một tuyên bố khu vực quy định cụ thể tên khu vực và vị trí của các tập tin tên là. conf tập tin trên máy chủ BIND. Tuy nhiên, Microsoft Active Directory tích hợp khu vực vẫn còn cung cấp một mức độ bảo mật cao hơn. Vì lý do này, nó thích hợp hơn để sử dụng các vùng tích hợp Active Directory. | Planning Implementing and Maintaining a Remote Access Strategy Chapter 7 511 10. Click OK to exit the Authentication Methods dialog box and then click OK to exit the Properties dialog box and save the changes. Test Day Tip You can also restrict authentication methods by changing settings in the Authentication tab of the Properties dialog box for a Remote Access Policy. Policies are described in detail later in this chapter. Using MS-CHAP v2 MS-CHAP v2 is a more secure version of MS-CHAP. This version uses stronger initial encryption keys uses different keys for sending and receiving data and supports mutual authentication this means that after the server sends a challenge to the client and the client responds correctly proving that it has the correct password the client sends its own challenge to the client disconnects immediately if the server responds incorrectly to this challenge. This enables the client to detect a server attempting to impersonate the legitimate server. MS-CHAP v2 is supported by operating systems as old as Windows NT and Windows 98 and is even supported by Windows 95 if the Dial-Up Networking upgrade is installed. This means that unless you are supporting very old computers there is no need to risk security by supporting MS-CHAP v1. Using EAP EAP Extensible Authentication Protocol is not itself an authentication protocol but provides a framework that enables authentication using a variety of different methods known as EAP following are the EAP types supported by Windows Server 2003 EAP-MD5 A challenge-response protocol similar to CHAP. This method uses reversible encryption to store passwords and is thus vulnerable to the same security problems as CHAP. EAP-TLS Transport Level Security A high-security protocol based on the SSL Secure Sockets Layer system used for Web server security. EAP-TLS uses encrypted certificates for authentication. It also supports mutual authentication similar to MS-CHAP v2. This is considered