Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder’s system from communicating with the network after the IPS detection?

The SES Intrusion Prevention System has blocked an intruder’s attempt to establish an IRC connection inside the firewall.

Which Advanced Firewall Protection setting should an administrator enable to prevent the intruder’s system from communicating with the network after the IPS detection?
A . Enable port scan detection
B . Automatically block an attacker’s IP address
C . Block all traffic until the firewall starts and after the firewall stops
D . Enable denial of service detection

View Answer

Answer: B

Explanation:

To enhance security and prevent further attempts from the intruder after the Intrusion Prevention System (IPS) has detected and blocked an attack, the administrator should enable the setting to Automatically block an attacker’s IP address.

Here’s why this setting is critical:

Immediate Action Against Threats: By automatically blocking the IP address of the detected attacker, the firewall can prevent any further communication attempts from that address. This helps to mitigate the risk of subsequent attacks or reconnections.

Proactive Defense Mechanism: Enabling this feature serves as a proactive defense strategy, minimizing the chances of successful future intrusions by making it harder for the attacker to re-establish a connection to the network.

Reduction of Administrative Overhead: Automating this response allows the security team to focus on investigating and remediating the incident rather than manually tracking and blocking malicious IP addresses, thus optimizing incident response workflows.

Layered Security Approach: This setting complements other security measures, such as intrusion detection and port scan detection, creating a layered security approach that enhances overall network security.

Enabling automatic blocking of an attacker’s IP address directly addresses the immediate risk posed by the detected intrusion and reinforces the organization’s defense posture against future threats.