To authenticate the user who is attempting to create a PPP connection, Windows Server 2003 supports a wide variety of PPP authentication protocols, including:
Password Authentication Protocol (PAP)
Challenge-Handshake Authentication Protocol (CHAP)
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
MS-CHAP version 2 (MS-CHAP v2)
Extensible Authentication Protocol-Message Digest 5 (EAP-MD5)
Extensible Authentication Protocol-Transport Level Security (EAP-TLS)
For PPTP connections, you must use MS-CHAP, MS-CHAP v2, or EAP-TLS. Only these three authentication protocols provide a mechanism to generate the same encryption key on both the VPN client and the VPN server. MPPE uses this encryption key to encrypt all PPTP data sent on the VPN connection. MS-CHAP and MS- CHAP v2 are password-based authentication protocols.
In the absence of user certificates or smart cards, MS-CHAP v2 is highly recommended, as it is a stronger authentication protocol than MS-CHAP and provides mutual authentication. With mutual authentication, the VPN server authenticates the VPN client and the VPN client authenticates the VPN server.
If you must use a password-based authentication protocol, enforce the use of strong passwords on your network. Strong passwords are long (greater than 8 characters) and contain a random mixture of uppercase and lowercase letters, numbers, and symbols. An example of a strong password is f3L*q02~>xR3w#4o. In an Active Directory service domain, use Group Policy settings to enforce strong user passwords.
EAP-TLS is used in conjunction with a certificate infrastructure and either user certificates or smart cards. With EAP-TLS, the VPN client sends its user certificate for authentication and the VPN server sends a computer certificate for authentication. This is the strongest authentication method, as it does not rely on passwords.
Although Windows Server 2003 has a built-in CA system, you will often want to use a third-party certificate system for your deployment. However, before using third-party CAs, you must check with the third-party vendor’s certificate services documentation for any proprietary extension compatibility issues. For information, see Appendix C, “Deploying a Certificate Infrastructure.”
For L2TP/IPSec connections, any authentication protocol can be used because the authentication occurs after the VPN client and VPN server have established a secure channel of communication known as an IPSec security association (SA). However, the use of either MS-CHAP v2 or EAP-TLS is recommended to provide strong user authentication.
Passing logon credentials is one of the most crucial parts of VPN operations, and it’s also one of the most dangerous. If logon credentials are compromised, the system is compromised as well. Some authentication protocols are easier to deploy than others, but you should consider the recommendations in the following paragraphs when choosing an authentication protocol for VPN connections.
Microsoft recommends doing the following:
If you are using smart cards or have a certificate infrastructure that issues user certificates, use the EAP-TLS authentication protocol for both PPTP and L2TP connections. However, only VPN clients running Windows XP and Windows 2000 support EAP-TLS.
If you must use a password-based authentication protocol, use MS-CHAP v2 and enforce strong passwords using group policy. MS-CHAP v2 is supported by computers running Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0 with Service Pack 4 and later, Windows Me, and Windows 98.
Microsoft does not recommend the following:
PAP. This protocol is not considered secure at all. Using PAP passes all credentials in the clear without any encryption. Although PAP is the easiest protocol to set up, it’s almost assured to be compromised if someone is attempting to access your remote access system.
CHAP. This protocol, although better than PAP, is still not considered secure. It produces a challenge to the server to identify itself, but unauthorized users can still obtain the credentials with minimal effort.
MS-CHAP. This protocol is an improvement over CHAP in that there is one-way encryption of credentials and one-way authentication of the client to the server. MS-CHAP v2 offers better security by supplying mutual authentication of both the client and the server to each other. If you are considering MS-CHAP, you might as well use MS-CHAP v2.