When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network.
Which of the following will BEST help secure the VoIP network?
When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network.
Which of the following will BEST help secure the VoIP network?
The best approach to securing a VoIP network and preventing unauthorized users from accessing it is to implement 802.1x. This standard for port-based network access control provides robust authentication and authorization for devices attempting to connect to the network. By requiring devices to authenticate before gaining network access, 802.1x effectively prevents unauthorized users from connecting to the VoIP network. While TLS provides encryption for data in transit, it does not control access to the network itself, which is the primary concern in this scenario.
Where does Examtopics get their answers from?
I never look at their answers, I just go straight to the discussion.
D is correct
Hahaha, I was thinking the same ๐. Agree D is the answer.
I am going with C on this one. Here is my reasoning from research: The CISSP 9ed mentions 802.1x but as a vulnerability, not as a protection. It basically states that due to the nature of voip devices, it is easy to spoof Mac addresses and get past layered defenses. It also mentions TLS and SRTP as protection mechanisms. Cisco has an article that I found helpful. (Link below) It does not mention 802.1x at all but does go into to TLS and SRTP. https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/tips-ip-phone-security.html#~configure-and-protect-systems Given that SRTP is not an option. TLS seems to be the best answer in this case.
Bard says TLS is a cryptographic protocol that encrypts data in transit between two endpoints. This means that even if an unauthorized user is able to intercept the data, they will not be able to read it. TLS is the most widely used encryption protocol for VoIP traffic, and it is considered to be very secure. The other options are not as secure as TLS. 802.11g is a wireless networking standard that does not provide any encryption by default. A WAF is a firewall that is designed to protect web applications from attacks. It can be used to block malicious traffic, but it does not encrypt data. 802.1x is a network access control protocol that can be used to authenticate users before they are allowed to access the network. However, it does not encrypt data in transit. In conclusion, TLS is the best way to secure a VoIP network from unauthorized access.
C. "Call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call." "For the greatest interoperability, SIP isnโt encrypted." https://www.nextiva.com/blog/voip-security.html
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/concept/802-1x-pnac-voip-understanding-mx-series.html When you use Voice over IP (VoIP), you can connect IP telephones to the router and configure IEEE 802.1X authentication for 802.1X-compatible IP telephones. Starting with Junos OS Release 14.2, 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access. When VoIP is used with 802.1X, the RADIUS server authenticates the phone. You can configure 802.1X authentication to work with VoIP in multiple supplicant or single supplicant mode. In multiple-supplicant mode, the 802.1X process allows multiple supplicants to connect to the interface. The BEST option to secure the VoIP network is option D, 802.1x. This is a standard for port-based network access control that provides authentication and authorization to devices trying to connect to the network. By implementing 802.1x, only authorized devices can connect to the VoIP network, preventing unauthorized access.
I did not see SRTP, so it must be TLS.
Going with D. TLS protect man-in-the-middle attackers who is already in range within the VOIP network from eavesdropping connections. It provide no authentication nor authorization that prevent unauthorized users getting in the network. With TLS, attackers in range may still connect their devices to the VOIP network and make connections (just that they can't eavesdrop others).
TLS protects the data but not the network as we are asked to. 802.1X is the only option that protects the network itself,
Thats not true. mTLS provides confidentiality, integrity and mututal authentication. The "VoIP network" in this scenario is a logical construct, don't take the words literally.
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/concept/802-1x-pnac-voip-understanding-mx-series.html#:~:text=If%20an%20802.1X,single%20supplicant%20topology
Answer D is not the best one because 802.1x only provides protection on the network level - regardless of the services. But in this scenario the "voip network" shall be protected. This can be achieved using TLS. With TLS other entities in the network cannot get unencrypted VOIP traffic. Furthermore TLS provides (optional) mutual authentication (mTLS). So only legitimate VoIP endpoints can "access" the mTLS protected "VoIP network".
see my previous comment :-)
The BEST option to help secure a Voice over Internet Protocol (VoIP) network and prevent unauthorized access is option D, 802.1x. 802.1x is a network access control protocol that provides authentication and authorization for devices attempting to connect to a network. It allows for user-based authentication and provides a secure method to control access to the VoIP network. By implementing 802.1x, only authorized users or devices with valid credentials will be granted access to the network, while unauthorized users will be prevented from connecting.
Similar to @qwertyloopback, went with C because SRTP was not an option but you can encrypt VoIP SIP traffic with TLS.
Answer C) Transport Layer Security (TLS) I really hate these ambiguous questions. Essentially, 802.11g and 802.1x are the same...they provide a protocol to authenticate network traffic...just one happens to be direct and state it is for wireless. If two options are the same, then it must mean that they are not the right choice and it is must be TLS. ( At least one would think)
No, 802.11g is a standard for Wi-Fi (a legacy one though) https://www.intel.com/content/www/us/en/support/articles/000005725/wireless/legacy-intel-wireless-products.html
Question is asking about preventing access.
I think the VOIP detail is irrelevant. TLS will provide privacy between sessions. The question is asking about preventing unauthorized access to the network.. so it has to be D
Has to be C - 802.1x is port authentication.