A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?
The correct option is to allow list traffic to the application's IP from the internal network at a specific port. This approach ensures that communication is restricted to authorized traffic within the internal network, maintaining operational security. By specifying the port, the IPS can monitor and control the communication more effectively, reducing the risk of unapproved access while allowing the logistic company to use the outdated application during the migration period.
A. Allow list only authorized hosts to contact the applicationג€™s IP at a specific port.
C. Allow list traffic to application's IP from the internal network at a specific port. This will ensure that only authorized traffic from the internal network is able to reach the outdated application, while still protecting it with the IPS by monitoring the traffic at the specific port.
Option C is the most appropriate tuning option to apply to the IPS. By allow listing traffic to the application's IP from the internal network at a specific port, the IPS will permit the communication between the outdated application located in the private VLAN and the internal network while blocking any unapproved communication. This will enable the company to use the outdated application located in the private VLAN while securing their network from external threats. - ChatGPT
A is more restrictive and safe.