Question

An international e-commerce company has identified attack traffic originating from a whitelisted third party's IP address used to mask the third party's internal network. The security team needs to block the attack traffic without impacting the vendor's services.

Which of the following is the BEST approach to identify the threat?

A. Ask the third-party vendor to block the attack traffic
B. Configure the third party's proxy to begin sending X-Forwarded-For headers
C. Configure the e-commerce company's IPS to inspect HTTP traffic
D. Perform a vulnerability scan against the network perimeter and remediate any issues identified

Answer 1

The best approach to identify the threat of attack traffic from a whitelisted third party's IP address is to configure the e-commerce company's IPS to inspect HTTP traffic.

Step-by-step explanation:

The BEST approach to identify the threat of attack traffic originating from a whitelisted third party's IP address is to configure the e-commerce company's IPS to inspect HTTP traffic. This allows the security team to analyze the traffic and identify any malicious activity. By configuring the IPS to inspect HTTP traffic, the team can block the attack traffic without impacting the vendor's services.

Configuring the third party's proxy to begin sending X-Forwarded-For headers is not the best approach in this scenario, as it only helps in identifying the origin of the traffic and does not address the threat itself. Asking the third-party vendor to block the attack traffic may not be effective if the vendor is unable to do so or does not have control over the source of the attack.

Performing a vulnerability scan against the network perimeter and remediating any issues identified is a good practice, but it may not directly help in identifying the specific threat of attack traffic from the whitelisted third party's IP address.