Hi all I am hoping someone could offer some insight into the following I have evaluated the RSA Authentication Manager using token based authentication. This uses EAP and I believe this is very secure I currently have a Windows 2003 RRAS server located in a DMZ that uses RADIUS to talk back to the server on the inside network that runs the RSA software. The firewall is set to only allow port 1723 PPTP and port 47 GRE from the outside to the RRAS server, the firewall is also set to only allow ports 1812 and 1813 from the RRAS server in the DMZ to the inside server running RSA Auth Manager and IAS I have also setup the RRAS server to still use RADIUS to talk back to the same inside server using Microsofts IAS using MS-CHAP v2 as part of my testing I would like to know how secure MS-CHAP v2 is compared to using the RSA method I like the MS-CHAP v2 as I don't need to install any 3rd party software on the users workstations like I do with the RSA solution Also ensuring I have a strong password policies in place I like the fact that I can use my AD username and password to authenticate, whereas the RSA uses a user set PIN and a token that changes every 60 seconds, it doesn't really integrate with AD but instead just does an LDAP query of users in AD at predefined intervals. I also find the interface of RSA Authentication Manager 6.5 pretty clunky
Any pros and cons would be most appreciated