Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back
to the home school for authentication via the Internet.
The requirements are:
– Mutual authentication of clients and authentication server
– The design should not limit connection speeds
– Authentication must be delegated to the home school
– No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A.
The transport layer between the RADIUS servers should be secured
B.
WPA Enterprise should be used to decrease the network overhead
C.
The RADIUS servers should have local accounts for the visiting students
D.
Students should be given certificates to use for authentication to the network