An organization is looking to improve threat detection on their wireless network. The company goal is to automate alerts to improve response efforts. Which of the following best practices should be implemented FIRST?
An organization is looking to improve threat detection on their wireless network. The company goal is to automate alerts to improve response efforts. Which of the following best practices should be implemented FIRST?
To improve threat detection on a wireless network and automate alerts to enhance response efforts, deploying a wireless intrusion detection system (IDS) is the best initial step. A wireless IDS monitors network traffic, detects suspicious activity, and generates alerts for administrators, facilitating prompt responses to potential threats. It directly addresses the goal of enhancing threat detection and automating alert responses. Other measures like multi-factor authentication and 802.1x authentication, while essential for network security, are not primarily focused on threat detection and immediate response.
The best practice that should be implemented first to improve threat detection on the wireless network is C. Deploy a wireless intrusion detection system (IDS). A wireless IDS can monitor the network traffic and alert the administrator of any suspicious or malicious activity, such as unauthorized access, denial-of-service attacks, or rogue access points. A wireless IDS can also help automate the response efforts by blocking or isolating the attackers. The other options are also important for wireless network security, but they are not directly related to threat detection.
C is correct
IDS detect and send alerts
The question is asking for what should be done first. They talk about detecting intrusions to lead you to the wrong answer. First is 802.1X, then the IPS. "802.1X authentication involves making sure something interfacing with the system is actually what it claims it is." https://www.fortinet.com/resources/cyberglossary/802-1x-authentication
CISSP likes 802.1x authentication very much and names it often in the context of Wifi and unauthorized access.
D is correct: CBK Reference, 6th Edition, p. 324. EAP should be done first.
Have to go with D. It sounds misleading. But we do need 802.1x first for NAC before implementing IDS solutions. its more organized that way and locks down the network in proper order.