Given: ABC Corporation is selecting a security solution for their new WLAN, and a PPTP VPN is their first consideration because it is included with both server and desktop operating systems. While the 128-bit encryption of Microsoft’s MPPE is considered strong enough to adhere to corporate security policy, the company is worried about security holes in MS-CHAPv2 authentication.

As a consultant, what do you tell ABC Corporation about implementing MS-CHAPv2 authentication in a PPTP VPN?

A.
MS-CHAPv2 is compliant with WPA-Personal, but not WPA2-Enterprise.

B.
MS-CHAPv2 is subject to offline dictionary attacks.

C.
MS-CHAPv2 is only secure when combined with WEP.

D.
MS-CHAPv2 is only appropriate for WLAN security when used inside a TLS-encrypted tunnel.

E.
MS-CHAPv2 uses anonymous Diffie-Hellman authentication, and is therefore secure.

F.
MS-CHAPv2 can be replaced with EAP-TLS as the authentication mechanism for PPTP.