What is ssl vpn?

Source: Internet
Author: User
Tags remote desktop access

Ssl vpn Definition

The development of ssl vpn is a supplement to the existing SSL applications. It increases the access control and security level and capability of the company.

Ssl vpn also helps enterprises that use remote access to the application system to reduce their security. In terms of attributes, dialing ensures relative security, because a specific telephone line can identify a user. The client/server and the earlier version of VPN also have a certain level of security protection capability, because the client software needs to be installed. However, with such security policies and attributes, it is undeniable that hacker intrusion, security threats, and identity fraud are on the rise. Now, the security feature of ssl vpn has changed, and people can access applications through browsers.

If the two concepts of SSL and VPN are separated, most people know what they mean, but how many people know what they mean? From an academic and commercial perspective, they are often misinterpreted because they represent different meanings.

SSL protects the security of data transmitted over the Internet by means of encryption. It can be automatically applied to every browser. Here, you need to provide a digital certificate to the Web server. This digital certificate needs to be paid for purchase. It is relatively easy to set up SSL services for applications. If the application itself does not support SSL, free vpn you need to change some links, which are only related to the application. If there is a large amount of information, it is recommended to accelerate SSL to avoid traffic bottlenecks. Generally, an SSL accelerator is a hot swapping device.

VPN is mainly used in virtual connection networks. It ensures data confidentiality and has certain access control functions. In the past, express vpn VPN was always associated with IPSec because it was the actual protocol used to encrypt VPN Information. IPSec runs at the network layer. IPSec VPN is mostly used to connect two networks or point-to-point connections.

We have briefly introduced SSL and VPN. Now we need to know how SSL and VPN are combined? A large number of theories can prove the uniqueness of SSL and the security and remote access control capabilities that VPN can provide. So far, ssl vpn is the simplest and safest solution to remote user access to sensitive company data. Compared with complex IPSec VPN, what is a vpn SSL implements remote information communication through easy-to-use methods. Any machine that installs the browser can use ssl vpn, because SSL is embedded in the browser and does not need to install client software for each client like the traditional IPSec VPN. This is critical to users who have a large number of machines (including household machines, working machines and clients) that need to be connected to confidential company information. It is widely believed that it will become a new generation of secure remote access.

What is an ssl vpn?

Many factors can prove that ssl vpn is a solution to remote access problems. As more and more companies struggle to balance access control, security, and ease of use, ssl vpn has given the best answer. In a recent infonetics survey, they pointed out: "By 2003, 59% of mobile users will use VPN, and by 2005, this number will rise to 74%; most of the added content comes from ssl vpn, because it can avoid the troubles caused by Client installation and management. "Gartner Vice President John Girard made a wonderful comment on ssl vpn in a recent research report:" as a traditional VPN upgrade, what is vpn enterprises that want to deploy their secure remote access system in a simpler and more flexible way should consider using ssl vpn as a new investment. Now, many enterprises have begun to deploy their systems using this SSL-based VPN solution, best vpn which is simple, easy to use and does not require high fees. "

The value of ssl vpn includes many aspects. The most important thing is to improve access control capabilities, secure and easy to use, and high ROI.

Access Control ssl vpn is more effective for access control because centralized management is implemented for users. All remote access is controlled through the ssl vpn console, which can monitor user permissions more effectively. These users may be employees, partners, or customers of the company. All access is restricted at the application layer and permissions can be subdivided into one URL or file.

However, when using IPSec VPN, security permissions are limited to the network.

Ii. Rap remote access for SSL VPN"
Remote Access Pass (Remote Access System)

Secure Remote Access Solution

Introduction

Remote Access Pass (Remote Access System) allows you to securely access any Windows PC in the enterprise LAN Based on your browser. the keyboard, mouse, and display interface changes are compressed and encrypted in a large proportion for transmission. Broadband Users can experience an immersive experience. Even through dial-up connections, users will be satisfied with its amazing performance.

Remote Access Pass (Remote Access System) includes the following functions:

Remote Control: You can run an adaptive program based on any browser to access desktop applications in the Intranet of the enterprise (even if the application is not web-based ).

