Remote Access Authentication Protocols
By Stephen Bucaro
A remote access authentication protocol is the method by which remote users will be authenticated
when they log on the network. One (unwise) choice is to allow users to log on without authentication.
Extensible Authentication Protocol (EAP)
EAP allows for authentication of a remote access connection through the use of authentication schemes,
known as EAP types. EAP offers the strongest security by providing the most flexibility in
authentication variations. EAP can support authentication mechanisms, such as token cards, smart cards,
certificates, and public key encryption authentication.
Challenge Handshake Authentication Protocol (CHAP)
CHAP enables authentication without having the user send their password over the connection. The server
sends a challenge message to the connection requester. The requester responds with a value obtained
by using the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt the response. The server
checks the response by comparing it its own calculation of the expected hash value. MS-CHAP, which
supports only Windows Servers, works the same way as CHAP.
Password Authentication Protocol (PAP)
PAP is the least secure authentication protocol. The username and password is sent in plaintext.
It does not protect against anyone listening to network traffic from stealing the username and password.
It is used only when the remote access client or the remote access server cannot negotiate a more
secure form of validation.
More Network Security Articles:
• How to Become a Professional Ethical Hacker
• Secure, Network Compliant BYOD (Bring Your Own Device) Solutions
• The Use of HoneyPots and HoneyNets to Trick Hackers
• The Basics of Network Security
• Elementary Information Security
• What is Penetration Testing?
• Difference Between Rule and Role Based Access Control
• What Roles Do Firewalls and Proxy Servers Play in Network Security?
• Implementing a Secure Password Policy
• Network Security Model - Defining an Enterprise Security Strategy