Competing Requirements: Application Server Subnetting
Question
A security engineer is faced with competing requirements from the networking group and database administrators.
The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another.
Which of the following should the security administrator do to rectify this issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The security engineer is facing a dilemma where the networking group and database administrators have opposing requirements regarding the placement of application servers. The database administrators prefer to have ten application servers on the same subnet to make administration easier, whereas the networking group wants to segment all the applications from each other.
To resolve this issue, the security engineer needs to find a solution that satisfies both groups' requirements while also maintaining the security of the application servers. The security engineer should evaluate the potential risks associated with each approach and recommend the most secure approach.
Option A: Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability. This approach may be time-consuming and not necessarily effective in ensuring the security of all applications. It is not a viable solution as it could leave some applications at risk.
Option B: Recommend classifying each application into like security groups and segmenting the groups from one another. This approach is a good solution that addresses both groups' concerns while also ensuring the security of the application servers. It allows the database administrators to manage the servers effectively while also satisfying the networking group's requirement to segment the servers.
Option C: Recommend segmenting each application, as it is the most secure approach. While this approach may provide the highest level of security, it does not meet the database administrators' requirement to have all the application servers on the same subnet. It may also increase complexity and administration costs.
Option D: Recommend that only applications with minimal security features should be segmented to protect them. This approach is not a viable solution as it does not address the concerns of either group. It could also potentially leave critical applications at risk.
Therefore, option B is the most appropriate solution that meets the requirements of both groups and ensures the security of the application servers.
