An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS
servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the- middle attack. Which of the
following controls should be implemented to mitigate the attack in the
future?
A.
Use PAP for secondary authentication on each RADIUS server
B.
Disable unused EAP methods on each RADIUS server
C.
Enforce TLS connections between RADIUS servers
D.
Use a shared secret for each pair of RADIUS servers