A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server.
Which of the following represents the MOST secure way to configure the new network segment?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Option A is the most secure way to configure the new network segment.
Explanation: Placing the new network segment on a separate VLAN allows for the network traffic to be segregated from the rest of the internal network traffic, thereby reducing the risk of an attacker gaining access to other parts of the network.
Firewall rules should be configured to allow external traffic to only the necessary ports and protocols required for the web and FTP server. This helps in limiting the attack surface by denying unauthorized access to other ports or protocols.
Option B, placing the segment on the internal VLAN, would not provide sufficient security as it would allow internal traffic only. External users would not be able to access the web or FTP server, defeating the purpose of the new segment.
Option C, placing the segment on an intranet and allowing external traffic through firewall rules, could be risky. The intranet is meant for internal use only, and allowing external traffic may compromise the security of the entire intranet.
Option D, placing the segment on an extranet, would allow both internal and external traffic, increasing the attack surface and potentially compromising the security of the entire network.
In summary, the best option is to place the new network segment on a separate VLAN and configure the firewall rules to allow only necessary external traffic.