You are implementing VPN solutions to connect remote users to the office. Which of the following is the best authentication protocol that authenticates clients to the VPN server? (Wentz QOTD)
A. RADIUS
B. Extensible Authentication Protocol (EAP)
C. 802.1X
D. Protected Extensible Authentication Protocol (PEAP)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Protected Extensible Authentication Protocol (PEAP).

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

The VPN server can operate as an authentication server without the support of the RADIUS server, which communicates with the RADIUS client (the VPN server) instead of VPN clients. The VPN clients can authenticate to the VPN server through PEAP, “a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.” (Wikipedia)

802.1X is also known as EAP over Lan (EAPoL), implemented for local area network access control, specifically, for wired Ethernet or WI-FI Networks. 802.1X is not designed for remote access authentication or VPN.

“Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections.” (Wikipedia) EAP is not an authentication protocol to authenticate subjects but a protocol to extend authentication protocols.

Reference

• Misuse case
• Integration testing
• System testing

---

您正在實施 VPN 解決方案以將遠程用戶連接到辦公室。 以下哪個是向 VPN 服務器驗證客戶端的最佳身份驗證協議？ (Wentz QOTD)
A. RADIUS
B. 可擴展認證協議 (EAP)
C. 802.1X
D. 受保護的可擴展身份驗證協議 (PEAP)