A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?
Trap 1: Network segmentation
Segmentation limits the blast radius but does not encrypt traffic; an attacker on the same segment could still intercept.
Trap 2: Intrusion prevention system (IPS)
IPS can detect and block certain attacks but does not encrypt traffic; prevention of interception requires encryption.
Trap 3: Strong password policies
Strong passwords authenticate users but do not protect data in transit from sniffing.
- A
Encryption at the network layer (e.g., IPsec)
IPsec encrypts IP packets, making intercepted data unreadable without decryption keys.
- B
Network segmentation
Why wrong: Segmentation limits the blast radius but does not encrypt traffic; an attacker on the same segment could still intercept.
- C
Intrusion prevention system (IPS)
Why wrong: IPS can detect and block certain attacks but does not encrypt traffic; prevention of interception requires encryption.
- D
Strong password policies
Why wrong: Strong passwords authenticate users but do not protect data in transit from sniffing.