【作者】 李俊岗；

【导师】 李翔；

【作者基本信息】 上海交通大学 ， 计算机信息安全， 2006， 硕士

【摘要】 SSL VPN的发展对现有SSL应用是一个补充,它增加了公司执行访问控制和安全的级别和能力。SSL VPN还对那些因为使用远程访问应用系统而降低公司安全性的企业有所帮助。从属性上讲,拨号可以保证相对安全性,因为特定的电话线可以确认用户的身份。客户端/服务器和旧版本的VPN自身也拥有一定级别的安全保障能力,因为客户端软件是需要安装的。但是,以这样的安全策略和属性,不可否认,黑客入侵、安全威胁、身份欺诈呈增长趋势。现在,使用SSL VPN,安全特性已经发生了改变,人们可以通过浏览器访问应用程序。SSL VPN的价值包括许多方面,最主要的是提高访问控制能力,安全易用以及高额的投资回报率。访问控制SSL VPN对访问控制更加有效,因为实施了用户集中化管理。所有的远程访问都是通过SSL VPN控制台进行控管,这样可以更加有效的监控用户使用权限,这些用户可能是公司内部员工,合作伙伴或客户。所有访问被限制在应用层,而且可以将权限细分到一个URL或一个文件。而使用IPSec VPN,安全权限只局限到网络。SSL VPN不需要复杂的客户端支撑,这就易于安装和配置,明显降低成本。IPSec VPN需要在远程终端用户一方安装特定设备,以建立安全隧道,而且很多情况下在外部(或非企业控制)设备中建立隧道相当困难。另外,这类复杂的客户端难于升级,对新用户来说面临的麻烦可能更多,如系统运行支撑问题、时间开销问题、管理问题等。IPSec解决方案初始成本较低,但运行支撑成本高。如今,已有SSL开发商能提供网络层支持,进行网络应用访问,就如同远程机器处于LAN中一样;同时提供应用层接入,进行Web应用和许多客户端/服务器应用访问。总而言之,在关键任务环境中证明了该项技术的成熟性和可靠性。SSL VPN在企业应用中将起到无可估量的作用,但如何部署利用对于一般没有专业的技术人员的企业而言,又有些可望不可及,同时成本问题也是制约企业的一个重要因素。本文设计并实现了一个这样一个软的SSL VPN系统。此系统是一个廉价的甚至于免费的系统,而且最重要的是此系统也是一个便于部署便于管理的SSL VPN系统。安装管理人员只需要有一般的SSL VPN知识即可进行安装(如同一般的WINDOWS软件安装程序)和部署,同时有标准的Windows图形界面用于管理SSL VPN系统。本文的研究内容主要有以下了几个方面:研究目前世界上流行的SSL VPN概念和内容,设计一个适合中国中小企业的,特别是中国中小企业在安装部署维护上能够承受的SSL VPN网络系统。研究目前国际中最新的开源项目OpenSSL和OpenVPN,利用这两个开源项目代码,构建一个软的SSL VPN系统。最后结合以上两项成果,具体创建一个标准Windows软件用于管理配置SSL VPN系统。这是一个有标准Windows图形界面的软件,对于配置管理SSL VPN系统非常简单,便于普通的系统管理人员维护管理SSL VPN系统。更多还原

【Abstract】 The development of SSL VPN to the existing SSL application is a supplement, it increased the company to carry out the access control and the safe rank and the ability. SSL VPN also have the help to there enterprise which reduce the company’s secure enterprise because of uses the long-distance access application system. In the subordinate says, the digit dialing may guarantee the relative security, because the specific telephone line may confirm the user the status. The C/S system and old edition VPN oneself also has the certain rank the safety control ability, because customer end software is needs to install. But, by such security policy and the attribute, incontestable, the hacker invades, the safe threat, the status cheat assumes the growth tendency. Now, used SSL VPN, the security feature has already had the change, the people may through the browser visit application procedure.SSL VPN’s value including many aspects, most main sharpens the access control ability, the security, easy to use and the high investment repayment rate.Access control of SSL VPN is more effective to the access control, because it has implemented the user centralization management. All long-distance access all are control bench carry on through SSL VPN control the tube, so that it can monitor user use authorities more effective, these users possibly be the company interior staff, the partner or the customer. All access are limited in the application level, moreover may subdivide the authorities to URL or a document.But uses IPSec VPN, the authorities of security only limit the network.SSL VPN does not need the complex client software, this is easy to install and the disposition, obviously reduces the cost. IPSec VPN needs in a remote terminal user installment specific equipment, to establish the security pipe, moreover in very many situations (or non-enterprise controls) in the equipment in exterior to establish the pipe to be quite difficult. Moreover, this kind of complex client software are difficulty with promotes. To the new user said faced with the trouble are possibly more, like system support question, time expenses question, and management question and so on. IPSec VPN’s solution initial cost lower, but the movement strut cost is high. Now, had the SSL developer to be able to provide the network layer support, carries on the network application access, is similar to the long-distance machine to be in LAN to be same; simultaneously provides application layer turns on, carries on the Web application and many C/S applications access.In brief, it is proven this technical maturation and the reliability in the essential duty environment. SSL VPN will play the role in the enterprise application which will not have may estimate. But to enterprise which does not have the specialized technical personnel, deployed the use regarding is too difficult. And the cost question also is restricts the enterprise a important reason.I designed and realized this kind of soft SSL VPN system in this article. This system is an inexpensive even free system, most importantly moreover this system also is advantageous for the deployment to be advantageous for management SSL VPN system. The administrative personnel only needs to have general SSL VPN knowledge then to carry on the installment (to be similar to general Windows software installation procedure) and the deployment, simultaneously has the standard the Windows graphical interface to use in to manage SSL VPN system.Below this article research content mainly had several aspects: Research at present in world popular SSL VPN concept and content, designs to suit mid- and small-scale enterprise China, specially mid-and small-scale enterprise China which can withstand in the installment deployment maintenance the SSL VPN network system.Research at present international center newest opens source project OpenSSL and OpenVPN, uses these two open source project code, constructs soft SSL VPN system.Finally unifies above two achievements, specifically founds standard Windows software to use in to manage and config SSL VPN system. This is a standard Windows graphical interface software, manages and config SSL VPN system to be extremely simple, it is advantageous for the ordinary system administration personnel to maintain manages SSL VPN system.更多还原