You have a computer that runs Windows 7.
Your network contains a VPN server that runs Windows Server 2008.
You need to authenticate to the VPN server by using a smart card.
Which authentication setting should you choose?
A.
CHAP
B.
EAP
C.
MS-CHAP v2
D.
PAP
Explanation:
VPN Server Software Requirements
VPN server software requirements for smart card access are relatively straightforward. The remote
access servers must run Windows 2000 Server or later, have Routing and Remote Access enabled,
and must support Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).
EAP-TLS is a mutual authentication mechanism developed for use in conjunction with security
devices, such as smart cards and hardware tokens. EAP-TLS supports Point-to-Point Protocol (PPP)
and VPN connections, and enables exchange of shared secret keys for MPPE, in addition to Ipsec.
The main benefits of EAP-TLS are its resistance to brute-force attacks and its support for mutual
authentication. With mutual authentication, both client and server must prove their identities to
each other. If either client or server does not send a certificate to validate its identity, the
connection terminates.
Microsoft Windows Serverâ„¢ 2003 supports EAP-TLS for dial-up and VPN connections, which enables
the use of smart cards for remote users. For more information about EAP-TLS, see the Extensible
Authentication Protocol (EAP) topic at
www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/auth_eap. mspx.
For more information about EAP certificate requirements, see the Microsoft Knowledge Base article
“Certificate Requirements when you use EAP-TLS or PEAP with EAP-TLS” at
http://support.microsoft.com/default.aspx? scid=814394.