Which of the following is an authentication method that can be secured by using SSL?
A.
RADIUS
B.
LDAP
C.
TACACS+
D.
Kerberos
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
LDAP is not protected by default ?
0
0
A bit of a strange question which potentially has more than just the one correct answer.
First, for some basic definitions:
What is SSL:
• SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
• This link ensures that all data passed between the web server and browsers remain private and integral.
• SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
What is TLS:
• The terms SSL and TLS are often used interchangeably.
• TLS is the successor to SSL and offers greater security.
• The original SSL standard was renamed TLS at the time it became open source.
• The introduction of TLS began with version 1, which is essentially equal to SSL 3. You use openssl commands to create certificates and keys and TLS syntax to create an authentication method.
What is an AUTHENTICATION METHOD
Authentication Methods. Authentication means verifying the identity of someone (a user, device, or an entity) who wants to access data, resources, or applications. Validating that identity establishes a trust relationship for further interactions.
INCORRECT ANSWERS:
A.RADIUS
RADIUS (Remote Authentication Dial-In User Service) authenticates the local and remote users on a company network. RADIUS is a client/server system that keeps the authentication information for users, remote access servers, VPN gateways, and other resources in one central database. The authentication messages to and from the RADIUS server use an authentication key, not a password. This authentication key, or shared secret, must be the same on the RADIUS client and server. Without this key, there is no communication between the client and server.
RADIUS Authentication Methods
• For web and Mobile VPN with IPSec or SSL authentication, RADIUS supports only PAP (Password Authentication Protocol) authentication.
• For authentication with L2TP, RADIUS supports only MSCHAPv2 (Microsoft Challenge-Handshake Authentication Protocol version 2).
• For authentication with WPA Enterprise and WPA2 Enterprise authentication methods, RADIUS supports the EAP (Extensible Authentication Protocol) framework.
• For Mobile VPN with IKEv2 authentication, RADIUS supports EAP-MSCHAPv2.
NOTE: SSL can be used with RADIUS at the BACK END, but not for USER authentication at the FRONT END.
“Additionally you’ll want to protect the communications between your RADIUS server, authentication backend, and APs with encryption. For the connection between your RADIUS server and authentication backend this will likely mean either SSL or IPsec.”
https://www.networkworld.com/article/2298933/network-security/securing-a-radius-server.html
C.TACACS+
Not much information is available about TACACS+ and SSL, indicating that this is not the correct answer
D.Kerberos
While Kerberos and SSL are both protocols, Kerberos is an AUTHENTICATION protocol, but SSL is an ENCRYPTION protocol. Kerberos uses UDP, SSL uses (most of the time) TCP.
So the only possible answer is indeed: B.LDAP
Five authentication methods are supported for checking client access to LDAP directory services. They are:
• Simple authentication
• Certificate authentication
• Kerberos credentials authentication
• CRAM-MD5 authentication
• DIGEST-MD5 authentication
For each supported authentication method, Secure Socket Layer (SSL) or Transport Layer Security (TLS) can be used to secure the socket connection between the client and the server by encrypting the data that is transferred over the connection.
TLS is based on SSL V3. Through a protocol handshake between the client and server, the choice of TLS or SSL is decided. (TLS is the preferred protocol.)
NOTE: With secure LDAP (LDAPS), all LDAP communications are encrypted with SSL/TLS by DEFAULT
0
0