GCIH · Question #411
Assuming you use each program listed, of the choices listed below, which represents the BEST defense against protocol parser vulnerabilities?
The correct answer is D. Keep tcpdump fully patched. But, pay extra special attention to your sniffer tools and their associated analysis programs, such as Wireshark, Snort, tcpdump, Netmon, or any others. These tools must be carefully patched on a frequent basis, as vendors release fixes. These sniffing programs are often installe
Question
Assuming you use each program listed, of the choices listed below, which represents the BEST defense against protocol parser vulnerabilities?
Options
- ADisable scripts in Internet Explorer
- BDisable the Outlook preview pane
- CKeep Nmap fully patched
- DKeep tcpdump fully patched
How the community answered
(62 responses)- A13% (8)
- B5% (3)
- C3% (2)
- D79% (49)
Explanation
But, pay extra special attention to your sniffer tools and their associated analysis programs, such as Wireshark, Snort, tcpdump, Netmon, or any others. These tools must be carefully patched on a frequent basis, as vendors release fixes. These sniffing programs are often installed on sensitive networks, such as DMZs, data centers, and so on, because these locations are where you want to monitor traffic. Therefore, we have an application type that often has vulnerabilities, and is located on or near sensitive machines. An unpatched sniffer system is akin to asking for trouble on your network.
Topics
Community Discussion
No community discussion yet for this question.