A systems administrator is configuring a new Linux server that has been deployed in a DMZ. The server's primary role is to host a public-facing website. Company policy dictates that all remote management and file transfers must be conducted over encrypted channels. The administrator needs to configure the host-based firewall to allow only the necessary traffic for the server to function as specified. Which of the following firewall rules correctly implements these requirements?
Allow inbound TCP traffic on ports 23 and 80.
Allow inbound TCP traffic on ports 22, 80, and 443.
Allow inbound TCP traffic on ports 21, 22, and 80.
The correct answer is to allow inbound traffic on TCP ports 22 and 80. Port 80 is the standard port for HTTP, which is required for a public-facing website. Port 22 is the standard port for Secure Shell (SSH), which provides an encrypted channel for both remote administration and secure file transfer protocols like SFTP and SCP, thus meeting the company's security policy.
Opening port 23 would allow Telnet, which is an unencrypted remote management protocol and would violate the security policy.
Opening port 21 would allow the FTP control channel, which is also unencrypted and would violate the policy.
Opening port 443 (HTTPS) is not explicitly required by the scenario, which only specifies a standard, non-encrypted website. While best practice, the principle of least privilege dictates opening only the ports that are strictly necessary based on the given requirements.