| At present, the Web access environment is becoming increasingly complex, and supervision of Web access content and behavior is becoming increasingly important. SSL ciphertext session monitoring can strengthen the construction of the audit system of online behavior, and provide efficient, safe and standardized Web access environment for the enterprise.Existing online behavior auditing products and open source projects were reviewed and compared to analyze the status of the current Web access and auditing approach, SSL (Secure Socket Layer) security protocol can provide a secure link for HTTP, but plaintext is a prerequisite for auditing. In order to improve the existing Web access auditing system so that it can monitor SSL information, this paper analyzed the SSL protocol standard document and protocols structure. It analyzed the differences and connections between the HTTP and HTTPS/SSL. The crack of encryption algorithm of SSL is unrealistic, it discovered that there are two ways for causes of HTTPS/SSL link. First:in the Web application, the browser URL is to locate resources, if we visit the site via https link, the server-side response via HTTP30X status, so that HTTP requests are redirected to HTTPS. Second: SSL web pages are enabled only when the users have access to sensitive information. In order to achieve the monitoring of the SSL security protocol, the SSL link, which is directly established, is intercepted intermediately by client gateway device between the Web application client and the requested Web application server. Client gateway SSL ciphertext session control procedures are to achieve two functions:First, to intercept the HTTP data without affecting the data displayed in a Web browser, second, to ensure the security of data transmission on the Internet. According to the functional requirements, this paper designed the SSL protocol monitoring solutions and completed the program. It also built a test environment, collected test cases, and analyzed the results. The actual test results showed that the design of SSL protocol monitoring system is reasonable and the program is feasible. |
PDF Full Text Request