A financial services company has recently suffered from a ransomware attack that has impacted a critical server which is not upgradable to the latest security patches due to legacy software dependencies. The incident response team is considering various options for mitigating the risk of this server being compromised again. Which of the following would be the BEST form of a compensating control given the inability to patch the server?
Enforce frequent password rotation for all users with access to the critical server.
Implement network segmentation to isolate the critical server from the broader network.
Produce and store encrypted backups of the server on a bi-weekly basis.
Schedule regular patching for the critical server.
Network segmentation is a compensating control that can limit the ransomware spread by isolating the critical server from the broader network, thus reducing the risk of cross-contamination from other network segments. Regular patching is the primary control but is not feasible in this scenario due to legacy software constraints, making it an incorrect answer. Encrypted backups are essential, but they don't address the direct risk of the server being compromised; instead, they are more about ensuring data recovery post-incident. Similarly, frequent password rotation is a security best practice but does not effectively mitigate the specific risk of unpatched systems being exploited.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it work?
Open an interactive chat with Bash
Why can legacy servers not be patched, and how does this create a security risk?
Open an interactive chat with Bash
How do encrypted backups complement the mitigation against ransomware attacks?