Identifying Rogue Websites on a Company's Internal Network
Question
Given the following information about a company's internal network: User IP space: 192.168.1.0/24 - Server IP space: 192.168.192.0/25 A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified.
Which of the following should the engineer do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.B.
The objective is to identify rogue websites that are hosted outside of the proper server space. To achieve this, the security engineer should scan the network to identify all active hosts and the services running on them. Based on the information provided, the user IP space is 192.168.1.0/24 and the server IP space is 192.168.192.0/25.
Option A suggests using a protocol analyzer on 192.168.1.0/24. A protocol analyzer is a tool that captures and analyzes network traffic. However, it is not the best option in this scenario because it will capture all traffic on the user IP space, including legitimate traffic, and it may not capture traffic to and from rogue websites.
Option B suggests using a port scanner on 192.168.1.0/24. A port scanner is a tool that scans a network for open ports and services running on them. However, it is also not the best option because it will only identify open ports and services on the user IP space and may not detect rogue websites hosted outside of the proper server space.
Option C suggests using an HTTP interceptor on 192.168.1.0/24. An HTTP interceptor is a tool that intercepts and analyzes HTTP traffic. However, it is not the best option in this scenario because it will only capture HTTP traffic and may not detect rogue websites hosted on other protocols.
Option D suggests using a port scanner on 192.168.192.0/25. This option is a better choice than the previous ones because it focuses on the server IP space, which is where rogue websites are suspected to be hosted. A port scan will identify all open ports and services on the server IP space and may detect rogue websites hosted outside of the proper server space.
Option E suggests using a protocol analyzer on 192.168.192.0/25. This option is not the best choice because a protocol analyzer captures all traffic on the network, which may not be efficient in identifying rogue websites.
Option F suggests using an HTTP interceptor on 192.168.192.0/25. This option is also not the best choice because it only captures HTTP traffic and may not detect rogue websites hosted on other protocols.
Therefore, the best option is D, which suggests using a port scanner on 192.168.192.0/25, to identify all active hosts and services running on them in the server IP space. The security engineer can then investigate any suspicious hosts and services to identify any rogue websites hosted outside of the proper server space.
