During a scan of a web server in the perimeter network, a vulnerability was identified that could be exploited over port 3389. The web server is protected by a WAF. Which of the following best represents the change to overall risk associated with this vulnerability?
The risk would increase because the host is external facing. While a Web Application Firewall (WAF) can protect web applications by filtering and monitoring HTTP traffic, it is not designed to secure ports and services unrelated to web traffic, such as RDP on port 3389. Since the vulnerability is on an external-facing web server, it is more susceptible to attacks, and overall risk increases because of the exposure to potential external threats.
The use of a Web Application Firewall (WAF) can help mitigate the risk associated with the identified vulnerability. WAFs are specifically designed to protect web applications and servers from various attacks, including those that target specific ports or services. In this case, the WAF is likely to inspect and filter traffic on port 3389, reducing the likelihood of the identified vulnerability being exploited. While network firewalls play a role in securing the network perimeter, the WAF, being a specialized tool for web application security, is more directly relevant to the specific vulnerability associated with port 3389 on the web server. Therefore, the risk would decrease because a web application firewall is in place.
There's no mention regarding options A & B in the question. WAF probably would not be that effective against a vulnerability that uses the RDP on an external facing server. That leaves only D as the legitimate option for me.
I believe it's C
WAF don't necessarily protect against RDP vulnerabilities.
While it's true that being externally facing generally increases risk exposure due to potential accessibility by malicious actors, the fact that the web server is protected by a Web Application Firewall (WAF) helps to decrease this risk. The WAF acts as an additional layer of defense, inspecting and filtering traffic to block or mitigate attacks targeting the web application. Therefore, the overall risk would not necessarily increase solely because the host is external facing; rather, the presence of the WAF helps to mitigate the risk associated with this setup.
If the scan can see RDP open and it's public facing as its stated on a "perimeter network" then the WAF isn't doing anything. If you leave ports open on any firewall it isn't going to stop the traffic.
As far as i know a WAF cant protect against RDP vulnerabilities
D. The risk would increase because the host is external facing This answer is more accurate because an external-facing host increases the likelihood of an attack. The presence of a WAF does not mitigate risks associated with non-web vulnerabilities such as those on port 3389. Therefore, the overall risk is higher due to the exposure of the host to the internet.
WAF is web application firewall however, vulnerability is found with 3389 i.e. RDP port which means the host is external facing and the risk would increase. Hence corrcet answer is D
With WAF protection, it will decrease the risk.
I will change my answer to D.
I agree with everyone saying option C
I also think the answer is C. The Web Application Firewall would decrease the overall risk of the vulnerability on the RDP 3389.
Given the options, the most accurate statement is (D). However, it's worth noting that the risk level associated with this vulnerability would indeed change if the network firewall is properly configured to control traffic over port 3389, which is not mentioned in the given options. The key to mitigating the risk would be ensuring that RDP access is appropriately secured, either by limiting it through firewall rules, requiring secure VPN access for RDP, or by disabling it if it's not needed.
The correct is D