What is a design alternative in the SAFE SMR midsize network design campus module?
A.
A NIDS appliance can be placed in front of the firewall.
B.
The end-user workstations can be connected directly to the core switch.
C.
The router between the firewall and the campus module can be eliminated.
D.
A URL filtering can be placed on the public services segment to filter the types of Web pages employees can access.
Explanation:
If the medium network is small enough, the functionality of the building switches can be rolled into the core switch, and the building switches can be eliminated. In this case, the end-user workstations would be connected directly to the core switch. Private VLAN functionality would be implemented on the core switch in order to mitigate against trust-exploitation attacks. If the performance requirements of the internal network are not high, a separate router and Layer 2 switch could be used for the core and distribution instead of the higher-performing Layer 3 switch. If desired, the separate NIDS appliance can be replaced with an integrated IDS module that fits into the core switch. This setup provides higher traffic throughput into the IDS module because it sits on the backplane of the switch, rather than being connected via a single 10/100-Mbps Ethernet port. ACLs on the switch can be used to control what traffic is sent to the IDS module. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 23