Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?
B. Content filter
D. Host-based firewalls
Correct Answer: D
Section: Application, Data and Host Security
A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a filter
is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it. Log
records information about the packet into a log file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required, other potentially compromised
application services would be prevented from being exploited across the network.
A: A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting
and responding to network-based attacks originating from outside the organization. However, other potentially compromised application services would run on the host, rather than
across the network.
B: Content filtering usually refers to web site content. It entails inspecting the data on a web page against a blacklist of unwanted terms and preventing access to that web page.
C: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the
organization. However, other potentially compromised application services would run on the host, rather than across the network.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 111-112, 116-117
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-8, 13-16