A security administrator wants to implement two-factor authentication for network switches and routers.
The solution should integrate with the company's RADIUS server, which is used for authentication to the network infrastructure devices.
The security administrator implements the following: -> An HOTP service is installed on the RADIUS server.
-> The RADIUS server is configured to require the HOTP service for authentication.
The configuration is successfully tested using a software supplicant and enforced across all network devices.
Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.
Which of the following should be implemented to BEST resolve the issue?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The security administrator has implemented an HOTP service on the company's RADIUS server for two-factor authentication to network switches and routers. However, network administrators are unable to log in because they are not prompted for the second factor. To resolve this issue, the administrator needs to implement a solution that prompts users for the second factor.
Option A suggests replacing the password requirement with the second factor, and network administrators will enter their username and token in the password field. This solution is not recommended as it will compromise the security of the system since passwords and tokens should be kept separate and not combined.
Option B suggests configuring the RADIUS server to accept the second factor appended to the password, and network administrators will enter a password followed by their token in the password field. This solution is not recommended as it also does not comply with the best practices of two-factor authentication, which requires separate entry and verification of each factor.
Option C suggests reconfiguring network devices to prompt for a username, password, and a token, and network administrators will enter their username, password, and token. This solution is the best option as it adheres to the best practices of two-factor authentication, where each factor is entered and verified separately.
Option D suggests installing a TOTP service on the RADIUS server in addition to the HOTP service and using the HOTP on older devices that do not support two-factor authentication. This solution is not relevant to the current issue and does not address the fact that network administrators are not being prompted for the second factor.
In conclusion, the best option to resolve the issue is to reconfigure network devices to prompt for a username, password, and a token, and network administrators will enter their username, password, and token separately.