File Transfer: Transfers files, folders, and shared directory resources between computers quickly and easily. The upload/download speed is equivalent to that of FTP.

Remote Boot: You can remotely wake up your host on the Intranet.

Java JSP: a JVM webpage that dynamically runs on any remote terminal.

Java Applet: supports remote access connections running on any remote terminal. remote clients support almost all operating systems, including windows, Mac, and Unix PCs.

The overall structure of remote access pass is composed of the following five parts:

Enterprise Intranet HOST: the control of the target machine in the Intranet belongs to the user, and the target computer is registered by the authorized user. During the registration process, the Remote Access Gateway generates a certificate based on the RSA algorithm to the target computer, and stores the certificate together with the private key of the target computer, to authenticate the relationship between the target computer and the user and establish an SSL secure channel.

Remote Terminal: On the user end, the staff needs to open a browser, access the public IP address of the enterprise, enter the user name and password, and then click the target host name to connect. The remote client automatically sends an SSL-based encryption request to the app module.

APP module: listens for external connection requests and maps them to the registered target machine.

Through a remote browser, JSP dynamically runs the corresponding interaction with the Java Servlet in this module to implement authentication and file transmission. At the same time, when a remote connection is completed, the app will assign a session task to relay. in this case, the remote terminal's Java Applet automatically loads and runs, and any small or short event will be executed accurately.

Relay: Transfers encrypted data packets with a high compression ratio between a remote terminal and an Intranet host.

Admin System Management Platform: allows the enterprise administrator to easily add or remove users, set the account to be temporarily invalid or valid, and delete the target host.

Any enterprise is most concerned with how to maintain the integrity of the enterprise network and the confidentiality of sensitive data. Security is the most critical factor when Internet-based network applications are expanded to mobile workers.

Remote Access Pass (Remote Access System) is built and developed based on key security measures, as described in this article.

Complete security

The remote access pass remote access system provided by helm systems is a very powerful, robust, and secure system.

Secure Device

As a hardware working device, remote access pass (Remote Access Pass) cannot be controlled and managed by unauthorized ordinary people, even though it is not provided on the display screen. Only the system administrator of an enterprise can manage and set it through logon, and all operations are very simple and easy.

Secure Application Platform

Remote access pass the remote access system runs on a solid, high-quality, and reliable Linux application platform. All remote access systems have passed breakthrough tests, which constantly monitor any suspicious behavior and make detailed system records.

Reliable and Scalable System Structure

The entire system structure is designed to be reliable and secure. Supporting clusters and redundancy ensures the high practicability and scalability of the system.

A large number of Image Compression and encryption/Decryption work on remote terminals and Intranet hosts, the core module of the remote access system is mainly responsible for verifying the identity of both the user and the microcomputer at the beginning of the connection, and establishing an interactive session after the remote terminal and the Intranet host are connected, we constantly verify the authenticity of the identities of both parties and prevent external illegal intrusion. This effectively solves common network bottlenecks and enables the system to achieve optimal performance.

Protect Users' confidentiality

Helm systems knows that any enterprise is most concerned about network security. Remote Access Pass (Remote Access System)

Provides powerful security and confidentiality policies to prevent information of individual users or enterprises from being leaked.

The system administrator of the enterprise that accesses user information is the only one who can manage and control the remote access pass (Remote Access Pass). Of course, this is within the restricted scope. In order to provide better technical services, they need to do some basic work that everyone knows.

Session records of remote access pass (Remote Access Pass System) will be used by enterprises to further improve the quality of network services and perform performance analysis. The remote access system records domain names, browsers, and MIME types in interactive communication. Of course, the data is centrally reflected and recorded, and cannot be associated with any individual or enterprise account.

Ensure transmission confidentiality

With Remote Access Pass (remote access system), the system administrator can access the abstract of the enterprise account instead of accessing a user's remote connection. In fact, although the relay of the remote access pass (Remote Access Pass System) undertakes the interactive transmission between the remote terminal and the Intranet host, these information packets are encrypted for transmission, no one can crack the transmission information. No one except the user can have the computer remote control password that generates the key, so the session activities created by each user will not be affected by any security threats.

