With the development of mobile Internet technology, more and more people use smart mobile terminals, smart phones, tablet PCs, PDA and other products, through the Internet to deal with a variety of businesses. Employees at home or anywhere else in the office, the application needs to move jobs are increasing, they through mobile devices (such as smart mobile phone, smart tablet) to access the company network information processing application business work. As a result, enterprises and institutions put forward the need to secure access to the company's Intranet in the mobile state. How to make the mission staff of enterprises and institutions, branch personnel and home office staff can quickly and safely through the Internet network based remote access, remote processing and data to achieve a variety of business exchange, security access solutions is the core issue of mobile.
Overview of mobile secure access schemes
In order to meet the needs of many mobile users to access the corporate network interconnection needs, prevent security problems resulting directly from Internet users access, to solve the problem of data security in Internet transmission, XXX provides a comprehensive mobile access solution. Network structure as shown in Figure 1, users can according to their own network and business characteristics, select the following two ways:
·SSL VPN mode access, for different business use different clients, the current XXXVPN gateway support client has XXX, Topconnect, Topbrowser, SSLVpnClient.
·The IPSEC client mode access allows you to process all business data. At present, XXXVPN gateway supports IOS system and comes with IPSEC access in VPN. Android system can support some mobile phones with VPN IPSEC access, support for open source NCP software IPSEC access.
Figure 1
Advantages and features of mobile security access
Secure remote connections can be built through XXX, SSL tunnels or IPSEC tunnels between various clients and VPN. XXX can provide integrated devices, while supporting the two access methods, without the need for separate deployment, management of independent devices, you can get the highest flexibility and application access.
When SSL is used for mobile access, the client only needs to install the SSL client, and can access the intranet resources remotely in any position that can access the internet. The initiator first establishes the SSL tunnel through the client and the VPN gateway, after the strict authentication, the user may carry on the safe data transmission according to the beforehand assigned access control strategy. SSL access can handle most of the virtual applications, virtual desktops, OA, WEB and most other applications. SSL VPN can provide complete authentication, data encryption, Session protection, history information clearing and other security functions.
The IPSEC access mode has perfect remote access function, and can access the intranet resource completely. With IPSEC, users can access any application as if they were actually connected to the head office lan. However, many security features of the IPSEC protocol ensure the security of the data when accessing the system.
·Extend enterprise networks and Applications
Mobile security access can significantly expand the enterprise's network boundaries and application services, and greatly improve production efficiency. Such as OA, ERP, financial, internal mail, remote expansion and other business systems to provide a secure network interconnection platform.
·Providing mobile security access anytime, anywhere
XXX mobile security access scheme provides a variety of flexible access methods, namely: VPN access based on SSL and IPSEC protocol, as long as the Internet can reach the place where remote access can be carried out. At the same time, SSL standard and IPSEC protocol authentication, strong encryption attributes also ensures that the data in the transmission process can not be stolen and tampered with in connection based on user authentication, access control, application of user traffic audit and other aspects have corresponding safety measures.
·Providing integrated gateway of SSL and IPSEC, which is more flexible
XXX can provide integrated gateway device, support SSL and IPSEC two access methods, the most mainstream IPSec VPN absorption and SSL VPN respective advantages, so that the user has a wider range of functions to have one device at the same time, can choose a more appropriate way.
XXX mobile security products
XXX security mobile access program, IPSEC access client, the main use of intelligent terminal system comes with VPN, here is not introduced. SSL VPN mode access, mainly using XXX, self developed Topbrowser, Topconnect, SSLVpnClient. For the XXX SSL VPN itself, different access methods can be applied to different application scenarios.
TopBrowser is a combination of browser, SOCKS5 proxy server and SSLVPN port forwarding module to implement SSLVPN based security browser. The product is based on the SSLVPN port forwarding function, providing users with a built-in VPN security browser client. The APP supports iOS and Android systems. Support national secret agreement, national secret algorithm and special national secret hardware Key, support user name, password, certificate, double factor, hardware certificate, hardware certificate double factor, graphic authentication code, SMS authentication code authentication method. The APP access is only suitable for application access to B/S systems, such as CRM, OA, ERP, etc..
The following figure shows the topology of a typical TopBrowser application:
Figure 2 Topconnect provides SSLVPN Based Remote Desktop
TopConnect, XXXSSL VPN devices TopConnect function and terminal server to build mobile office platform, released in the form of Windows applications remotely, the system will be extended to work on individual PC or intelligent terminals, such as PC, iPad, through personal iPhone and Android tablet computer or smartphone convenient remote office mobile phone TopConnect, the data stored in the terminal on the server, only the control information and the screen keyboard mouse updates through the network transmission, TopConnect allows administrators to access to the specified user group allocation application. Various terminals of the user can access the service data center through XXXSSL VPN, and can access the platform quickly, providing users with the same user experience as the desktop operating system. The APP supports both iOS and Android systems. Support national secret agreement, national secret algorithm and special national secret hardware Key, support user name, password, certificate, double factor, hardware certificate, hardware certificate double factor, graphic authentication code, SMS authentication code authentication method.
SSLVpnClient is a mobile VPN client for SSLVPN full network access. The product is based on the SSLVPN full network access function, providing users with built-in VPN full network access client. The APP supports only the Android system. Support national secret agreement, national secret algorithm and special national secret hardware Key, support user name, password, certificate, double factor, hardware certificate, hardware certificate double factor, graphic authentication code, SMS authentication code authentication method. The APP access is not only suitable for application access of B/S systems, but also for application access of C/S systems.