A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an old remote vulnerability in the SMB protocol.
The worm uses Nmap to identify target hosts within the company.
The administrator wants to implement a solution that will eradicate the current worm and any future attacks that may be using zero-day vulnerabilities.
Which of the following would BEST meet the requirements when implemented?
Click on the arrows to vote for the correct answer
A. B. C. D. E.C.
Option B, an enterprise patch management system, would be the best solution in this scenario.
Explanation:
The scenario describes a situation where a worm is spreading throughout the organization using an old remote vulnerability in the SMB protocol. This indicates that the organization has not applied the relevant patches or updates to address the vulnerability. As a result, the worm is able to propagate itself and infect other hosts within the network.
Nmap is a network mapping tool that the worm uses to identify target hosts within the company. This indicates that the worm is actively scanning the network for vulnerable hosts and exploiting them.
To eradicate the current worm and prevent future attacks that may use zero-day vulnerabilities, the organization needs to implement a solution that can address both known and unknown vulnerabilities. This requires a proactive approach to security that includes vulnerability management and patching.
Option B, an enterprise patch management system, is the best solution in this scenario because it allows the organization to centrally manage the deployment of patches and updates across all systems within the network. This ensures that known vulnerabilities are addressed in a timely manner, reducing the risk of exploitation by worms or other types of malware.
In addition, a patch management system can also provide the organization with visibility into the state of its systems, including which patches have been applied and which ones are still outstanding. This can help the security team prioritize its efforts and focus on addressing the most critical vulnerabilities first.
Option A, a host-based firewall, may be useful for preventing the worm from spreading from one host to another within the network. However, it does not address the root cause of the problem, which is the unpatched vulnerability in the SMB protocol.
Option C, a network-based intrusion prevention system, may be able to detect and block the worm's activities, but it does not address the underlying vulnerability. In addition, an intrusion prevention system may generate false positives or false negatives, which can impact network performance and security.
Option D, application blacklisting, may be able to prevent the worm from executing on systems within the network. However, it does not address the root cause of the problem, which is the unpatched vulnerability in the SMB protocol.
Option E, file integrity checking, can help detect changes to files or configurations that may indicate the presence of malware. However, it does not address the underlying vulnerability in the SMB protocol that is allowing the worm to propagate itself.
Therefore, the best option to eradicate the current worm and prevent future attacks is to implement an enterprise patch management system.