312-50V9 · Question #285
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with fir
The correct answer is A. Network elements must be hardened with user ids and strong passwords. Regular security tests. Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.
Question
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
Options
- ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
- BAs long as the physical access to the network elements is restricted, there is no need for
- CThere is no need for specific security measures on the network elements as long as firewalls and
- DThe operator knows that attacks and down time are inevitable and should have a backup site.
How the community answered
(31 responses)- A81% (25)
- B3% (1)
- C13% (4)
- D3% (1)
Why each option
Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.
Hardening network elements with strong credentials and conducting regular security testing implements a defense-in-depth approach that does not rely solely on perimeter defenses. Linux-based network elements have their own attack surface including local privilege escalation, default credentials, and unpatched vulnerabilities. Regular security assessments ensure controls remain effective as the threat landscape evolves.
Physical access restrictions only prevent physical tampering and do not protect against network-based or insider attacks targeting the elements directly.
Firewalls and IPS protect the network perimeter but cannot defend against threats that originate internally or that successfully bypass the perimeter, leaving unhardened elements fully exposed.
Accepting attacks and downtime as inevitable without implementing preventive hardening controls is not a valid security policy and represents a failure to apply due diligence.
Concept tested: Defense in depth and host hardening for network infrastructure
Source: https://csrc.nist.gov/publications/detail/sp/800-123/final
Topics
Community Discussion
No community discussion yet for this question.