Joe the system administrator has noticed an increase in network activity from outside sources. He wishes to direct traffic to avoid possible penetration while heavily monitoring the traffic with little to no impact on the current server load. Which of the following would be BEST course of action?
A. Apply an additional firewall ruleset on the user PCs.
B. Configure several servers into a honeynet
C. Implement an IDS to protect against intrusion
D. Enable DNS logging to capture abnormal traffic