Authentication and Encryption Protocols
Windows Server 2003 supports a number of authentication and encryption protocols, which are designed to support a wide range of remote access clients. Selecting the strongest possible protocols that your clients support provides the best security for your remote access infrastructure.
Authentication Protocols
Windows Server 2003 supports several remote access authentication protocols. You can use remote access policies to determine which protocols your server will accept, as shown in Figure 14-3.
Figure 14-3. Selecting remote access authentication protocols in a remote access policy
The three basic protocols that Windows Server 2003 supports are:
- Extensible Authentication Protocol (EAP)
EAP is primarily used to support advanced authentication mechanisms such as smart cards and requires additional configuration settings depending on how your environment is set up to handle those mechanisms.
- Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
MS-CHAP is an older authentication protocol used by client operating systems like Windows 95.
- MS-CHAP v2
Version 2 of the MS-CHAP protocol is native to Windows 2000 and Windows Server 2003 (and is included in Windows NT 4.0 Service Pack 4 and later) and provides more secure authentication than the older MS-CHAP.
Be sure your remote access policies will accept older authentication protocols if your remote ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
