A next-generation firewall and an intrusion prevention system are the strongest choices for securing a data center against network-based threats. An NGFW provides application-aware policy enforcement, traffic inspection, segmentation support, and threat prevention capabilities at network control points. An IPS is designed to inspect traffic inline and block malicious packets before they reach protected systems. IDS technology is useful for monitoring and alerting, but a traditional IDS is normally passive and does not directly prevent traffic from reaching a target. A proxy can mediate certain types of traffic, especially web traffic, but it is not the broadest or most direct answer for data center infrastructure protection against network-based threats. Data centers require controls that can inspect both north-south and east-west traffic, enforce policy, and stop exploit attempts or known malicious patterns. NGFW and IPS capabilities are therefore aligned with preventive infrastructure security. Reference/topics: Network Security 3.2, NGFWs; Cybersecurity 1.5, intrusion prevention systems and firewalls.
Batch 3 — Questions 26–40
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit