You are the administrator at Certkiller Inc. and you need pick a device to help you secure the network. Which device in the SAFE SMR midsize network design corporate Internet module determines when to provide TCP shunning or resets?
A.
IDS
B.
Firewall
C.
Router
D.
Public services servers
E.
Layer 2 switches
Explanation:
The NIDS appliance between the private interface of the firewall and the internal router provides a final analysis of attacks. Very few attacks should be detected on this segment because only responses to initiated requests, a few select ports from the public services segment, and traffic from the remote access segment are allowed to the inside. Only sophisticated attacks should be seen on this segment because they could mean that a system on the public services segment has been compromised and the hacker is attempting to take advantage of this foothold to attack the internal network. For example, if the public SMTP server were compromised, a hacker might try to attack the internal mail server over TCP port 25, which is permitted to allow mail transfer between the two hosts. If attacks are seen on this segment, the responses to those attacks should be more severe than those on other segments because they probably indicate that a compromise has already occurred. The use of TCP resets or shunning to thwart, for example, the SMTP attack mentioned above, should be seriously considered.
Reference: Safe white papers;page 19
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks