312-50V10 · Question #196
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with fir
The correct answer is A. Network elements must be hardened with user ids and strong passwords. Regular security tests. Defense-in-depth requires that internal systems like network elements be hardened independently, and cannot rely solely on perimeter controls like firewalls.
Question
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
Options
- ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
- BAs long as the physical access to the network elements is restricted, there is no need for
- CThere is no need for specific security measures on the network elements as long as firewalls and
- DThe operator knows that attacks and down time are inevitable and should have a backup site.
How the community answered
(34 responses)- A76% (26)
- B9% (3)
- C3% (1)
- D12% (4)
Why each option
Defense-in-depth requires that internal systems like network elements be hardened independently, and cannot rely solely on perimeter controls like firewalls.
Hardening network elements with strong user credentials and conducting regular security assessments applies the principle of defense-in-depth, ensuring that if perimeter defenses are breached, internal systems are not trivially compromised. Linux-based network elements have their own attack surface including SSH services, local accounts, and running processes that must be secured regardless of firewall protection. Regular security testing validates that hardening measures remain effective over time.
Physical access restrictions alone do not protect against network-based attacks that can reach internal systems through legitimate data center connectivity.
Firewalls and IPS systems are perimeter controls that can be bypassed or misconfigured - relying solely on them violates the principle of defense-in-depth.
Accepting attacks as inevitable and relying only on a backup site is a reactive posture that ignores preventive hardening, which is a fundamental security failure.
Concept tested: Defense-in-depth and system hardening principles
Source: https://csrc.nist.gov/glossary/term/defense_in_depth
Topics
Community Discussion
No community discussion yet for this question.