基于USBkey認(rèn)證的SSL VPN網(wǎng)絡(luò)的設(shè)計(jì)與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-12-27 09:03
【摘要】:隨著信息網(wǎng)絡(luò)化程度的加深和互聯(lián)網(wǎng)規(guī)模的不斷擴(kuò)張,企業(yè)對(duì)遠(yuǎn)程安全訪問的需求將越來越凸顯,而其自身原有的專用網(wǎng)已經(jīng)不能很好地滿足這方面的迫切需求。如果是采用傳統(tǒng)的VPN解決方案的話,企業(yè)需要對(duì)現(xiàn)有的網(wǎng)絡(luò)進(jìn)行大量的改造工作,既費(fèi)時(shí)又費(fèi)錢。SSL VPN作為一種發(fā)展成熟的網(wǎng)絡(luò)技術(shù),,具有很好的兼容性,能輕松地實(shí)現(xiàn)與企業(yè)已經(jīng)存在的或即將構(gòu)建的SSL VPN網(wǎng)絡(luò)平滑擴(kuò)充,而不再需要進(jìn)行大量的改變和復(fù)雜的研發(fā)。同時(shí)還擁有部署便捷、使用簡單、擴(kuò)展性強(qiáng)以及維護(hù)成本較低等特點(diǎn),尤其能很好地滿足遠(yuǎn)程辦公、離散的分支機(jī)構(gòu)接入等需求。而且SSL VPN擁有更加強(qiáng)大的控制能力,能夠?qū)崿F(xiàn)細(xì)粒度的應(yīng)用權(quán)限劃分,其數(shù)據(jù)傳送機(jī)制是采用了一系列加密技術(shù)后封裝轉(zhuǎn)發(fā),站在整個(gè)網(wǎng)絡(luò)辦公平臺(tái)安全性的角度來講,其安全系數(shù)也更高。 針對(duì)企業(yè)專用網(wǎng)絡(luò)中敏感數(shù)據(jù)通信的需求,本文詳細(xì)地研究了基于USBkey認(rèn)證的SSL VPN網(wǎng)絡(luò)的性能和特點(diǎn),以建設(shè)內(nèi)蒙古通遼市中電投蒙東能源公司的SSL VPN網(wǎng)絡(luò)系統(tǒng)為實(shí)例,介紹了本設(shè)計(jì)涉及到的關(guān)鍵技術(shù)和相關(guān)理論,包括VPN、SSL VPN、USBkey和數(shù)字證書技術(shù),詳細(xì)論述了該系統(tǒng)的需求分析、網(wǎng)絡(luò)結(jié)構(gòu)以及主要設(shè)備的選型和配置工作等。在身份強(qiáng)制認(rèn)證方式上,本文闡述了以常見的Windows操作平臺(tái)為基礎(chǔ),利用成熟的USBkey技術(shù)完成身份認(rèn)證的具體過程,該方案成本較低、安全性高、易用性強(qiáng),大幅提升了企業(yè)用戶身份認(rèn)證的可靠性和便捷性,進(jìn)一步增強(qiáng)了企業(yè)的核心競爭力。 本文將SSL VPN技術(shù)與USBkey技術(shù)相結(jié)合,在該方案中選用的是“零客戶端”的SSL VPN網(wǎng)絡(luò),用戶只需要通過瀏覽器就能遠(yuǎn)程訪問到企業(yè)的內(nèi)網(wǎng),兼顧考慮企業(yè)的經(jīng)費(fèi)投入和技術(shù)實(shí)力,采用主流的浪潮服務(wù)器搭建企業(yè)的CA中心,選擇Sangfor VPN-2050網(wǎng)關(guān)來構(gòu)建企業(yè)的SSL VPN網(wǎng)絡(luò),使用海泰方圓公司的Haikey作用用戶的USBkey,實(shí)現(xiàn)了對(duì)企業(yè)內(nèi)部資源的全方位保護(hù),為用戶提供安全、可靠、高效的遠(yuǎn)程訪問環(huán)境。目前該系統(tǒng)已經(jīng)正式運(yùn)行了一年多,證明了設(shè)計(jì)方案的可行性。
[Abstract]:With the deepening of information networking and the continuous expansion of the scale of the Internet, the demand for remote security access by enterprises will become more and more prominent, and its original private network can no longer meet the urgent needs in this respect. If the traditional VPN solution is adopted, the enterprise needs to do a lot of renovation work on the existing network, which is time-consuming and expensive. As a mature network technology, it has good compatibility. It is easy to implement smooth expansion of SSL VPN networks existing or about to be built with enterprises without the need for a large number of changes and complex R & D. At the same time, it has the advantages of convenient deployment, simple use, strong expansibility and low maintenance cost, especially it can meet the needs of remote office, discrete branch access and so on. Moreover, SSL VPN has more powerful control ability and can realize fine-grained application privilege division. Its data transmission mechanism is to use a series of encryption technology to encapsulate and forward, and stand in the view of the security of the entire network office platform. Its safety factor is also higher. Aiming at the demand of sensitive data communication in enterprise private network, this paper studies the performance and characteristics of SSL VPN network based on USBkey authentication in detail, taking the construction of SSL VPN network system in Tongliao City of Inner Mongolia as an example. This paper introduces the key technologies and related theories involved in this design, including VPN,SSL VPN,USBkey and digital certificate technology, and discusses in detail the requirement analysis of the system, the network structure, the selection and configuration of the main equipment and so on. On the way of identity compulsory authentication, this paper expounds the concrete process of identity authentication based on common Windows operating platform and mature USBkey technology. This scheme has the advantages of low cost, high security and easy to use. It greatly improves the reliability and convenience of enterprise user identity authentication, and further strengthens the core competitiveness of enterprises. In this paper, SSL VPN technology is combined with USBkey technology. In this scheme, the SSL VPN network of "zero client" is chosen. The user can access the intranet of the enterprise remotely only through the browser, taking into account the investment and technical strength of the enterprise. Using the mainstream tide server to build the CA center of the enterprise, choosing the Sangfor VPN-2050 gateway to construct the SSL VPN network of the enterprise, using the USBkey, of the Haikey of Haitai Fangyuan Company to realize the all-around protection of the internal resources of the enterprise. Provide users with a secure, reliable and efficient remote access environment. At present, the system has been running for more than a year, which proves the feasibility of the design.
