A security analyst has discovered that developers have installed browsers on all development servers in the company's cloud infrastructure and are using them to browse the Internet.
Which of the following changes should the security analyst make to BEST protect the environment?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The security analyst has identified a potential security risk where developers are using browsers on development servers in the company's cloud infrastructure. As a result, the security analyst needs to take action to protect the environment.
Option A suggests creating a security rule that blocks Internet access in the development VPC (Virtual Private Cloud). This would prevent developers from accessing the Internet from the development servers, which would reduce the risk of downloading malware or visiting malicious websites. However, this may also limit the functionality of the development environment, which could impact productivity and hinder development efforts.
Option B suggests placing a jumpbox in between the developers' workstations and the development VPC. A jumpbox is a dedicated server that provides a secure way to access other servers in the network. By placing a jumpbox between the developers' workstations and the development VPC, developers would need to authenticate themselves to the jumpbox before accessing the development servers. This would add an extra layer of security, and any activity on the development servers could be monitored and logged. However, this option would require additional resources and infrastructure to be implemented.
Option C suggests removing the administrator's profile from the developer user group in identity and access management. This would limit the access privileges of developers and reduce the risk of accidental or intentional misuse of administrator privileges. However, this option would not directly address the risk of developers using browsers on development servers.
Option D suggests creating an alert that is triggered when a developer installs an application on a server. This would allow the security analyst to monitor the activity of developers and detect any potentially malicious activity. However, this option would not prevent developers from using browsers on development servers.
In conclusion, option B - placing a jumpbox in between the developers' workstations and the development VPC - is the BEST option to protect the environment. This option provides an additional layer of security, allows for monitoring and logging of activity, and does not limit the functionality of the development environment.