| With the rapid development of economy and the expanding of enterprise business and scale, many companies tend to apply a distributed structure where a headquarters sharing resources online with its several branches. Each branch usually uses the network of Intranet inside itself, and different branches need a secure way to transfer the enterprise information. Meanwhile, the headquarters also needs to interconnect the distributed network to realize the centralization of management. A traditional solution is to rent a private network. However, it may bring problems such as limited bandwidth, low-level security and high costs.The booming of the Internet has brought a lot of convenience for the communication of human beings and more and more devices has been accessing the Internet since the 1980 s and many companies realize crossing regional resource access via the Internet. Now that the Internet was constructed based on the Trust Model, it's necessary to introduce some certain mechanism to ensure security, thus a series of network security technologies such as firewall and Intrusion Detection System has come out. The Virtual Private Network(VPN), as one of them, aims to build a virtual encrypted tunnel on the public link, which can satisfy the secure tele-communication need of companies.So far there's various protocols coming out and the way to implement VPN is appearing thick and fast, including 2-layer protocol PPTP, L2 F and L2 TP and tunnel protocols based on IPSec and SSL. By comparing the three ways, it's seen that the first cannot satisfy the current security need for the reason of low-level encryption mechanism, which is just the strength of IPSec, but IPSec protocols also have the disadvantages of complex configuration and disability in NAT network. Tunnel protocols on SSL has proposed a compromise in security, flexibility and scalability.This paper designed and implemented a private tunnel protocol based on the virtual network interface card(VNIC), which adopted the advantages of both IPSec and SSL VPN. It's supported by the hardware device USB-Key in authentication and the open-source library Open SSL in data encryption. After going through a series of performance tests, the system based on the private protocol we designed performed well in network communication and it could satisfy the need both of transmission efficiency and data safety guarantee. So the protocol we designed is of great value both in theoretical research and actual practice. |
PDF Full Text Request