During a recent breach, an attacker was able to use tcpdump on a compromised Linux server to capture the password of a network administrator that logged into a switch using telnet.
Which of the following compensating controls could be implemented to address this going forward?
A . Whitelist tcpdump of Linux servers.
B . Change the network administrator password to a more complex one.
C . Implement separation of duties.
D . Require SSH on network devices.
Answer: D