity to the network and potentially create more attack surfaces.
Enabling switchport security on the ports to which the kiosks are connected to prevent network-level attacks is another option. However, this option may not be as effective as creating a separate network segment since it only limits the types of devices that can connect to the port, not the traffic that passes through it.
In conclusion, creating a new network segment with ACLs, limiting kiosks' traffic with the internal network is the most effective solution to protect customer-facing, touch-screen kiosks with open source service ports from potential attacks.