A company keeps an out-of-date shipping application that has known security issues, yet is critical for business operations. The IT team wants to maintain functionality and limit infiltration attempts to the main infrastructure. Which approach is considered an effective method to reduce risk from this older system?
Forward all traffic over a single network port and block everything else at the perimeter
Set outbound connections on the system as unrestricted and block incoming requests
Rotate the system into the production network, relying on host-level controls
Place the system in a dedicated VLAN with restricted access policies and monitor activity
Segmenting outdated systems into a dedicated VLAN with access restrictions and monitoring helps reduce lateral movement and detect misuse. Host-level controls alone are insufficient for high-risk systems. VLAN isolation, firewall rules, and IDS enhance defense-in-depth without disrupting required operations. Alternatives fail to contain threats or protect against exploitation of unpatched vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN, and why is it used for segmentation?
Open an interactive chat with Bash
How does monitoring enhance security for a segregated system?
Open an interactive chat with Bash
What are defense-in-depth strategies mentioned in this context?