The Design And Implement Of Security Access Control In SSL VPN System Based On Virtual Network Interface Card

With the continually expanding of the network, one enterprise sometimes runs a lot of applications which is not always based on Web. Comparing with IPSec VPN, SSL VPN(Secure Socket Layer Virtual Private Network) has an inappreciable attention on advantage.Therefore, a SSL VPN architecture based on Virtual Network Interface Card(VNICB-SSL VPN) is proposed.The virtual Network Interface Card receives the coming packets and compresses, encodes , envelopes them which are according with the rules, then hand over them to the protocol stack and transmit via real Network Interface Card, it comes true that most TCP/UDP services can be supported.On the basis of the VNIC-SSL VPN, a Fine-Granularity secure Access Control system is designed according with the core ideas of Network Access Protection, Network Access Control and Role Based Access Control. The main idea of the system is that client downloads the secure list from server, and detects the firewall, anti-virus software, OS patch in client, then forms a secure report based on the detection result and sends to server.The server finds the group of the user whose name is included in the secure report, then obtains the corresponding resources, forms the resources list and rules library according to secure report and the secure requirement of each resource, then hands over them to the client.The client adds routes to Virtual Network Interface Card and makes IP rule library based on the access rule library handed down by the server.Dual secure access control system is realized associated with client and server end, while achieved port level of Fine-Granularity secure Access Control, and enhances the security greatly.Simultaneity, VNIC-SSL VPN supports multi-authentication mode, such as user name/password and validate code, user name/password and certificate, USB Key and short message cat.It accords dual authentication of client and server to make sure the validity of the user, and to clear local track information to guarantee the security of client.Testing indicates that the SSL VPN is simple and available after the improvement, which supports most applications, solves the problem of its application limited achieved port level of Fine-Granularity secure Access Control and enhances the security greatly. Keywords:SSL, VPN, access control, security state, authentication...