| With the rapid development of electronic commerce, the security problem of network becomes more and more serious. Nowadays, the loss concerning the security problem of network is huge annually, and the funds devoted for resolving the security problem of network is also more and more, so the demand for network security is gradually increasing. Subsequently the related technology of VPN and product gain fast development soon.VPN is technology which use the cryptogram knowledge establishing a virtual private network in the environment of open public networks. IPSec VPN and SSL VPN are used mostly two VPN technology and products currently. IPSec VPN works in the network layer, whereas SSL VPN works in security socket layer. IPSec VPN protocol provides satisfactory security, authentication and authorization services with high capability. It can be applied in complicated transparent networks with high usability and feasibility. SSL VPN has just come out for few years and been researched by few institutions and companies with different realization methods.Firstly, this text introduces the system structure, the content of protocol and the principles of work of IPSec VPN and SSL VPN. Then, building the IPSec VPN and SSL VPN respectively through the open source software OpenSWAN and Open VPN, and analyzes separately the security protocol used by the two VPN system in the Linux and Windows platform. The main innovation of this text is transplant of SSLDump during the coure of protocol analyzation, the related tools packages required to support are the development package of Libpcap and the installation package of TcpDump, the development package of Winpcap and the source code package of Winpcap and the installation package of Winpcap and the source code package of Openssl, certain modification of its source code in the environment of Virual C Plus Plus 6.0 of Windows platform, resetting of some related environment variant of Virual C Plus Plus 6.0, and then using the executable file SSLDump.exe to analyze the protocol of SSL VPN in the environment of DOS. By the research about protocol analyzation in this topic, this article analyzes and illuminate from their degree of system structure's complexity and capability of network security, summarizes: the advantage of IPSec VPN is that it can build up the safe tunnel, has the function of authentication and managements of popedom, and the disadvantage is that it has the weaker function of antivirus inbreak, restricted way of getting to the Internet and research about security strategy is not perfect; the advantage of SSL VPN is that it can also build up the safe tunnel, has the function of anti-Dos attack and stronger antivirus inbreak and stronge access control, the way of getting to the Internet is free from the limit, the disadvantage is it is only applicable to the application of Web. In the end, the expection to the development of VPN is given. |
PDF Full Text Request