| Scooty 2007-10-09, 1:13 am |
| Hi all
I am hoping someone could offer some insight into the following
I have evaluated the RSA Authentication Manager using token based
authentication. This uses EAP and I believe this is very secure
I currently have a Windows 2003 RRAS server located in a DMZ that uses
RADIUS to talk back to the server on the inside network that runs the
RSA software. The firewall is set to only allow port 1723 PPTP and
port 47 GRE from the outside to the RRAS server, the firewall is also
set to only allow ports 1812 and 1813 from the RRAS server in the DMZ
to the inside server running RSA Auth Manager and IAS
I have also setup the RRAS server to still use RADIUS to talk back to
the same inside server using Microsofts IAS using MS-CHAP v2 as part
of my testing
I would like to know how secure MS-CHAP v2 is compared to using the
RSA method
I like the MS-CHAP v2 as I don't need to install any 3rd party
software on the users workstations like I do with the RSA solution
Also ensuring I have a strong password policies in place I like the
fact that I can use my AD username and password to authenticate,
whereas the RSA uses a user set PIN and a token that changes every 60
seconds, it doesn't really integrate with AD but instead just does an
LDAP query of users in AD at predefined intervals. I also find the
interface of RSA Authentication Manager 6.5 pretty clunky
Any pros and cons would be most appreciated
|