You are responsible for engineering the security of a multi-tier web application infrastructure. To mitigate the risk of a single compromised server affecting the entire environment, you decide to implement a strategy that ensures if one server is compromised, it does not lead to a compromise of the other servers. Which of the following strategies should you implement?
Using an N-tier architecture to logically separate components
Enforcing strong password policies across all servers
Implementing network segmentation and enforcing a zero trust model
Ensuring all passwords are hashed and salted in the databases
Implementing segmentation and zero trust policies in a network is a fundamental security engineering principle. It ensures that if one part of the system is compromised, the damage is contained and does not spread to other parts of the network. Network segmentation divides the network into multiple segments, each acting as a separate security zone, thereby limiting the potential impact of a breach. A zero trust model enhances this by requiring all users, whether inside or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. This contrasts with traditional network security, which trusts users and endpoints within the network perimeter by default. On the other hand, requiring strong passwords, using hashed and salted passwords, and leveraging N-tier architecture are good security practices but do not inherently prevent the lateral movement of an attacker within a network if a server is compromised.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it work?
Open an interactive chat with Bash
What is the zero trust model and why is it important?
Open an interactive chat with Bash
What are the key differences between traditional security models and a zero trust approach?