Robust Access Controls and Audit Trails for On-Premises to Datacenter Migration

AC.

The company is migrating its systems to a third-party managed datacenter, and it requires remote access to all hardware platforms to be available at all times. At the same time, access controls need to be robust, and an audit trail must be provided. The question asks for two security controls that will meet the company's objectives from the options provided. Let's analyze each option to determine which ones would be suitable for the given scenario.

A. Integrated platform management interfaces are configured to allow access only via SSH. Secure Shell (SSH) is a network protocol that provides secure remote access to the system's command-line interface. Configuring the platform management interfaces to allow access only via SSH is an appropriate security control to ensure secure remote access. This option provides a secure channel of communication between the remote user and the system's command-line interface, which helps to protect against unauthorized access and data tampering. Therefore, this option is a suitable security control for the scenario.

B. Access to hardware platforms is restricted to the systems administrator's IP address. Restricting access to the hardware platforms based on the systems administrator's IP address is a security control that limits access to the systems to authorized personnel only. However, this security control does not provide a high level of security as an attacker who manages to obtain the administrator's credentials can still access the systems. Additionally, this control is not suitable for a scenario where remote access to all hardware platforms must be available at all times. Therefore, this option is not a suitable security control for the given scenario.

C. Access is captured in event logs that include source address, timestamp, and outcome. Capturing access in event logs that include source address, timestamp, and outcome is an appropriate security control to ensure an audit trail of remote access to the hardware platforms. This control enables the organization to track access to the system, detect potential threats, and perform forensic analysis in the event of a security breach. Therefore, this option is a suitable security control for the given scenario.

D. The IP addresses of server management interfaces are located within the company's extranet. The option to locate the IP addresses of server management interfaces within the company's extranet is not an appropriate security control for the scenario. This option does not provide any security measure to ensure remote access to the hardware platforms' availability and restricts access to the server management interfaces to users within the company's extranet only. Therefore, this option is not a suitable security control for the given scenario.

E. Access is limited to interactive logins on the VDi. Limiting access to interactive logins on the VDi (Virtual Desktop Infrastructure) is a security control that restricts remote access to the system to interactive sessions only. However, this control is not suitable for the given scenario as it limits access to interactive sessions only and does not allow for non-interactive sessions that may be required in certain situations. Additionally, this control does not provide a high level of security as an attacker who manages to obtain the user's credentials can still access the system. Therefore, this option is not a suitable security control for the given scenario.

F. Application logs are hashed cryptographically and sent to the SIEM (Security Information and Event Management) system. Hashing application logs cryptographically and sending them to the SIEM system is an appropriate security control that ensures data integrity and security. This control helps to protect the logs from tampering, and the SIEM system can be used to detect anomalies and potential security threats. Therefore, this option is a suitable security control for the given scenario.

In conclusion, the suitable security controls that will meet the company's objectives are:

• Integrated platform management interfaces are configured to allow access only via SSH.
• Access is captured in event logs that include source address, timestamp, and outcome. Therefore, the