Is Windows Authentication (NTLM) on Windows Server 2008 R2 secure for Sharepoint 2010?

Is it generally c开发者_StackOverflow社区onsidered secure to use Windows NTLM Authentication for Sharepoint 2010 on a Windows 2008 R2 server?

This Sharepoint install WILL BE exposed to the Internet.

Is NTLM in 2008 R2 sent as clear text, or some otherwise easily defeat-able encryption?

I want to be sure we aren't making ourselves vulnerable by this authentication method.

My gut says forms authentication with SSL would be best.

Comments?

Your gut is leading you in the right direction. NTLMv2 can be vulnerable to an attack known as a forwarding attack where an interloper could set up a proxy between your client and server and hijack an authenticated session.