Which of the following is a networking protocol that provides centralized Authentication,
Authorization, and Accounting management for computers to connect and use a network service?
A.
PEAP
B.
RADIUS
C.
Kerberos
D.
MS-CHAP v2
Explanation:
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides
centralized Authentication, Authorization, and Accounting (AAA) management for computers to
connect and use a network service. Because of the broad support and the ubiquitous nature of the
RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal
networks, wireless networks, and integrated e-mail services. These networks may incorporate
modems, DSL, access points, VPNs, network ports, Web servers, etc.
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The
Remote Access Server, the Virtual Private Network server, the Network switch with port-based
authentication, and the Network Access Server, are all gateways that control access to the network,
and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS
server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves
three functions:
To authenticate users or devices before granting them access to a network
To authorize those users or devices for certain network services
To account for usage of those servicesAnswer D is incorrect. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP
v2) is the new version of MS-CHAP.
MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the
environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides
mutual authentication, stronger initial data encryption keys, and different encryption keys
for sending and receiving data.Answer A is incorrect. PEAP (Protected Extensible Authentication Protocol) is a method to securely
transmit authentication
information over wired or wireless networks. It was jointly developed by Cisco Systems, Microsoft,
and RSA Security. PEAP is not an
encryption protocol; as with other EAP protocols, it only authenticates a client into a network.
PEAP uses server-side public key certificates to authenticate the server. It creates an encrypted
SSL/TLS (Secure sockets layer/Transport
layer security) tunnel between the client and the authentication server. In most configurations, the
keys for this encryption are transported
using the server’s public key. The resultant exchange of authentication information inside the tunnel
to authenticate the client is then
encrypted and the user credentials are thus safe and secure.Answer C is incorrect. Kerberos is a computer network authentication protocol that allows
individuals communicating over a nonsecure network to prove their identity to one another in a secure manner. Kerberos builds on
symmetric key cryptography and requires a
trusted third party. Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a
trusted third party, termed a key
distribution center (KDC), which consists of two logically separate parts:
Authentication Server (AS)
Ticket Granting Server (TGS)
Kerberos works on the basis of tickets, which serve to prove the identity of users. The KDC maintains
a database of secret keys; each entity
on the network, whether a client or a server, shares a secret key known only to itself and to the KDC.
Knowledge of this key serves to provean entity’s identity. For communication between two entities, the KDC generates a session key,
which they can use to secure their
interactions.