What combination of measures would best address security concerns for a segmented network architecture?

• A. Using fewer servers
• B. Establishing port security and a perimeter network
• C. Reducing work hours
• D. Publishing user credentials openly

Answer: (B)

Establishing port security and a perimeter network is a crucial combination for addressing security concerns in a segmented network architecture. This approach enhances the overall security posture by implementing controls that limit unauthorized access and monitor traffic at the entry points of the network.

Port security functions by allowing only specific devices to connect to particular ports on switches, which effectively blocks unwanted or rogue devices from accessing the network segments. This measure helps in minimizing the attack surface within the network and provides a level of access control that is essential for preventing unauthorized data access or breaches.

In addition, the use of a perimeter network, often referred to as a demilitarized zone (DMZ), serves as an additional layer of defense. The perimeter network separates external-facing services from the internal network, providing a controlled access point for incoming and outgoing traffic. It helps to keep sensitive internal resources safe from direct exposure to the internet while still allowing legitimate access.

Together, these measures create a more secure environment within a segmented network by controlling access, monitoring traffic, and isolating network segments effectively against potential threats. This layered security strategy is fundamental in ensuring data integrity and confidentiality in a network architecture designed for segmentation.