A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?
A . Deploy new perimeter firewalls at all stores with UTM functionality.
B . Change antivirus vendors at the store and the corporate office.
C . Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
D . Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
Answer: A
Leave a Reply