Principle and Application of ssl vpn Technology

With the advancement of e-commerce, enterprise informatization, Education informatization and other informatization processes, the informatization degree of the whole society is continuously improved. Information Processing becomes more and more important in people's work and life. As a typical mode of information processing, the "internal resource processing system" of enterprises and other social organizations rapidly develops and gradually becomes the infrastructure of various businesses of the Organization. A large number of business processing applications are configured on the servers and hosts of these internal resource systems, zookeeper chews confluence, neusiness, and U. S. taobaoyu test zookeeper and zookeeper taobaowu yanyao make plaque hiring the fat plaque cannot be found in the moles of the moles when the stem is knocked by ciwei, the brain is frozen, and the brain is frozen, the brain is frozen, and the brain is frozen. when the class raises the tomb silkworms, why do they scratch? With China's entry into the WTO and the process of economic globalization, remote access and mobile office work have become the common needs of various social organizations to improve work efficiency and competitiveness. Due to the popularity and development of the Internet, the IPSec VPN technology enables remote access to a large amount of data, providing a low operating cost and high production efficiency remote access method. However, IPSec VPN is also insufficient. It is very complicated to use and must install and maintain the client software. In addition, remote connection to the enterprise's internal network through the IPsec channel may increase the possibility of local area network attacks or virus infection. The emergence of ssl vpn (Secure Sockets Layer Virtual Private Network) technology just solves this problem. Ssl vpn helps users access important enterprise applications through standard web browsers. This makes it unnecessary for employees of the Department to carry their own laptops during business trips. They can access enterprise resources only through a computer connected to the Internet, which improves efficiency and convenience for enterprises, at the same time, the security problem is well solved.

 

Ssl vpn Principle

If we separate the two concepts of SSL and VPN, we should be very clear about their meaning, but as a new technology, we may not be very familiar with how they are combined. From an academic and commercial perspective, they are often misinterpreted because they represent different meanings. SSL (Secure Sockets Layer) is a universal protocol that ensures the security of sent information on the Internet. It is at the application layer. SSL uses a public key to encrypt data transmitted over an SSL connection. The SSL protocol specifies the security mechanism for data exchange between the Application Protocol (such as HTTP, telnet, and FTP) and the TCP/IP protocol, provides data encryption, server authentication, and optional client authentication for TCP/IP connections. The SSL protocol consists of three parts: handshake protocol, record protocol, and warning protocol. The handshake protocol is used to determine the session encryption parameters between the client and the server. The record protocol is used to exchange application data. The warning protocol is used to terminate a session between two hosts when an error occurs. VPN (Virtual Private Network) is mainly used in virtual connection networks. It ensures data confidentiality and has certain access control functions. VPN is a very practical technology that can expand the internal network of an enterprise and allow employees, customers, and partners to access the enterprise network over the Internet. The cost is far lower than that of traditional leased line access. In the past, VPN was always associated with IPSec because it was the actual protocol used to encrypt VPN Information. IPSec runs at the network layer. IPSec VPN is mostly used to connect two networks or point-to-point connections. The so-called ssl vpn is actually a term created by the VPN device manufacturer to distinguish it from the IPSec VPN. It refers to the use of the browser's built-in secure socket layer packet processing function, use a browser to connect to the company's internal ssl vpn Server, and then use network packets to allow users to execute applications on remote computers and read internal server data. It uses standard Secure Sockets Layer (SSL) to encrypt data packets in transmission, thus protecting data security at the application layer. High-quality ssl vpn solution ensures secure global access for enterprises. In the ever-expanding Internet web sites, remote offices, traditional transaction halls, and clients, ssl vpn overcomes the shortcomings of IPSec VPN, users can easily achieve secure and easy-to-use remote access without Client installation and simple configuration, thus reducing the total cost of users and increasing the efficiency of remote users. Likewise, it is difficult or even impossible to set a traditional IPSec VPN in these locations because you must change the Network Address Translation (NAT) and firewall settings.

Remote access to the internal network of an enterprise through SSL VPN

Implementation of SSL VPN

Generally, an ssl vpn is implemented by placing an SSL Proxy Server behind an enterprise's firewall. If you want to Securely connect to your company's networkBrowseAfter a URL is entered on the server, the connection is obtained by the SSL Proxy server and the identity of the user is verified. Then, the SSL Proxy Server provides a connection between a remote user and various application servers. Understanding the meaning of the four key terms helps to understand how ssl vpn is implemented. Proxy, application conversion, port forwarding, and network expansion.

Sslvpn gateway must implement at least one function: proxy web page. It will be from the remoteBrowseServer Page requests (using HTTPS protocol) are forwarded to the Web server, and then the server response is returned to the end user. For non-webpage file access, application conversion is often required. Ssl vpn gateway and Microsoft CIFS in the Enterprise Network
OrFTP ServerCommunicationTo convert the responses of these servers to the client into HTTPS protocol and HTML format and send them to the client. End users feel that these servers are Web-based applications.

During proxy and application conversion, the tester found that there was a big difference between these products. Some products support a very small number of application converters and proxies. Some support FTP, Network File System, and Microsoft File Server application conversion. When you select a gateway, you must have a clear understanding of the applications you want to switch to and be able to sort them in order based on their importance.

