You notice a range of network problems affecting your company's proxy server. After reviewing the logs, you notice that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which strategy would be MOST effective in conducting an in-depth assessment and remediation of the issue?

A. 1. Deploy a network fuzzer on the switch span port.
2. Adjust the external facing IPS.
3. Reconfigure the proxy server to block the attacks.
4. Verify the firewall is configured correctly and hardened.
B. 1. Deploy an HTTP interceptor on the switch span port.
2. Adjust the external facing NIDS.
3. Reconfigure the firewall ACLs to block all traffic above port 2000.
4. Verify the proxy server is configured correctly and hardened.
5. Review the logs weekly in the future.
C. 1. Deploy a protocol analyzer on the switch span port.
2. Adjust the external facing IPS.
3. Reconfigure the firewall ACLs to block unnecessary ports.
4. Verify the proxy server is configured correctly and hardened.
5. Continue to monitor the network.
D. 1. Deploy a protocol analyzer on the switch span port.
2. Adjust the internal HIDS.
3. Reconfigure the firewall ACLs to block outbound HTTP traffic.
4. Reboot the proxy server.
5. Continue to monitor the network.

C
Explanation: You should perform the following steps to conduct an in-depth assessment and remediation of the issue:
1. Deploy a protocol analyzer on the switch span port.
2. Adjust the external facing IPS.
3. Reconfigure the firewall ACLs to block unnecessary ports.
4. Verify the proxy server is configured correctly and hardened.
5. Continue to monitor the network.
A protocol analyzer on the switch span port will allow you to analyze all the traffic on that port. You should adjust the external facing IPS because the problem is originating from outside your network. If configured correctly, the IPS can prevent the problem communication from entering the network. Then, once you have determined which of the packets are responsible for the problem, you can block the unnecessary ports on the firewall. Lastly, you must continue to monitor the network to see if the problem has been handled and to determine if any new problems arise.