What short-term measure can an administrator take to minimize the impact of a worm exploiting TCP port 445?

Denying traffic on TCP port 445 through an Access Control List (ACL) is an effective short-term measure to mitigate the impact of a worm exploiting that specific port. TCP port 445 is commonly associated with Microsoft’s Server Message Block (SMB) protocol, which has been targeted by several worms for propagation, such as the infamous WannaCry. By blocking traffic on this port, the administrator limits the ability of the worm to communicate and spread across the network, effectively isolating infected machines and reducing the overall risk of further infection.

Implementing an ACL is a relatively quick and efficient response, allowing the network administrator to immediately prevent unauthorized access through that port while assessing and remediating vulnerabilities in the network. This action can significantly reduce the chances of lateral movement by the worm, buying time for further, more comprehensive measures such as patches or system upgrades.

Other measures such as enabling logging on all network traffic, while useful for future analysis and monitoring, do not directly prevent the worm's exploitation and may take longer to set up. Reconfiguring the network topology can be resource-intensive and impractical as a short-term solution. Patching affected systems is critical for long-term security but may not provide immediate relief from the ongoing threat posed by the worm