Some applications, such as Microsoft Outlook or MSN, are lost in the process of converting them into web-based interfaces. Port forwarding is required.Technology. Port forwarding is used for applications with clear port definitions. It needs to run a very small Java or ActiveX program on the terminal system as a port forwarder to listen to connections on a port. When packets enter this port, they are transmitted to the ssl vpn gateway through the tunnel in the SSL connection. The ssl vpn gateway unpacks the packets and forwards them to the target application server. To use a port forwarder, end users need to point to the local application they want to run, rather than to the real application server.

Some ssl vpn gateways can also help enterprises expand their networks. It connects the end user system to the enterprise network and controls access based on network layer information (such as the destination IP address and port number. Although it sacrifices high-level security, it is also in exchange for networks with complex topology structures.ManagementSimple benefits.

Advantages of SSL VPN

In terms of the most important security, the SSL protocol itself isSecurityTechnologyTherefore, ssl vpn can prevent information leakage, reject illegal access, protect information integrity, prevent users from counterfeiting, and ensure system availability, this expands security functions and facilities. First, ssl vpn can implement 128-bit data encryption to prevent data theft during transmission and ensure the security of ERP data transmission. Second, the use of multiple authentication and authorization methods can only allow "correct" users to access the internal network, thus protecting the security of the internal network of the enterprise.

In terms of applicability, ssl vpn does not need to install client software. Remote users only need to use standardBrowseTo access the network resources of the enterprise. In this way, although the cost for purchasing software and hardware is not necessarily low, the deployment cost of ssl vpn is very low. As long as the ssl vpn is installed, it Department support is basically not required, so the maintenance cost is negligible. For those who only need to access the enterprise's internal website or perform e-mailCommunicationFor remote users, ssl vpn is obviously a cheap and cost-effective choice. In addition, the ssl vpn connection is more stable than the IPSec VPN, because the IPSec VPN is a network-layer connection and is easy to interrupt. In additionManagementIn terms of maintenance and operability, the ssl vpn solution can implement fine-grained application-based control, grant different application access permissions based on users and groups, and audit related access operations. In addition, ssl vpn improves the flexibility of the platform, facilitates application scaling, and enhances performance, especially in the sensitive topic of reducing costs and effectively protecting user investment, ssl vpn has won the user's favor.

It is worth mentioning that today's Web has become an unstoppable standard platform, and more enterprises are beginning to port their systems to the Web. Ssl vpn, through special encrypted communication protocols, is considered to be the best way to achieve remote secure access to web applications, allowing users to connect to the enterprise intranet anytime, anywhere or even on mobile devices, it will bring high benefits and convenience to enterprises.

Without a doubt, with the deepening of enterprise informatization, the demand for remote secure access and collaborative work will become increasingly apparent, and SSL VPNTechnologyBecause of its comprehensive advantages, it replaces the traditional networkingTechnologyIt is not far from becoming mainstream.

Ssl vpn Application

Ssl vpn can provide multiple remote access services for enterprises. We will introduce the following common services:

E-mail: for enterprisesCommunicationIs a basic function. IPSec VPN can protect the security of the mail system. However, IPSec VPN must install client software and connect to the enterprise network before using the internal mail system. If employees use others' computer devices or in other networks, they will face the obstacles brought about by the address translation and security policies of the firewall of the other party and cannot connect to the enterprise network, therefore, the internal email system cannot be used. It is another headache for outgoing staff to be unable to connect to the internal network of the company due to these problems in the wine and electricity. Ssl vpn provides a better solution for employees to use anyBrowseYou can access the Web-based email system and send and receive emails through a secure channel established by the ssl vpn. Ssl vpn also hides all domain names and server addresses in the enterprise to improve the security of the enterprise network.

Intranet access: even if you are not in the office, enterprise employees also need to use some file resources in the Intranet. However, in general, the enterprise does not open the entire internal network for file access. Ssl vpn allows employees to use anyBrowseTo access specific internal resources.

Network Resources for partners: to improve work efficiency and enhance partnerships, enterprises usually open internal sites and network resources for partners. Considering the confidentiality of enterprise information, how to ensure that only the specified partner can access the corresponding resources and ensure that the information is not intercepted when transmitted over the network becomes a problem that enterprises must solve. During the deployment of IPSec VPN, the access restriction to end users cannot be guaranteed. That is, only the partner is allowed to access the specified resources in the internal network. The deployment of IPSec VPN requires that the security policy of the partner's firewall be changed, this is hard to implement. Ssl vpn does not have the above problems. enterprises can even restrict a partner to access only some pages and folders on one site without modifying the partner's security policies, the partner can access the Internet.

Current format

With the increasing number of web applications and the increasing demand for remote access, ssl vpn is becoming a popular market. Although most of the remote access services are implemented by IPSec VPN, some Insiders pointed out that about 90% of enterprises only use IPsec VPN for emailCommunicationOnly 10% of users use IPsec VPN to access non-web applications. That is to say, at present, 90% of IPSec VPN applications can be implemented by ssl vpn, while ssl vpn is easier to configure andManagementThe implementation cost is much lower than that of IPSec VPN. After several years of development, many large companiesTechnologyIt attracts internationally renowned vendors, including Cisco, Nokia, and array networks. Currently, almost all mainstream businessesBrowseSSL is integrated, so no additional software is required to implement ssl vpn. Infonetics predicts that the global sales of ssl vpn devices will continue to grow in the next few years. Ssl vpn provides new revenue-generating opportunities for carriers. The advantage it creates for carriers and end users is anyTechnologyAre incomparable. Now, the deployment of ssl vpn in some level 1 operators has been successful, and the time has come for the rapid development of ssl vpn.