External hackers often seek to discover the size and configuration of your intranet. Which of the following is a defense against this type of reconnaissance?
A. Install a host IDS on each server.
B. Keep malware scanners updated.
C. Use MAC filtering on border firewalls.
D. Block inbound TCP 53.
Port 53 is related to DNS. TCP 53 is used for zone transfers while UDP 53 is used for queries. By blocking inbound TCP 53, an outsider’s attempt to grab the entire internal zone file in a single transfer request will be blocked. An internal zone file typically contains the identity of all internal system as LDAP is used my directory services, LDAP depends on DNS, and most networks use DHCP to some extent. These three services intercommunicate, so the internal DNS zone file will likely contain information about every internal system assigned an IP address.
A host IDS server will not prevent DNS zone transfers nor prevent other forms of system identification, such as ping sweeping and port scanning. Malware scanners are not the appropriate security tool. MAC filtering does not work on firewalls, that is a switch or wireless security concept.
