You are implementing network access control using 802.1X. Which of the following is the protocol with the least system administration overhead for supplicants to authenticate to the authenticator? (Wentz QOTD)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. PEAP.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
802.1X uses EAP-based authentication protocols for supplicants to authenticate to the authenticator, while RAIDUS is the protocol used between the authenticator (RADIUS client) and the authentication server (RADIUS server). Kerberos is not used in the setting of 802.1X.
Both EAP-TLS and PEAP can be used. However, EAP-TLS requires certificates to be installed on both clients and the AP to support mutual authentication. It provides higher security but creates an overhead of certificate management. PEAP relives the overhead; it simply requires the AP to install the certificate.
您正在使用 802.1X 實施網絡訪問控制。 以下哪一項是請求者(supplicant)向身份驗證者(authenticator)進行身份驗證且具有最少的系統管理負擔(overhead)的協議？ (Wentz QOTD)