You are writing code to develop a server that receives logs from a massive number of IoT devices for training the machine learning model. If every client establishes a connection to the server, it will hinder the scalability of the system. However, the amount of data is critical to the reliability of the model. Which of the following is the best solution?
A. Enable HTTP Keep-Alive to prevent from data loss
B. Ensure the accountability to trace back to the subject
C. Have the server listen to UDP port
D. Implement a SIEM server to train the model
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Have the server listen to UDP port.
I summarize some key points as follows:
- Receiving data or logs from IoT devices are typical applications.
- Enabling HTTP Keep-Alive will keep clients connected and hinder scalability.
- It’s easy to write codes to initiate TCP or UDP sockets to listen to whatever you want. The programmer determines the port number and parses the application data (We can use binary data, CSV, XML, or JSON. Syslog is a limited perspective from the system administrator).
- The Syslog Protocol (RFC 5424) entails not only a UDP-based implementation but also the format and code of the log, e.g., Facility and Severity.
- SIEM is basically a log server. It can correlate logs, act as an IDS to predict attacks based on a trained model, and add on many other features. We can also make good use of its logs as the data source to train a model.
- We collect IoT data or logs to train models for daily or business applications, not limited to analyze attack behavior.
- The number of connections is a critical factor in designing a large scale system. Stateless and connectionless are common designs to solve the problem of scalability.
So, UDP is the best among the four options.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.