Security Management Policy

Remote Access Pass (Remote Access System) provides a secure system management platform for enterprise system administrators to manage access by legal staff and prevent unauthorized connections.

Secure Operation Interface

The online system management platform does not need to install any client software, but can be managed through an intranet computer using a browser. Once the enterprise installs and deploys the remote access pass (remote access system), the system administrator of the Enterprise will receive detailed instructions for use.

Remote Access Pass (Remote Access System) is verified based on the X.509 digital signature system. The Administrator identity must be authenticated again using the username/password. After the connection is established, all transmission management is performed based on the encrypted SSL protocol, so as to protect the confidentiality of enterprises and individuals from being leaked and modified.

Add new user

Only the System Administrator is authorized to add new users. The administrator can easily add new users through the system management platform. The system sends an email to each new user, which contains a temporary random password. Then, change the password.

The password is converted into a new large number password and stored in the database through a series of irreversible algorithms such as MD5 for authentication. This method is very suitable for enterprises to deploy a wide range of networks, while maintaining rigorous Enterprise Authentication management.

The system management platform for disabling and deleting user accounts can also be used to check the activity status of individuals or groups, and can temporarily stop or permanently delete user accounts. For affected users, the system will automatically send an email to indicate that the account has been disabled or deleted. After that, users of these accounts will be rejected for their access requests.

Secure installation service

The software installation and Upgrade Procedures of remote access pass (Remote Access Pass) are designed from the perspective of Enterprise Security.

Digital Signature Application Software

Users in the Intranet can use the "register computer" operation to automatically download host service programs. During the registration process, the Remote Access Gateway generates a certificate based on the RSA algorithm to the target computer, and stores the certificate together with the private key of the target computer, to authenticate the relationship between the target computer and the user and establish an SSL secure channel. The registration program of the Intranet host is required, and the client does not need to install any software.

All remote access pass applications are digitally signed and automatically updated and upgraded. Signature verification is required for all installation and upgrade processes to prevent Trojans disguised as legitimate remote access pass (Remote Access System) software.

The client does not have any security parameter settings. The system only verifies the user's login name, account password, and computer remote control password. This is to prevent incorrect parameter settings. Therefore, every user must protect his/her password safely.

Firewall compatibility

Remote Access Pass (Remote Access System) is firewall friendly. It only uses port 80 and port 443 of HTTP/tcp for access. Because most firewalls open these ports to communicate with the Internet. If you use the remote access system for remote access, you do not need to set up bypass access or make any changes to the firewall settings of the headquarters, branches, and remote office sites.

Many other solutions require the target host to have a public IP address. The remote access pass remote access door system is different. The intranet host continuously sends the "upcall" command to the app module at a fixed interval to check the connection request. This makes the remote access system fully compatible with the firewall, dynamic IP address, and NAT/PAT settings of various application proxies. Therefore, enterprises can easily and easily control and manage remote access pass (remote access system.

Protect Computer Access

The target host in the enterprise intranet must register with the remote access system to establish a remote connection. The registration program must be physically performed before the target host. It does not support remote deployment, which also prevents the possibility of "Placing" the trojan program.

Only authorized users can register their computers. As the computer owner, he must log on with an authorized user name and temporary password, and then start management of his computer, including registering the target host, modifying the temporary password, and setting up the computer remote control password.

Protect confidential data

The remote access pass (Remote Access System) forms a high-compression encryption package for data transmission, which ensures data security without sacrificing performance. All transmission applications between the client and the target machine, such as screen images, file transmission, keyboard/mouse input, etc., are encrypted based on secure SSL protocol.

When each valid connection is initially established, the remote access system allocates a random 32-digit random number at a time. The random number system can be used to determine the uniqueness of the current connection. This prevents hackers from using Replay Technology for attacks or adding legitimate connections.

For third-party attackers, encrypted binary data makes it extremely difficult to modify information packets or guess the encryption key through transmission analysis.

