A security administrator must implement a network authentication solution which will ensure
encryption of user credentials when users enter their username and password to authenticate to
the network.
Which of the following should the administrator implement?
A.
WPA2 over EAP-TTLS
B.
WPA-PSK
C.
WPA2 with WPS
D.
WEP over EAP-PEAP
Explanation:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired
network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication
Protocol (EAP) provides a framework for authentication that is often used with wireless networks.
Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAPMD5, as well as LEAP and PEAP.
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a
secure TLS tunnel to protect user authentication, and uses server-side public key certificates to
authenticate the server. It then creates an encrypted TLS tunnel between the client and the
authentication server. In most configurations, the keys for this encryption are transported using the
server’s public key. The ensuing exchange of authentication information inside the tunnel to
authenticate the client is then encrypted and user credentials are safe from eavesdropping.
Shouldn’t this answer be A? I feel that WPA2 over EAP-TTLS would be the MOST secure option here, and as we know that is what this test is mainly driven towards. The explanation for what WEP over EAP-PEAP is definitely nice to have, but still doesn’t explain why it is the answer to the given question.
0
0
A. Incorrect, because username and password would not be sent. This would be the most secure method.
B. Incorrect, because only PSK is used and once again no username and password.
C. Incorrect, Wifi Protected setup is being used.
D. Correct, PEAP would be able to encrypt the username and password that would be sent through the tunnel. WEP is insecure but PEAP would protect the credentials.
0
0