Ssl Vpn Technology Based On The Identity Management Framework

The remote failure diagnosis technology is a test and diagnosis technology with network. It spans Internet, Intranet and LAN, testing and diagnosing locale equipment remotely.The security of communications in isomerous network is one of the pivotal technologies in the remote failure diagnosis system, which is the most important issue in this paper.After analyzing the security demand and several security technologies, a network security platform that supports multi SSL VPN nodes is designed. SSL VPN is a new VPN technology, which using SSL protocol to protect tunnel. SSL VPN technologies in being lack the central management mechanism. The authentication and authorization functions are simplex, which can't meet the needs of complex network applications. In allusion to these problems, this paper introduces identity management technology (IDM) into SSL VPN system. Using central control mechanism, it is able to heighten the security of SSL VPN in identity management, authentication and authorization.After analyzing the IDM framework, a light-weight IDM server based on relation-based database is designed by this paper. The IDM server manages the identity information centrally, introduces session management, audit management and other security mechanisms, and provides authentication, authorization and audit services. The IDM server supports the unique policy decision point. This could debase the disaccord of identity and policies, and predigest the work of policy change and maintenance. To resolve the problem of lacking certification management in SSL VPN, this paper introduces a PKI process model, which could award and manage certifications for users.IDM authentication service is used to improve the authentication in SSL VPN system. The authentication service supports different authenticate types by binding different certifications for each authenticate type. This could make users got different credit levels when they use different authentication types. The authentication service also supports security policy chain, which could accomplish particular management for SSL VPN's authentication after configuration.In allusion to lacking of fine-grained access control mechanism in SSL VPN, this paper analyses the principle of SSL VPN tunnel and designs an access control technology based on package filtering using IDM authorization service. Only the packages authorized by IDM server could pass through the VPN tunnel, which is able to protect resources in VPN network.In the end, we do validations of above technologies in IDM-based SSL VPN prototype system, which proves that the solution designed by this paper is able to resolve the problem of communication security in isomerous networks.