Question

An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:

Encrypt all traffic between the network engineer and critical devices.
Segregate the different networking planes as much as possible.
Do not let access ports impact configuration tasks.

Which of the following would be the BEST recommendation for the network security engineer to present?

A. Deploy control plane protections.
B. Use SSH over out-of-band management.
C. Force only TACACS to be allowed.
D. Require the use of certificates for AAA.

Answer 1

The best recommendation for the network security engineer is to use SSH over out-of-band management to meet the requirements.

Step-by-step explanation:

The best recommendation for the network security engineer to present would be to use SSH over out-of-band management to meet the requirements given by the information security manager. SSH (Secure Shell) provides a secure and encrypted connection between the network engineer and the critical devices, ensuring that the traffic is protected.

Out-of-band management means using a separate and dedicated network path for management, which helps segregate the different networking planes and minimizes the impact on configuration tasks. By using SSH over out-of-band management, the network engineer can fulfill both requirements of encrypting the traffic and segregating the networking planes.

This solution addresses the need to encrypt all traffic between the network engineer and critical devices. Additionally, out-of-band management provides a dedicated pathway for managing devices, which meets the requirement to segregate the different networking planes. This means that even if the production network is compromised, the management network remains secure.

Therefore, the correct option is B. Use SSH over out-of-band management.