CISSP · Question #717
How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?
The correct answer is C. It uses clear text and shared secret keys.. RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.
Question
Options
- AIt uses clear text and firewall rules.
- BIt relies on Virtual Private Networks (VPN).
- CIt uses clear text and shared secret keys.
- DIt relies on asymmetric encryption keys.
How the community answered
(51 responses)- A2% (1)
- B4% (2)
- C92% (47)
- D2% (1)
Why each option
RADIUS is a client-server AAA protocol that transmits most attributes in clear text but protects passwords using an MD5 hash combined with a shared secret key. Understanding its authentication mechanism is fundamental to network access security.
While RADIUS does transmit some attributes in clear text, it does not rely on firewall rules for authentication; access control is handled by the RADIUS server's policy engine, not network-layer firewall filtering.
VPNs are a separate tunneling and encryption technology; RADIUS operates independently of VPNs as a dedicated AAA protocol using UDP ports 1812/1813 and does not require a VPN to function.
RADIUS sends most packet attributes in clear text over UDP, but the user password is obfuscated using an MD5 hash of a shared secret key and a random authenticator value - not full encryption. Both the RADIUS client (NAS) and server must be configured with the same shared secret, which is the cornerstone of RADIUS mutual authentication and message integrity.
RADIUS does not use asymmetric (public/private key) encryption for its authentication process; it relies on a symmetric shared secret combined with MD5 hashing, making asymmetric encryption incorrect for describing its mechanism.
Concept tested: RADIUS authentication mechanism and shared secret usage
Source: https://datatracker.ietf.org/doc/html/rfc2865
Topics
Community Discussion
No community discussion yet for this question.