| With the development and popularization of Web applications, SSL VPN (Secure Sockets Layer Virtual Private Networks) as a new security technology is much welcomed because of its briefness,cheapness,secure and trustiness. This paper presents an overall framework for SSL VPN gateway, with emphasis on Cookie-based security authentication and analyzing the performance.At the beginning, this paper gives a brief introduction to the current application and the intriguing prospect of VPN technology and a general method of VPN implementation as well, which is adopting some widely-used tunneling protocols; it then puts some more emphasis on the introduction to the SSL/TLS tunneling protocols used by SSL VPN, some brief descriptions of which are also given afterwards. Further, this paper gives a detailed explanation about the overall framework of SSL VPN gateway, with a following heavy discussion on security authentication, including an introduction to secure problems on the Cookie-based authentication in SSL VPN gateway and proposing solution with the combination of the internal Cookie management and the external Cookie management. The method solved secure problems on the Cookie-based authentication in SSL VPN gateway, such as revealing information, altering data, brute force attack, and so on. Finally, this paper gives a detailed described about the design of the external Cookie management and analyzing the performance. |
PDF Full Text Request