| SSL VPN is one of the VPN technologies, which is used to protect the data ofenterprise in the secure remote access system. Compared with the complex IPsecVPN, SSL VPN is easy to configure. Nowadays, SSL VPN is becoming the mostimportant mode of secure remote access system in commercial field. Traditional SSLVPN is only used to ensure the users which access the enterprise network have beenauthorized by the identity authentication. But SSL VPN do not consider whether theendpoints are secure. If the endpoints are not secure, e.g. carrying Virus or Trojans,when they access the enterprise network, the Virus or Trojans may steal important datathrough the endpoints. The illegal behavior may also threaten the security of the wholenetwork. TNC architecture is one of the technologies for interoperable network accesscontrol and authorization. The integrity measurements are used as evidence of thesecurity posture of the endpoint so access control solutions can evaluate it. Nowadays,TNC architecture has been developed in the LAN or VLAN successfully, but it isscarce existing in the remote access system. The purpose of “A Study on SSL VPNsystem supporting TNC” is to use the TNC technology in SSL VPN system, ensure theidentity and integrity of endpoint complying with the policy of enterprise network.The thesis is organized as follows: Firstly, we introduce the TNC architecture andSSL VPN technology. Secondly, we analysis the TLS protocol, which is the underlyingprotocol of SSL VPN, and extend the TLS protocol to enable it carrying EAP messages.We design a SSL VPN system which support TNC architecture based on OpenVPN,FreeRADIUS and TNC@FHH. Thirdly, we redesign the IMC/IMV pairs to check theintegrity of BIOS, the integrity of BOOTLOADER and check whether the systemconfiguration is complying by the rules. At last, with the examination, the SSL VPNsystem is properly worked. In the system, not only the identity of endpoint isauthorized, but also the endpoint’s behavior is legal. |
PDF Full Text Request