Research On Remote Access Control Platform Based On SSL VPN

Nowadays, there are a large number of network attacks on the internet. On one hand, Our company has to defend the network attacks, On the other, we also need to get the remote access platform open to the partners and those staff who are on business trip. Through this platform, the staff can do the normal work as usual and the partners are also able to learn about the internal situation of the company. SSL VPN is a good solution to the problems above. Compared with other VPN (Virtual Private Network), like Ipsec VPN, the biggest advantage of SSL VPN is fine-grained control. This feature is based on the definition of the resource, the resources which users can access can be defined as a URL, a port or a host in SSL VPN,. The fine-grained control is mainly used in Access Control and Flow Control.Based on the analysis of the existing implementation technology of SSL VPN, following two aspects of work is completed:1. This paper proposes a dynamic role-based access control method for SSL VPN. A data detection module is configured at the server side of SSL VPN , this module will detect the illegal access of users logged in SSL VPN system. The detection results will be fed back to the dynamic access control. Then the dynamic access control module will adjust the access control policy based on the detection results and a hierarchical recycling method is proposed to recycle user's permissions. The test results show that the proposed method can make the permissions assignment more reasonable and ensure the safety of the SSL VPN system.2. A priority– based flow control method is proposed to protect the access of important users and the access for important resources (SSL tunnels). Priority Weight is attached to each user and each resource. The system will first protect the user or resource which has heavy priority weight. This can be completed by adjusting the data window which is used to cache the data in the user's corresponding SSL tunnel.