John runs a Web server, IDS and firewall on his network. Recently his Web server has been under
constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the
Web server constantly locks up and needs rebooting due to various brute force and buffer
overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and
views the Firewall logs and he notices huge SSL connections constantly hitting his Web server.
Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and
that was the reason the IDS did not detect the intrusions. How would John protect his network
from these types of attacks?
A.
Install a proxy server and terminate SSL at the proxy
B.
Enable the IDS to filter encrypted HTTPS traffic
C.
Install a hardware SSL “accelerator” and terminate SSL at this layer
D.
Enable the Firewall to filter encrypted HTTPS traffic