Based on SSL (Secure Sockets Layer) VPN (virtual private network) for remote secure access mechanisms to address the special security needs portal. As an access security mechanism, it will undoubtedly serve as a role of the patron saint of the site.
Portal system different from other business systems, it involves internal information and customer privacy and security issues are more exposed to all parts of the system or over the public Internet, security is very important.
In implementation must consider the legitimacy of data transmission security and access to Internet-based access. When building a unified portal platform, there is a need the following security: protect the security of data transmission over the Internet; inspection system access between the legitimacy and legality of the operation; recording the user's operation, easy to check and verify; protection website platform security, and avoid vicious attack or virus infection; timely update service system defects and virus database updates.
SSL VPN Access Security
In order to ensure internal and external gateway loose coupling mechanism extending internal staff office area, improve efficiency in addressing security access requirements, you must consider the following questions:
Provides an easy-to-use interface, easy user started quickly;
No pre-installed on the user side client software requirements, easy and practical to quickly solve;
You must be able to penetrate all types of network Firewall or Proxy equipment when working outside.
Therefore, the most appropriate solution to the above requirements are based SSL VPN (Secure Sockets Layer, Security Socket Layer) secure remote access solution, the program has the following characteristics:
It can achieve 128-bit data encryption to protect data from being stolen during transmission;
Support client certificate authentication, and can be used in combination USB Key, uniquely identify each client's legitimacy;
It supports multiple authentication methods, providing customers access to check the legality of;
It supports multiple License, protect customer privacy data can only be "correct" user access;
Support for multi-layer security control mechanism to protect the security of back-end servers;
No need to install any client, all access operations are realized through the browser, so it is user-friendly;
You can penetrate the Firewall or Proxy equipment.
Of course, IPSec VPN technology is deployed mainly used. Schedule for implementation of the two technologies was compared technologies and applications, by comparing the advantages and disadvantages of both technologies, choose more suitable VPN technology portal systems.
Use SSL VPN security solutions to protect access security system, and companies can also combine secure authentication system, by establishing a PKI authentication system to ensure that the identity of all kinds of personnel, resources, and prevent fraud and deny network behavior. Make full use of Secure Access SSL protocol, can be unified for the client access portal to provide a safe access.
Enterprise business systems generally have deployed a firewall, antivirus, IDS / IPS and other security system, SSL VPN systems can combine the existing safety facilities, together to improve system security. It is typically deployed behind a firewall, to take advantage of the powerful firewall protection. In the certification, SSL VPN and internal security authentication system combined, through PKI authentication system to ensure the identity of various personnel resources.
SSL VPN gateway is usually deployed at the network edge systems, SP (Service Provider) on the back of the router and firewall to provide SSL VPN access. SP product as a unified portal through a portal (portal) page will be external interface of each system into a unified management system, external Internet through the use of SSL encryption technology to safely open to the public a unified portal interface, access to back-office applications for the user is completely transparent. SP WEB between the user and the background played an encrypted tunnel server service in the form of all data flow through SSL encryption technology on transit in the SP, the data exchange between the user and the background completely confidential. SSL VPN will achieve efficient and seamless integration of internal business systems, it is possible to save the total cost of the company, making the site maintenance costs, information dissemination time reduced.
Unified portal system needs a simple operation to implement, easy to manage and maintain, no need to change the network structure, low operating costs of the program. SSL VPN SSL protocol is based on VPN technology, the biggest advantage is no need to install the client program, to support remote users basically do not need the IT department can be anywhere from any client installation to support SSL protocol browser security access to the unified portal, thereby minimizing cumbersome distribution and management of client software.
SSL VPN through the TCP 443 port as the only transmission channel, so administrators do not need to make complicated settings on the firewall Proxy equipment, not because of the needs of different systems modify the settings on the firewall, reducing system deployment costs and IT departments daily of management support costs.
SSL VPN inspection policy
Thanks to SSL SSL VPN technology, you can easily enjoy the high security features by PKI digital certificate authentication. Usually choose to install a client certificate for authentication, for each need to access SSL VPN assigned personal certificate, some of the above can be stored personal information, including name, company name, department, address, EMAIL address. When a client through a standard browser to access the portal site SSL VPN, SSL VPN Gateway Gateway checks the client certificate SP, check here can be divided into the following authentication methods:
Client certificate + username / password authentication: client certificates in check while still need to enter the SSL VPN client accounts and passwords, so you can achieve higher security.
+ Dynamic password authentication client: support dynamic password authentication, such as RSA SecrueID, SecureComputing etc., to provide greater security.
Client certificate + USB / Smart card authentication: client certificates stored in the USB KEY or a smart card inside, the user only has the hardware medium to log SSL VPN.