A large number of connections to port 80 is discovered while reviewing the log files on a server.
The server is not functioning as a web server.
Which of the following represent the BEST immediate actions to prevent unauthorized server access? (Choose two.)
A.
Audit all group privileges and permissions B.
Run a checksum tool against all the files on the server C.
Stop all unneeded services and block the ports on the firewall D.
Initialize a port scan on the server to identify open ports E.
Enable port forwarding on port 80 F.
Install a NIDS on the server to prevent network intrusions.
AD.
A large number of connections to port 80 is discovered while reviewing the log files on a server.
The server is not functioning as a web server.
Which of the following represent the BEST immediate actions to prevent unauthorized server access? (Choose two.)
A.
Audit all group privileges and permissions
B.
Run a checksum tool against all the files on the server
C.
Stop all unneeded services and block the ports on the firewall
D.
Initialize a port scan on the server to identify open ports
E.
Enable port forwarding on port 80
F.
Install a NIDS on the server to prevent network intrusions.
AD.
The best immediate actions to prevent unauthorized server access in the given scenario are to:
A. Audit all group privileges and permissions C. Stop all unneeded services and block the ports on the firewall
Explanation:
A. Audit all group privileges and permissions: This action involves reviewing and analyzing the group privileges and permissions assigned to different users on the server. It is important to ensure that only authorized users have access to the server and its resources. Auditing helps in identifying any discrepancies or unauthorized access and can be useful in taking corrective actions.
C. Stop all unneeded services and block the ports on the firewall: The second action is to stop all unneeded services that are running on the server and block the ports on the firewall that are not needed. This can prevent any further unauthorized access to the server. Port 80 is a commonly used port for HTTP traffic, and if the server is not intended to be a web server, then it is advisable to block this port to prevent any unauthorized access attempts.
B. Run a checksum tool against all the files on the server: Running a checksum tool against all the files on the server helps to identify any changes made to the files. However, this action may not be an immediate solution to prevent unauthorized server access, but it can help in identifying any unauthorized changes made to the server files.
D. Initialize a port scan on the server to identify open ports: Performing a port scan on the server can help identify any open ports that could be potentially exploited by attackers. However, this action may not be advisable in a production environment as it can cause disruptions to the server's services.
E. Enable port forwarding on port 80: Enabling port forwarding on port 80 can be useful if the server is intended to be a web server. However, in the given scenario, the server is not intended to be a web server, and enabling port forwarding can potentially expose the server to unauthorized access attempts.
F. Install a NIDS on the server to prevent network intrusions: Installing a network intrusion detection system (NIDS) on the server can help detect any unauthorized access attempts or network intrusions. However, this action may not be an immediate solution to prevent unauthorized server access, and it requires time to set up and configure.
In conclusion, the best immediate actions to prevent unauthorized server access in the given scenario are to audit all group privileges and permissions and stop all unneeded services and block the ports on the firewall.