A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in
transport mode with AH enabled and ESP disabled throughout the internal network. The company
has hired a security consultant to analyze the network infrastructure and provide a solution for
intrusion prevention. Which of the following recommendations should the consultant provide to the
security administrator?
A.
Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.
B.
Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.
C.
Disable AH. Enable ESP on the internal network, and use NIPS on both networks.
D.
Enable ESP on the internal network, and place NIPS on both networks.