SSL VPN技术应用研究
|
摘要
随着互联网的发展,网上交流与交易已经成为人们工作的重要方式,如何保证网络中传输的敏感信息的安全成了迫在眉睫的问题。VPN作为新一代Internet安全技术,能够提供简单、廉价、安全、可靠的Internet访问通道,通过公共网络实现异地的内部网络互连或开通专用的业务通道。
本文研究了基于安全套接字层(SSL)协议的VPN技术,这是VPN领域中一项较新的技术,有着广阔的研发前景。本文在介绍VPN理论的基础上,论述了SSL协议的组成和SSL VPN系统的工作原理,重点研究了SSL VPN系统在身份认证、密钥交换、数据加密、数据摘要,这些安全问题上采用的策略,提出在具体构建校园网VPN系统时采用的算法。
校园网作为一种规模较大的计算机局域网络,是开展网络技术研究的重要阵地。本文在深入分析华立学院校园网现状的基础上,设计并实施了校园网VPN系统,用SSLVPN技术解决了校园网建设中存在的两个问题:第一,一所大学拥有跨地域的多个校区,是很多大学都存在的普遍现象,校园网的数据资源和服务资源往往集中在主校区校园网上。用SSL VPN技术,能以最低廉的成本把各个校区的局域网构建成内联网VPN,实现校园内部资源安全共享。第二,教职工有越来越多的移动办公的需求,在家或出差在外时需要访问校园网内部资源。用SSL VPN技术,能以最简单的方式实现对校园网的远程访问。本文最后对校园网VPN系统进行了测试,在一定程度上验证了本文提出的方案的有效性。通过本项目的实施,证明了VPN技术应用于校园网,可以突破校园专用网的地域性限制并优化校园网的管理和应用。
With the development of Internet,online communication and trading have become an essential part in the workplace, where heavy emphasis will be placed on keeping information and data transferred across Internet secured. As a new-generation security technology, VPN (Virtual Private Networks) can provide easy to use, low cost, secure and reliable Internet accesses, and create private network connections over public networks.
VPN based on Secure Socket Layer (SSL) protocol is researched in this paper. SSL VPN is a new technology in VPN research field. And it's application and exploitation will be developed well in the future. VPN theory is introduced as a base in this paper. The structure of SSL protocol and the function principle of SSL VPN system are dissertated. The method that SSL VPN solve secure problem such as authentication, key-exchange, cryptography and data digest is researched as emphases in this paper. Practical arithmetic that will be applied to building campus VPN later is analyzed here.
Campus network is an important base of researching network technology Based on the analysis of the actual network structure of HuaLi collage campus network, the campus VPN system is designed and built. This system adopted SSL VPN technology, which solved two problems in our campus network. First, there are more than one campus areas in a University. But the resource is often centralized in the main campus area network. Building campus area Intranet VPN using SSL VPN technology is the cheapest way, which make intramural resource share come true. Second, teachers often work out of campus, which need access intramural data of campus network. Building long-distance access VPN is the simplest way to solve this problem. Testing of the campus VPN system verifies the availability of the plan to some extent. It is proved that VPN can break the regional limit of the campus network and give better administration means of the campus network.
本文研究了基于安全套接字层(SSL)协议的VPN技术,这是VPN领域中一项较新的技术,有着广阔的研发前景。本文在介绍VPN理论的基础上,论述了SSL协议的组成和SSL VPN系统的工作原理,重点研究了SSL VPN系统在身份认证、密钥交换、数据加密、数据摘要,这些安全问题上采用的策略,提出在具体构建校园网VPN系统时采用的算法。
校园网作为一种规模较大的计算机局域网络,是开展网络技术研究的重要阵地。本文在深入分析华立学院校园网现状的基础上,设计并实施了校园网VPN系统,用SSLVPN技术解决了校园网建设中存在的两个问题:第一,一所大学拥有跨地域的多个校区,是很多大学都存在的普遍现象,校园网的数据资源和服务资源往往集中在主校区校园网上。用SSL VPN技术,能以最低廉的成本把各个校区的局域网构建成内联网VPN,实现校园内部资源安全共享。第二,教职工有越来越多的移动办公的需求,在家或出差在外时需要访问校园网内部资源。用SSL VPN技术,能以最简单的方式实现对校园网的远程访问。本文最后对校园网VPN系统进行了测试,在一定程度上验证了本文提出的方案的有效性。通过本项目的实施,证明了VPN技术应用于校园网,可以突破校园专用网的地域性限制并优化校园网的管理和应用。
With the development of Internet,online communication and trading have become an essential part in the workplace, where heavy emphasis will be placed on keeping information and data transferred across Internet secured. As a new-generation security technology, VPN (Virtual Private Networks) can provide easy to use, low cost, secure and reliable Internet accesses, and create private network connections over public networks.
VPN based on Secure Socket Layer (SSL) protocol is researched in this paper. SSL VPN is a new technology in VPN research field. And it's application and exploitation will be developed well in the future. VPN theory is introduced as a base in this paper. The structure of SSL protocol and the function principle of SSL VPN system are dissertated. The method that SSL VPN solve secure problem such as authentication, key-exchange, cryptography and data digest is researched as emphases in this paper. Practical arithmetic that will be applied to building campus VPN later is analyzed here.
