A University uses a card transaction system that allows students to purchase goods using their
student ID. Students can put money on their ID at terminals throughout the campus. The security
administrator was notified that computer science students have been using the network to illegally
put money on their cards. The administrator would like to attempt to reproduce what the students
are doing. Which of the following is the BEST course of action?
A.
Notify the transaction system vendor of the security vulnerability that was discovered.
B.
Use a protocol analyzer to reverse engineer the transaction system’s protocol.
C.
Contact the computer science students and threaten disciplinary action if they continue their
actions.
D.
Install a NIDS in front of all the transaction system terminals.