Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?
Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?
When a file server needs to be accessible to external users, it is crucial to isolate the server from the internal network to minimize security risks. Setting up a demilitarized zone (DMZ) provides an additional layer of security by placing the file server in a separate network that external users can access without directly exposing the internal network. This configuration helps protect internal systems while still allowing necessary access to the file server. Other options like enhancing internal firewalls, enforcing a secure tunnel connection, or implementing a secure protocol may improve security but do not provide the same level of network isolation and layered defense as a DMZ.
The best recommendation to protect an organization from attacks when its file server needs to be accessible to external users is to enforce a secure tunnel connection. This involves using technologies such as VPN or other secure communication protocols to establish an encrypted connection between external users and the file server. This helps protect data during transmission and reduces the risk of unauthorized access or interception.
Setting up a DMZ allows for the isolation of external-facing services from the internal network, providing an additional layer of security. This configuration helps protect the internal systems while allowing external users to access the necessary resources on the file server.