VPN Authentication Methods Flashcards
EAP-TLS
Used with Smart cards of digital certificates
Can only be used when RRAS is configured for RADIUS authentication, or if the server is domain joined
MS-CHAPv2
Provides Mutual Authentication
Allows for encryption of authentication process and session
Machine Certificate Authentication
Uses pre-installed certificates that correspond with machines as opposed to users
Requires certificate with Server Authentication EKU property on RRAS server
Requires certificate with Client Authentication EKU property on each connecting client that is stored in Local Computer / Personal
CHAP
Authentication is encrypted via MD5 hashing
Session data is not encrypted
SPAP
Included for down-level support
Basic encryption for authentication that can be trivially decrypted via automated techniques
Not recommended
PAP
No Encryption for Session Data or Authentication