Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ SSL VPN SSL VPN access to security websites patron     - Linux cut Command Study Notes (Linux)

- SSH without password (Linux)

- How to use Linux iptables tool for network sharing (Linux)

- Java rewrite the hashcode method (Programming)

- Linux Task Scheduler (at, crontab) (Linux)

- CentOS7 boot systemd introduction and use of management (Linux)

- Linux Network Programming - non-blocking program (Programming)

- Git and GitHub use of Eclipse and Android Studio (Programming)

- Use Mop monitor stock prices at the Linux command line (Linux)

- Security Knowledge: redirection command application security (Linux)

- How to create a bootable USB disk to use MultiSystem on Ubuntu (Linux)

- CMake Quick Start Tutorial (Linux)

- Open remote MySQL database connection managed under CentOS (Database)

- MongoDB relations, references, index query coverage (Database)

- Hibernate Search and Lucene quick introduction (Linux)

- Ubuntu users to install household financial management tools HomeBank 5.0.0 (Linux)

- Performance Optimization: Using Ramlog transfer log files to memory (Linux)

- Use mdadm tool to create software RAID 0 (Linux)

- Linux argument references and command substitution (Linux)

- CentOS 6.4 (64bit) install Python 2.7.5 (Linux)

 
         
  SSL VPN SSL VPN access to security websites patron
     
  Add Date : 2018-11-21      
         
         
         
  Based on SSL (Secure Sockets Layer) VPN (virtual private network) for remote secure access mechanisms to address the special security needs portal. As an access security mechanism, it will undoubtedly serve as a role of the patron saint of the site.

Portal system different from other business systems, it involves internal information and customer privacy and security issues are more exposed to all parts of the system or over the public Internet, security is very important.

In implementation must consider the legitimacy of data transmission security and access to Internet-based access. When building a unified portal platform, there is a need the following security: protect the security of data transmission over the Internet; inspection system access between the legitimacy and legality of the operation; recording the user's operation, easy to check and verify; protection website platform security, and avoid vicious attack or virus infection; timely update service system defects and virus database updates.

SSL VPN Access Security

In order to ensure internal and external gateway loose coupling mechanism extending internal staff office area, improve efficiency in addressing security access requirements, you must consider the following questions:

Provides an easy-to-use interface, easy user started quickly;

No pre-installed on the user side client software requirements, easy and practical to quickly solve;

You must be able to penetrate all types of network Firewall or Proxy equipment when working outside.

Therefore, the most appropriate solution to the above requirements are based SSL VPN (Secure Sockets Layer, Security Socket Layer) secure remote access solution, the program has the following characteristics:

It can achieve 128-bit data encryption to protect data from being stolen during transmission;

Support client certificate authentication, and can be used in combination USB Key, uniquely identify each client's legitimacy;

It supports multiple authentication methods, providing customers access to check the legality of;

It supports multiple License, protect customer privacy data can only be "correct" user access;

Support for multi-layer security control mechanism to protect the security of back-end servers;

No need to install any client, all access operations are realized through the browser, so it is user-friendly;

You can penetrate the Firewall or Proxy equipment.

Of course, IPSec VPN technology is deployed mainly used. Schedule for implementation of the two technologies was compared technologies and applications, by comparing the advantages and disadvantages of both technologies, choose more suitable VPN technology portal systems.

System Deployment

Use SSL VPN security solutions to protect access security system, and companies can also combine secure authentication system, by establishing a PKI authentication system to ensure that the identity of all kinds of personnel, resources, and prevent fraud and deny network behavior. Make full use of Secure Access SSL protocol, can be unified for the client access portal to provide a safe access.

Enterprise business systems generally have deployed a firewall, antivirus, IDS / IPS and other security system, SSL VPN systems can combine the existing safety facilities, together to improve system security. It is typically deployed behind a firewall, to take advantage of the powerful firewall protection. In the certification, SSL VPN and internal security authentication system combined, through PKI authentication system to ensure the identity of various personnel resources.

SSL VPN gateway is usually deployed at the network edge systems, SP (Service Provider) on the back of the router and firewall to provide SSL VPN access. SP product as a unified portal through a portal (portal) page will be external interface of each system into a unified management system, external Internet through the use of SSL encryption technology to safely open to the public a unified portal interface, access to back-office applications for the user is completely transparent. SP WEB between the user and the background played an encrypted tunnel server service in the form of all data flow through SSL encryption technology on transit in the SP, the data exchange between the user and the background completely confidential. SSL VPN will achieve efficient and seamless integration of internal business systems, it is possible to save the total cost of the company, making the site maintenance costs, information dissemination time reduced.

Unified portal system needs a simple operation to implement, easy to manage and maintain, no need to change the network structure, low operating costs of the program. SSL VPN SSL protocol is based on VPN technology, the biggest advantage is no need to install the client program, to support remote users basically do not need the IT department can be anywhere from any client installation to support SSL protocol browser security access to the unified portal, thereby minimizing cumbersome distribution and management of client software.

SSL VPN through the TCP 443 port as the only transmission channel, so administrators do not need to make complicated settings on the firewall Proxy equipment, not because of the needs of different systems modify the settings on the firewall, reducing system deployment costs and IT departments daily of management support costs.

SSL VPN inspection policy

Thanks to SSL SSL VPN technology, you can easily enjoy the high security features by PKI digital certificate authentication. Usually choose to install a client certificate for authentication, for each need to access SSL VPN assigned personal certificate, some of the above can be stored personal information, including name, company name, department, address, EMAIL address. When a client through a standard browser to access the portal site SSL VPN, SSL VPN Gateway Gateway checks the client certificate SP, check here can be divided into the following authentication methods:

Client certificate + username / password authentication: client certificates in check while still need to enter the SSL VPN client accounts and passwords, so you can achieve higher security.

+ Dynamic password authentication client: support dynamic password authentication, such as RSA SecrueID, SecureComputing etc., to provide greater security.

Client certificate + USB / Smart card authentication: client certificates stored in the USB KEY or a smart card inside, the user only has the hardware medium to log SSL VPN.
     
         
         
         
  More:      
 
- Ubuntu: HDF5 error: HDF5 header version does not match with the HDF5 library (Linux)
- systemd-nspawn Quick Guide (Linux)
- Nginx log cutting and MySQL script regular backup script (Server)
- After you change the GRUB boot disk partition repair (Linux)
- Python context managers (Programming)
- How to choose the correct HTTP status code (Server)
- Handle large data problems Bit-map method (Programming)
- How to use the tab in Vim carried Python code completion (Linux)
- Linux systems for entry-learning - Install Go language in Linux (Linux)
- Common Linux system performance monitoring command (Linux)
- Linux user login and IP restrictions (Linux)
- GCC library link order problems (Programming)
- Linux development management utility command (Linux)
- Linux beginners should know 12 commands (Linux)
- Redhat 5 prohibit IPv6 (Linux)
- A brief description of Java 8 new features introduced syntax (Programming)
- HTTP and HTTPS request response process difference (Linux)
- secureCRT remote login Linux must first open the connection protocol (Linux)
- Getting Started with Linux system to learn: how to check the version of SSH on Linux (Linux)
- Teach you how to synchronize Microsoft OneDrive in Linux (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.