Register
A network engineer is attempting to design-in resiliency characteristics for an enterprise network's VPN services. If the engineer wants to help ensure some resilience against zero-day vulnerabilities
42.5k views
4 votes
A network engineer is attempting to design-in resiliency characteristics for an enterprise network's VPN services.

If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?

A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization's SOC with near-real-time alerting to administrators.
B. Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise's pool of VPN concentrators.
C. Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.
D. Employ a second VPN layer concurrently where the other layer's cryptographic implementation is sourced from a different vendor.

User Andrii Tsok
by
8.1k points

1 Answer

3 votes

Final answer:

A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization's SOC with near-real-time alerting to administrators.

Implementing a reverse proxy for VPN traffic defended and monitored by the organization's SOC with near-real-time alerting to administrators would best support the objective of ensuring resilience against zero-day vulnerabilities in the VPN implementation.

Step-by-step explanation:

The decision that would best support the objective of ensuring some resilience against zero-day vulnerabilities exploited against the VPN implementation is Option A: Implement a reverse proxy for VPN traffic that is defended and monitored by the organization's SOC with near-real-time alerting to administrators.

By implementing a reverse proxy, the VPN traffic is routed through a separate server that acts as a buffer between the clients and the VPN concentrators.

This helps to protect the VPN concentrators from direct exposure to the internet and mitigate potential zero-day vulnerabilities.

Additionally, having the reverse proxy defended and monitored by the organization's Security Operations Center (SOC) provides an extra layer of security and constant oversight.

The SOC can detect and respond to any suspicious activity or potential zero-day exploits in near-real-time, allowing the administrators to take immediate action to prevent any potential breach or compromise.

User Bazooka
by
7.6k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.0m questions

11.6m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Link Copied!