An organization is considering connecting a critical PC-based system to the Internet. Which of the
following would provide the BEST protection against hacking?
An application-level gateway
A remote access server
A proxy server
An application-level gateway is the best way to protect against hacking because it can define with
detail rules that describe the type of user or connection that is or is not permitted, it analyzes in
detail each package, not only in layers one through four of the OSI model but also layers five
through seven, which means that it reviews the commands of each higher-level protocol (HTTP,
FTP, SNMP, etc.). For a remote access server, there is a device (server) that asks for a username
and password before entering the network. This is good when accessing private networks, but it
can be mapped or scanned from the Internet creating security exposure. Proxy servers can provide
protection based on the IP address and ports. However, an individual is needed who really knows
how to do this, and applications can use different ports for the different sections of the program.
Port scanning works when there is a very specific task to complete, but not when trying to control
what comes from the Internet, or when all the ports available need to be controlled. For example,
the port for Ping (echo request) could be blocked and the IP addresses would be available for the
application and browsing, but would not respond to Ping.