You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?
Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits.
Answer B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one.
Answer C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that
rootkit is on the domain controller itself.
Answer A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.
Currently there are no comments in this discussion, be the first to comment!