A cybersecurity analyst is tasked with enhancing the security defenses of an on-premises data center. While reviewing the network design documents, the analyst notices several legacy systems that rely on communication with external partners. Given that all external connections must pass stringent security requirements, which of the following solutions is BEST suited for securely managing these connections?
Setting up a Demilitarized Zone (DMZ) that isolates the legacy systems while allowing secure communication with external partners.
Deploying a Network Access Control (NAC) system that restricts legacy system communications based on policy compliance.
Creating separate Virtual Local Area Networks (VLANs) for each type of legacy system to minimize potential lateral movement.
Implementing a Data Loss Prevention (DLP) solution that prevents sensitive information from being transmitted to external networks.
A Demilitarized Zone (DMZ) is a network segment that acts as a buffer zone between the internal network and untrusted networks, such as the internet. It is used to host systems that must be accessible from both internal and external networks but should not provide a direct route to the internal network. By placing legacy systems that require external access within a DMZ and allowing only specific, necessary communication, the organization can maintain tight security over these connections, reducing exposure to potential threats.
A VLAN is useful for segmenting the internal network but does not specifically cater to the safe handling of external communications. Data Loss Prevention (DLP) is important for protecting sensitive information from leaving the network but does not fundamentally address the regulation of communication channels with external partners. A NAC solution focuses on regulating access to the network by devices and users within the organization, rather than managing the flow of network traffic to and from external connections.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly is a Demilitarized Zone (DMZ) in network security?
Open an interactive chat with Bash
How does setting up a DMZ help with compliance to stringent security requirements?
Open an interactive chat with Bash
What role does firewalls play in maintaining the security of a DMZ?