A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The
core of the POS is an extranet site, accessible only from retail stores and the corporate office over
a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the
main office, which provides voice connectivity for store VoIP phones. Each store offers guest
wireless functionality, as well as employee wireless. Only the staff wireless network has access to
the POS VPN. Recently, stores are reporting poor response times when accessing the POS
application from store computers as well as degraded voice quality when making phone calls.
Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to
review the configuration and suggest changes to prevent this from happening again. Which of the
following denotes the BEST way to mitigate future malware risk?
A.
Deploy new perimeter firewalls at all stores with UTM functionality.
B.
Change antivirus vendors at the store and the corporate office.
C.
Move to a VDI solution that runs offsite from the same data center that hosts the new POS
solution.
D.
Deploy a proxy server with content filtering at the corporate office and route all traffic through it.