The senior security administrator wants to redesign the company DMZ to mm1m1ze the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

The senior security administrator wants to redesign the company DMZ to mm1m1ze the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?
A . A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.
B . A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.
C . A Saas based firewall which logs to the company’s local storage via SSL, and is managed by the change control team.
D . A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.

View Answer

Answer: A

Explanation:

Security in depth is the concept of creating additional layers of security. The traditional approach of securing the IT infrastructure is no longer enough. Today’s threats are multifaceted and often persistent, and traditional network perimeter security controls cannot effectively mitigate them.

Organizations need to implement more effective, multi-level security controls that are embedded with their electronic assets. They need to protect key assets from both external and internal threats.

This security in depth approach is meant to sustain attacks even when perimeter and traditional controls have been breached.

In this question, using two firewalls to secure the DMZ from both external and internal attacks is the best approach. Having each firewall managed by a separate administrator will reduce the chance of a configuration error being made on both firewalls. The remote logging will enable incident reconstruction.

Incorrect Answers:

B: Depending on the number of interfaces on the firewall, you could protect from external and internal threats with a single firewall although two firewalls is a better solution. However, it is not practical to have separate interfaces on the same firewall managed by different administrators. The firewall rules work together in a hierarchy to determine what traffic is allowed through each interface.

C: A Saas based firewall can be used to protect cloud resources. However, it is not the best solution for protecting the network in this question.

D: A virtualized firewall could be used. However, multiple instances of the same firewall should be identical. They should not be configured separately by different administrators.

References:

http://www.oracle.com/technetwork/topics/entarch/oracle-wp-security-ref-arch-1918345.pdf