Which are attack mitigation roles for the software access option in the SAFE SMR remote user network environment?

Which are attack mitigation roles for the software access option in the SAFE SMR remote user network environment? (Choose two)

Which are attack mitigation roles for the software access option in the SAFE SMR remote user network environment? (Choose two)

A.
Basic Layer 7 filtering

B.
Authenticate remote site

C.
Host DoS mitigation

D.
Terminate IPSec

E.
Stateful packet filtering

Explanation:

The following are the specific attack mitigation roles for the software access option:
1) Authenticate remote site – Properly identify and verify a user or service
2) Terminate IPSec – Successfully establish an IPSec tunnel between the remote site and host site
3) Personal firewall and virus scanning for local attack mitigation – Allay the risk of virus infection at the remote site.
Reference: Cisco SAFE Implementation 1.1 Courseware Page 7-10 under Software Access Option
Note: The software access option is geared toward the mobile worker as well as the home-office worker. All the remote user requires is a PC with VPN client software and connectivity to the Internet or ISP network via a dial-in or Ethernet connection. The primary function of the VPN software client is to establish a secure, encrypted tunnel from the client device to a VPN headend device. Access and authorization to the network are controlled from the headquarters location when filtering takes place on the firewall and on the client itself if access rights are pushed down via policy. The remote user is first authenticated, and then receives IP parameters such as a virtual IP address, which is used for all VPN traffic, and the location of name servers (DNS and Windows Internet Name Service [WINS]). Split tunneling can also be enabled or disabled via the central site. For the SAFE design, split tunneling was disabled, making it necessary for all remote users to access the Internet via the corporate connection when they have a VPN tunnel established. Because the remote user may not always want the VPN tunnel established when connected to the Internet or ISP network, personal firewall software is recommended to mitigate against unauthorized access to the PC. Virus-scanning software is also recommended to mitigate against viruses and Trojan horse programs infecting the PC.
REF;Safe white papers;page 27&28
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks



Leave a Reply 0

Your email address will not be published. Required fields are marked *