Access protected by strict Authentication

The confidentiality of remote access pass (Remote Access Pass) is based on strict and powerful verification. Each part of the remote access pass (Remote Access Pass), including the app module, admin management platform, relay, remote terminal, and Intranet host, is also strictly verified, only after the verification is passed can the service be added to secure enterprise resources.

The remote access pass remote access system requires that each password can contain letters and numbers and be case sensitive. The longer and more complex the password settings, the stronger the protection.

Multi-level nested Password

When you enter the logon password, the remote access system uses the password technology to protect sensitive data. The entered passwords are displayed in ciphertext.

Remote Access Pass (Remote Access System) uses multiple nested passwords to ensure its security. The app module uses digital signatures for self-verification. It performs digital signatures for all Java programs and system software. Remote user authentication is implemented by logging on with the user name/password encrypted Based on the MD5 algorithm. When an intranet host registers with an app, the Remote Access Gateway generates a certificate based on the RSA algorithm to the target computer, and stores the certificate together with the private key of the target computer in the target computer, to authenticate the relationship between the target computer and the user and establish an SSL secure channel.

End-to-End Verification

When a remote terminal establishes a connection with an intranet host, they also use the user's password (computer remote control password) to encrypt and exchange the key to protect data, that is, use the remote control password to digitally sign the key code. To encrypt and decrypt data packets between the remote terminal and the Intranet host. This key protects mutual authentication based on the signature information of the Trib-DES algorithm.

As long as the user securely protects his password, only the user can establish a connection with the Intranet host.

Timeout setting

Remote visitors may leave a public PC or an unattended home PC without logging out. the remote access pass (Remote Access System) uses the timeout setting function in the Enabled state to reduce the risk. If your session remains in the enabled status for 15 minutes, the remote user account will automatically log out of the remote access pass (remote access system.

Remote terminals are left blank

The remote terminal only uses the browser and dynamically runs Java JVM. When the user exits the application or closes the browser, the session will be cleared and no trace of the user will be left on the remote terminal.

System-level access control

Remote Access Pass (remote access gate system) provides a system-level Remote Access Control Technology, allowing users to more effectively control resources in the enterprise LAN. The remote user using the remote access system enters his Windows logon password, and then he gets the file-level, owner, and domain-level permissions authorized by the enterprise. In other words, remote users do not have other paths to access the enterprise intranet. They can only access proprietary desktop applications and are under the management control of the existing LAN.

Provide monitoring access to the company

Through the remote access pass (Remote Access Pass System) system management platform, enterprises can record connection conditions and maintain session logs. This is for the purpose of security, statistics, and review.

The system administrator of an enterprise can view activity and historical session records. Includes the user name, host name, Client IP address, session start/End Time, session usage time, and session type.

The admin management platform of the remote access system can also be used to collect various required data, including the number of users, session statistics, and Session Access time. The standard statistical report can be used to analyze the "unconventional access" mode, including long session exceptions, unexpected Client IP addresses, and code for abnormal shutdown. This information is very helpful for fault diagnosis and troubleshooting.

System Administrators can only access this information within the limits, and only perform necessary basic work.

Remote Intranet web server access

Summary
The role of ssl vpn rap: Provides secure remote access services and protects users' secrets with actual actions; constantly improves enterprise-level security and remote access control tools; multi-level authentication and advanced encryption technologies are used to protect the security of interactive remote sessions. The final result is that remote access pass is a powerful, secure, and reliable Remote Access solution.

Advantages and disadvantages of ssl vpn abroad

1. Most foreign products have been tested in foreign markets and are basically mature products, but there are some pseudo ssl vpn products to catch up with the fashionable concept of ssl vpn.

2. ssl vpn in foreign countries, in addition to whale communications, all other products use reverse proxy technology to process internal HTML webpages. As a result, many special applications cannot support

3. Many foreign products are not strictly client-less products. In many practical applications, dynamic downloading plug-ins or acticex are used to bring security risks, it is also technically simple and easy to implement.

4. Foreign ssl vpn generally does not support Remote Desktop Access

5. Foreign ssl vpn products currently support a wide range of applications, such as email, Lotus, exhange, FTP, telnet, and other applications.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.