An S/FTP server is deployed within your intranet but is accessible to external users. You are not allowed to change the configuration of the network by relocating existing services. Which of the following is the most important security solution to implement?
- Install strong password management policies
- Install a host firewall
- Install a VPN server
- Install a Network IDS
The correct answer is 4.
The scenario presented in this question leaves the network open to fragmentation attacks, specifically fragmentation overlap attacks. The issue resides in the presence of a public resource being hosted on an internal network which requires port forwarding to be enabled on any border filtering device, such as a firewall. Fragmentation overlap attacks can be used to slip malicious payload past a firewall or re-direct traffic to an alternate port once the fragments reach the destination. This is possible if the overlap overwrites the original TCP header with a new destination port. The best option offered is that of a network IDS which can potentially detect the fragmentation attacks.