You are developing a network access control (NAC) solution to prevent unauthorized hosts from connecting to the network. To enforce authorized access, the solution maintains an authorization database of IP-MAC mappings and responds to ARP broadcasts from unauthorized hosts with the MAC of a captive portal as the destination. Which of the following is most likely used for the solution to redirect the unauthorized hosts to the captive portal? (Source: Wentz QOTD)
D. Compromise recording
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Spoofing.
This is a project I engaged in years ago. A device of the NAC solution spoofed ARP responses to unauthorized hosts so that they are redirected to the spoofed destination, the captive portal. I don’t think it’s a good idea for security products to interfere with normal protocol operations, but we were awarded the project that works this way:)
Layering is an architectural design principle to logically separate concerns. On the other hand, tiering refers to the physical separation of components in a solution deployment model. Layering, in the area of security, may refer to layered defense.
Encapsulation is a design principle to limit direct access to certain resources. Instead, an interface to the resources is required to get access to them. It’s common for people to relate information hiding to encapsulation.
“Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.” (Wikipedia)
- Spoofing attack
- Saltzer and Schroeder’s design principles
- BASIC PRINCIPLES OF INFORMATION PROTECTION
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.