How to choose a VPN auth protocol

by Mitch Tulloch [Published on 17 Jan. 2007 / Last Updated on 17 Jan. 2007]

How do you decide which auth protocol to use on a VPN client?

Virtual Private Networking in Microsoft Windows supports several authentication protocols including EAP-TLS, mS-CHAPv2, and others. Which VPN authentication protocol should you use in which circumstance? Here's a quick guide:

Use EAP-TLS if your VPN clients need to use smart cards or if your enterprise already has a CA in place that issues user certificates.

Use MS-CHAPv2 if you need to use a password-based authentication method, and make sure you force the use of strong passwords using Group Policy.

Use less secure auth protocols like MS-CHAP, CHAP and PAP only if you absolutely must for backward compatibility reasons.

***

Mitch Tulloch is President of MTIT Enterprises, an IT content development company based in Winnipeg, Canada. Prior to starting his own company in 1998, Mitch worked as a Microsoft Certified Trainer (MCT) for Productivity Point International. Mitch is a widely recognized expert on Windows administration, networking and security and has written 14 books and over a hundred articles on various topics. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy Microsoft platforms, products and solutions. Mitch is also a professor at Jones International University (JIU) where he teaches graduate-level courses in Information Security Management (ISM) for their Masters of Business Administration (MBA) program. For more information see http://www.mtit.com.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links