Two universities are making their 802.11n wireless networks available to the other university’s
students. The infrastructure will pass the student’s credentials back to the home school for
authentication via the Internet.
The requirements are:
Mutual authentication of clients and authentication server
The design should not limit connection speeds
Authentication must be delegated to the home school
No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A.
The transport layer between the RADIUS servers should be secured
B.
WPA Enterprise should be used to decrease the network overhead
C.
The RADIUS servers should have local accounts for the visiting students
D.
Students should be given certificates to use for authentication to the network