You’re implementing a VPN solution to connect a branch office to the headquarters through gateways with a T1 connection to the internet and ISDN BRI service as redundancy. Which of the following is least likely employed to authenticate VPN connections? (Source: Wentz QOTD)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. 802.1X.
ISDN (Integrated Services Digital Network) comes from the telephony industry. ISDN PRI is typically used to connect the private branch exchange (PBX) to the central office (CO), while ISDN BRI (Basic Rate Interface) provides dial-up services. It “was” a popular configuration that ISDN BRI serves as a backup line for business’s inter-office and internet connectivity. However, ISDN is almost phased out nowadays.
Gateways with ISDN BRI interface as a dial-up backup line typically run over PPP (point-to-point protocol). A peer can authenticate to the authenticator through the layer 2 data link established by PPP through the following authentication protocols:
- PAP (Password Authentication Protocol)
- CHAP (Challenge-Handshake Authentication Protocol)
- EAP (Extensible Authentication Protocol)
EAP is an authentication framework which supports multiple authentications
methods. In other words, it’s open for vendors to expand EAP methods. EAP-MD5 is a native/mandatory requirement in EAP as defined in RFC 3478.
Even though EAP supports peer-to-peer operation, it’s more common for EAP authenticators to pass through EAP traffic to the backend authentication server, the RADIUS or AAA (Authentication, Authorization, and Accounting) server.
802.1X is also known as EAPOL or EAP Over LANs. As the name implies, it works on LANs, both wired and wireless networks. Switch Hubs or Access Points (AP) that support 801.X can serve as the authenticator and request hosts (peers) to authenticate through EAP. However, 802.1X is not applicable to the VPN.
您正在實施VPN解決方案，以將分公司連接到總部。使用的閘道器使用T1連接到Internet並以ISDN BRI服務作為備援。 以下哪項最不可能用於驗證VPN連接？
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.