Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
When a host-based firewall on a legacy Linux system is configured to allow connections only from specific internal IP addresses, it is utilizing a compensating control. This is because compensating controls are alternative measures taken to address security risks when the primary control (such as full network segmentation) cannot be implemented, often due to limitations associated with legacy systems. In this case, the firewall's restriction serves as an additional security measure to mitigate risks inherent in the older system.
*On Exam, Taken On July 31, 2023*
Ok……. What was your answer????
Brother scroll down....
Does it matter? They don't know which questions they got correct or incorrect.
Network segmentation refers to the practice of dividing a network into smaller, isolated segments to improve security and control the flow of network traffic. In the scenario described, the host-based firewall on the legacy Linux system is configured to allow connections only from specific internal IP addresses. This is a form of network segmentation because it restricts access to the host from specific parts of the internal network while blocking access from other segments or external sources. This helps to isolate and protect the host from potential threats and unauthorized access.
Coming back to the is questions.... It could also be A. I think the key word in the question is "Legacy." A compensating control is an alternative measure implemented to mitigate the risk when a required security control cannot be implemented as specified. In the scenario described, the host-based firewall on a legacy Linux system allows connections only from specific internal IP addresses. This configuration acts as a compensating control if the ideal network segmentation cannot be implemented due to it being a legacy system. Compensating controls are put in place to address security gaps and reduce risk in situations where the primary security control cannot be applied. Network segmentation might be the ideal solution, but if it cannot be implemented due to certain limitations or constraints like it being a legacy system, the host-based firewall with specific IP address restrictions can serve as a compensating control to achieve a similar level of security.
Key word being legacy here, so it's compensating
LEGACY ==== COMPENSATE.
legacy always = compensate
When a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses, the security measure implemented is: B. Network segmentation. Network segmentation involves dividing a network into smaller, isolated segments to enhance security. By configuring the firewall to permit connections only from specific internal IP addresses, the network is effectively segmented, restricting access to authorized hosts while isolating the system from unauthorized or external sources. This enhances security by reducing the attack surface and controlling access within the network.
A. Compensating control In a legacy system where modern security practices or network segmentation may not be fully implemented, a compensating control could be used to provide additional security or restrict access. In this case, the host-based firewall rule allowing connections from specific internal IP addresses serves as a compensating control to restrict access and enhance security within the limitations of the legacy environment.
Has to be A, only allowing logging in to a device from 1 IP address which is controlled from the host's firewall is not network segmentation. The device is legacy so no more updates, therefore if you still need to run it you need to use compensating controls to secure it. "A compensating control is a control that makes up for the fact that you are unable to put another control in place." -Security+ Certification SY0-601 Fourth Edition by Glen Clarke & Dan Lachance
Not one IP address but specific, sorry. Either way that is not network segmentation but a compensating control.
Compensating control because you are implementing host-based firewall for the reason of it being a legacy Linux system. The reason I decided not to choose network segmentation is because based on COMPTIA Student Guide, it specifically mentions that the NOS firewall functions as a network segment, not the host-based firewall: • Host-based firewall (or personal firewall)—implemented as a software application running on a single host designed to protect that host only. As well as enforcing packet filtering ACLs, a personal firewall can be used to allow or deny software processes from accessing the network. • Network operating system (NOS) firewall—a software-based firewall running under a network server OS, such as Windows or Linux. The server would function as a gateway or proxy for a network segment.
B is correct
B. Network segmentation. Network segmentation is a security strategy that involves dividing a computer network into smaller subnetworks, each with its own security measures. By implementing a host-based firewall on a legacy Linux system to allow connections only from specific internal IP addresses, you are essentially segmenting the network to control and restrict access based on predefined criteria. This helps in minimizing the potential attack surface and containing any security breaches within specific segments of the network.
legacy system doesn't mean they don't have segmentation control
B, legacy system doesn't mean they don't have network segmentation.
Compensating controls are measures taken to address any weaknesses of existing controls or to compensate for the inability to meet specific security requirements due to various different constraints.
B. Network segmentation Both A and B are correct. But B is more specific so B is the best answer.
In this scenario they're using a compensating control by segmenting the network. The answer is literally both A and B. Based on the information that is provided in the question, there is no way to tell which of the two is the right answer.
A. Compensating. It's legacy device, and it allows only specific IPs to be connected with, so it's compensating.