Campus network is an important base of researching network technology Based on the analysis of the actual network structure of HuaLi collage campus network, the campus VPN system is designed and built. This system adopted SSL VPN technology, which solved two problems in our campus network. First, there are more than one campus areas in a University. But the resource is often centralized in the main campus area network. Building campus area Intranet VPN using SSL VPN technology is the cheapest way, which make intramural resource share come true. Second, teachers often work out of campus, which need access intramural data of campus network. Building long-distance access VPN is the simplest way to solve this problem. Testing of the campus VPN system verifies the availability of the plan to some extent. It is proved that VPN can break the regional limit of the campus network and give better administration means of the campus network.
引文
[1]黄河.计算机网络安全.清华大学出版社,2008.9:156-162
[2]冯登国.网络安全原理与技术.科学出版社,2003.9:99
[3]戴宗坤,唐三平.VPN与网络安全.电子工业出版社,2002.9:173
[4]Mark Lucas, Abhishek Singh, Chris Cantrell.防火墙策略与VPN配置.中国水利水电出版社,2008.1:189-196
[5]Charlie Kaufinan, Radia Perlman.Mike, Speciner.网络安全.电子工业出版社,2004.9:152-162
[6]马春光,郭方方.防火墙入侵检测与VPN.北京邮电大学出版社,2008.8:179-180
[7]Carlton R, Davis.IPSec VPN的安全实施.清华大学出版社,2002.1:165-202
[8]何玲.SSL VPN系统的研究及在校园网中的应用.天津大学硕士论文,2006.12.1
[9]何桂丽.基于虚拟网卡的SSL VPN系统中安全访问控制的设计与实现.华中科技大学硕士论文,2007.1.27
[10]菅永超.基于隧道技术的SSL VPN的改进与设计.华中科技大学硕士论文,2007.1.27
[11]刘明杰.一种基于Open VPN和智能卡的多级安全网络设计.南京理工大学硕士论文,2008.7.1
[12]陈剑斌.SSL VPN系统的设计与实践.华中科技大学硕士论文,2007.6.8
[13]贺济美.SSL VPN的分析与设计.华中科技大学硕士论文,2006.5.8
[14]蒋琳.基于专用协议栈的防火墙系统中VPN网关的实现.暨南大学硕士论文,2005.5
[15]周祎超.SSL VPN服务器的设计及实现.北京工业大学硕士论文,2007.12.1
[16]杨萍.:SSL VPN系统研究与设计.中南大学硕士论文,2007.5.1
[17]马涛.SSL VPN网关产品的设计与实现.电子科技大学硕士论文,2009.5.1
[18]马丽香.IPSec VPN与SSL VPN的对比.山西科技,2007.3.20
[19]张爱科,曾春.IPSec VPN与SSL VPN的对比研究.柳州职业技术学院,545006
[20]余胜生,欧阳长春.周敬利,等.访问控制技术在SSL VPN系统中的应用.华中科技大学学报,2006.7
[21]周敬和,曾海鹏.SSL VPN服务器关键技术研究.计算机工程与科学,2005第6期
[2]冯登国.网络安全原理与技术.科学出版社,2003.9:99
[3]戴宗坤,唐三平.VPN与网络安全.电子工业出版社,2002.9:173
[4]Mark Lucas, Abhishek Singh, Chris Cantrell.防火墙策略与VPN配置.中国水利水电出版社,2008.1:189-196
[5]Charlie Kaufinan, Radia Perlman.Mike, Speciner.网络安全.电子工业出版社,2004.9:152-162
[6]马春光,郭方方.防火墙入侵检测与VPN.北京邮电大学出版社,2008.8:179-180
[7]Carlton R, Davis.IPSec VPN的安全实施.清华大学出版社,2002.1:165-202
[8]何玲.SSL VPN系统的研究及在校园网中的应用.天津大学硕士论文,2006.12.1
[9]何桂丽.基于虚拟网卡的SSL VPN系统中安全访问控制的设计与实现.华中科技大学硕士论文,2007.1.27
[10]菅永超.基于隧道技术的SSL VPN的改进与设计.华中科技大学硕士论文,2007.1.27
[11]刘明杰.一种基于Open VPN和智能卡的多级安全网络设计.南京理工大学硕士论文,2008.7.1
[12]陈剑斌.SSL VPN系统的设计与实践.华中科技大学硕士论文,2007.6.8
[13]贺济美.SSL VPN的分析与设计.华中科技大学硕士论文,2006.5.8
[14]蒋琳.基于专用协议栈的防火墙系统中VPN网关的实现.暨南大学硕士论文,2005.5
[15]周祎超.SSL VPN服务器的设计及实现.北京工业大学硕士论文,2007.12.1
[16]杨萍.:SSL VPN系统研究与设计.中南大学硕士论文,2007.5.1
[17]马涛.SSL VPN网关产品的设计与实现.电子科技大学硕士论文,2009.5.1
[18]马丽香.IPSec VPN与SSL VPN的对比.山西科技,2007.3.20
[19]张爱科,曾春.IPSec VPN与SSL VPN的对比研究.柳州职业技术学院,545006
[20]余胜生,欧阳长春.周敬利,等.访问控制技术在SSL VPN系统中的应用.华中科技大学学报,2006.7
[21]周敬和,曾海鹏.SSL VPN服务器关键技术研究.计算机工程与科学,2005第6期