VPN, or Virtual Private Networking services in Microsoft Windows supports a number of authentication protocols such as EAP-TLS, mS-CHAPv2 and so on. Since the security of VPN must be superior, you should choose the protocol that best matches your environment.
EAP-TLS assumes using smart cards, or your network has a CA (certificate authority) issuing user certificates.
MS-CHAPv2 assumes using password-based authentication method, hence you will need to make use of Group Policy and other means to force using strong passwords.
Less secure protocols such as MS-CHAP, CHAP, PAP and so on should only be used if backward compatibility must be provided. Proper monitoring is also advised in such cases to prevent accounts compromising or at least providing means to detect such attempts as soon as possible.
EAP-TLS assumes using smart cards, or your network has a CA (certificate authority) issuing user certificates.
MS-CHAPv2 assumes using password-based authentication method, hence you will need to make use of Group Policy and other means to force using strong passwords.
Less secure protocols such as MS-CHAP, CHAP, PAP and so on should only be used if backward compatibility must be provided. Proper monitoring is also advised in such cases to prevent accounts compromising or at least providing means to detect such attempts as soon as possible.
