A security architect is designing a VPN solution for remote employees. The company requires strong authentication and integrity protection but is less concerned about confidentiality for non-sensitive traffic. Which protocol is most appropriate?
Trap 1: L2TP/IPsec with ESP
L2TP/IPsec typically encrypts all traffic; not suitable if confidentiality is not needed.
Trap 2: SSL/TLS VPN
SSL/TLS VPNs provide encryption; overkill and not the best fit for this requirement.
Trap 3: AH in transport mode
AH provides integrity and authentication but not encryption; cannot be used with null encryption.
- A
L2TP/IPsec with ESP
Why wrong: L2TP/IPsec typically encrypts all traffic; not suitable if confidentiality is not needed.
- B
SSL/TLS VPN
Why wrong: SSL/TLS VPNs provide encryption; overkill and not the best fit for this requirement.
- C
ESP in tunnel mode with null encryption
ESP can be configured with null encryption to provide integrity and authentication without confidentiality.
- D
AH in transport mode
Why wrong: AH provides integrity and authentication but not encryption; cannot be used with null encryption.