A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?
The risk of what? The application being dangerous to the corporate network or the application being vulnerable to external exploits? Either way segmentation makes more sense imo.
Exactly - ensuring no unnecessary ports or services are running, access to the internet is configured properly (if at all needed), proper acl is setup, etc.
Even if you harden the configuration It will not help If there is vulnerability in the software code which is exploited by attacker. Attacker may access your network through legitimate way to exploits your network If network segmentation is not in the place.
I think most confusion comes from the perception of what COTS can be. COTS products can include: motherboards, Windows OS, Microsoft 365, Office, Pfsense, VMware, routers, switches, IoT, etc.
So network and endpoint devices, you can segment, but how about productivity suites and application platforms? network segmentation is a common security practice anyway, regardless of COTS.
I think the best thing is to research CVE and vendor reputation, and then make sure all DEFAULT configuration, credentials, features, etc. are hardened during implementation.
I remembered OSG recommended D, harderning config. for COTS.
Again, very important, please confine my solution within the context here. A? network segmentation could be an option, but is not the first step I shall do and is out of question context.
I choose D.
Answer is D. A COTS application is not necessarily hardened by default. For example, the government uses STIGs to tell admins how to harden some applications.
I'm saying D. As far as risk from attackers goes, I would lean towards network segmentation, however, general risk includes a lot of other factors like user accessibility, interoperability issues, etc. Segmenting it could introduce a much larger and complex workload and ultimately make it risky in that sense.
Answer D) Hardened configuration
This means you remove/change configurations you don't need/want as well as change default usernames/passwords/ports/etc...
Segmenting a network won't help as it would still leave the COTS exposed with defaults readily available to be exploited.
A. Network Segmentation - when introducing a new pet into your house, you have to learn the behavior and interaction with other pets before you let him loose.
same here, as a security personnel you must know exactly what you introducing before hand and must be on segmented part of the network that shutting an interface can terminate all possible risks on the rest of the network.
trust but verify
D. Hardened configuration.
Deploying the COTS application with a hardened configuration is an effective way to mitigate security risks. Hardening involves implementing secure settings, removing unnecessary features and services, and applying security best practices to reduce vulnerabilities and potential attack vectors. By configuring the COTS solution in a hardened manner, security professionals can minimize the potential for exploitation and unauthorized access.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nickolos
Highly Voted 2 years, 3 months agodev46
2 years, 3 months agostickerbush1970
2 years, 3 months agoNickolos
2 years, 3 months agoDeepCyber
1 year, 6 months agodeeden
Most Recent 4 months, 3 weeks agoRamye
6 months, 1 week agojieaws
8 months, 2 weeks agoajike
9 months, 2 weeks agoKyanka
9 months, 3 weeks agoHongjun
9 months, 4 weeks agoHackermayne
11 months, 3 weeks agoYesPlease
1 year agoMoose01
1 year, 1 month agohomeysl
1 year, 2 months agoMoose01
1 year, 2 months agoWz21
1 year, 3 months agosebseba
1 year, 3 months agowin610
1 year, 5 months agoBach1968
1 year, 5 months agoded
1 year, 6 months ago