【學(xué)位授予單位】:吉林大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.1
[Abstract]:With the deepening of information networking and the continuous expansion of the scale of the Internet, the demand for remote security access by enterprises will become more and more prominent, and its original private network can no longer meet the urgent needs in this respect. If the traditional VPN solution is adopted, the enterprise needs to do a lot of renovation work on the existing network, which is time-consuming and expensive. As a mature network technology, it has good compatibility. It is easy to implement smooth expansion of SSL VPN networks existing or about to be built with enterprises without the need for a large number of changes and complex R & D. At the same time, it has the advantages of convenient deployment, simple use, strong expansibility and low maintenance cost, especially it can meet the needs of remote office, discrete branch access and so on. Moreover, SSL VPN has more powerful control ability and can realize fine-grained application privilege division. Its data transmission mechanism is to use a series of encryption technology to encapsulate and forward, and stand in the view of the security of the entire network office platform. Its safety factor is also higher. Aiming at the demand of sensitive data communication in enterprise private network, this paper studies the performance and characteristics of SSL VPN network based on USBkey authentication in detail, taking the construction of SSL VPN network system in Tongliao City of Inner Mongolia as an example. This paper introduces the key technologies and related theories involved in this design, including VPN,SSL VPN,USBkey and digital certificate technology, and discusses in detail the requirement analysis of the system, the network structure, the selection and configuration of the main equipment and so on. On the way of identity compulsory authentication, this paper expounds the concrete process of identity authentication based on common Windows operating platform and mature USBkey technology. This scheme has the advantages of low cost, high security and easy to use. It greatly improves the reliability and convenience of enterprise user identity authentication, and further strengthens the core competitiveness of enterprises. In this paper, SSL VPN technology is combined with USBkey technology. In this scheme, the SSL VPN network of "zero client" is chosen. The user can access the intranet of the enterprise remotely only through the browser, taking into account the investment and technical strength of the enterprise. Using the mainstream tide server to build the CA center of the enterprise, choosing the Sangfor VPN-2050 gateway to construct the SSL VPN network of the enterprise, using the USBkey, of the Haikey of Haitai Fangyuan Company to realize the all-around protection of the internal resources of the enterprise. Provide users with a secure, reliable and efficient remote access environment. At present, the system has been running for more than a year, which proves the feasibility of the design.
【學(xué)位授予單位】:吉林大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.1
【參考文獻(xiàn)】
相關(guān)期刊論文 前9條
1 李中獻(xiàn),詹榜華,楊義先;一種基于智能卡的公鑰認(rèn)證方案[J];北京郵電大學(xué)學(xué)報(bào);1999年01期
2 謝慧;王魯達(dá);張澎;;雙因素身份認(rèn)證令牌驗(yàn)證的SSL VPN應(yīng)用網(wǎng)關(guān)研究與設(shè)計(jì)[J];湘南學(xué)院學(xué)報(bào);2008年05期
3 劉淳;張鳳元;張其善;;基于智能卡的RSA與ECC算法的比較與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與應(yīng)用;2007年04期
4 張鑫;李方偉;潘春蘭;;一種增強(qiáng)的基于智能卡的遠(yuǎn)程身份鑒別方案[J];計(jì)算機(jī)應(yīng)用;2009年04期
5 朱廣堂;陳lm新;;一種基于智能卡的網(wǎng)絡(luò)安全訪問控制模型[J];計(jì)算機(jī)應(yīng)用研究;2006年09期
6 曹U
本文編號(hào):2392824
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2392824.html
最近更新
教材專著
