• Challenge Handshake Authentication Protocol measures and matches the algorithms to authenticate clients.binary digits - computer science image by drx from Fotolia.com
  
  Authenticating securely over a network makes a big difference, especially if you have important data that you do not want to compromise. PAP (Password Authentication Protocol), a commonly used authentication method, requires users to authenticate from remote servers, but it is still insecure. Use PAP only if the environment does not support other authentication methods; however, it is advisable to replace it with a more secured authentication protocol.
  
  

Challenge Handshake Authentication Protocol

• CHAP (Challenge Handshake Authentication Protocol) is a secure authentication protocol that is safe to use once implemented. Unlike PAP, CHAP uses a representation of the user's password rather than the actual password itself. The remote server sends a challenge to the remote client by using hash function to compute an MD5 (Message Digest-5) hash result in response to the challenge. The remote access client, in turn, sends back the MD5 hash result to the remote server. The remote access server calculates the algorithm by accessing the hash result and compares the result to the one sent by the client. Once the remote server sees a resulting match, it confirms the credentials of the client and allows it to access the remote server. This two-way handshake makes CHAP secure.
  
  

Extensible Authentication Protocol

• EAP (Extensible Authentication Protocol) is a secure authentication protocol used for the framework by providing an infrastructure for remote clients and authentication or remote servers to host plug-in modules for their methods of authentication (current and future). EAP supports a number of authentication schemes including smart cards, Kerberos, Public Key, One Time Passwords and others. Use EAP when you want to authenticate PPP (Point-to-Point Protocol)-based connections, which include dial-up, VPN (Virtual Private Network) remote access and site-to-site connections. EAP is also useful in authenticating wired and wireless network switches (Ethernet switches and routers) and wireless access points in IEEE (Institute of Electrical and Electronics Engineers) 802.1x-based network access.
  
  EAP uses a fixed series of messages sent in a specific order, which allows an open-ended exchange of messages between the remote client and the remote server. The EAP method determines the length and details of the authentication between the client and server.
  
  

Internet Protocol Security Authentication

• IPSec (Internet Protocol Security) authentication is a secure way of authenticating over the Internet. It allows users to encrypt and/or sign messages in order to send confidential, highly sensitive materials over the network. IPSec transmissions use authentication methods that include Kerberos, trusted CA (Certificate Authority) or shared secret keys or strings. It is important that the senders and recipients have the same authentication method to keep the communication exchange secure. In other words, the sender and the receiver will not be able to communicate securely if either one does not support the same authentication method.