An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST
solution?
A.
Require IPSec with AH between the servers
B.
Require the message-authenticator attribute for each message
C.
Use MSCHAPv2 with MPPE instead of PAP
D.
Require a long and complex shared secret for the servers
Explanation:
IPsec is used for a secure point-to-point connection traversing an insecure network such as the Internet.
Authentication Header (AH) is a primary IPsec protocol that provides authentication of the sender’s data.
Incorrect Answers:
B: This option allows for the entire RADIUS message to be encrypted. The question asks for the BEST
method to secure RADIUS traffic between two servers. In this instance, IPSec with AH is a better option.
C: MSCHAPv2 with MPPE allows for Two-way authentication that verifies the identity of both sides of the
connection, and data security for the PPTP connection that is between the VPN client and the VPN server.
It is not, however, the BEST method to secure RADIUS traffic between two servers.
D: The shared secret will only come into play if the message-authenticator attribute is enabled.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 41
https://technet.microsoft.com/en-us/library/cc727945(v=ws.10).aspx\\
https://technet.microsoft.com/en-us/library/cc957983.aspx
https://en.wikipedia.org/wiki/Microsoft_Point-to-Point_Encryption