A novel secure solution for remote access is proposed. Compared with the previous methods such as dial-up and vpn, our solution CSGW-RAS is quite new at using SSL for data transfer and GNU/Linux pseudo network device for data forward. It offers two important types of properties. One is security, which includes confidentiality, IP assigning and authentication, etc. We compare CSGW-RAS with IPSec VPN which is widely-used for its high security, by using a security risk index. The results shows that our solution is as secure as IPSec VPN. The other is simplicity. CSGW-RAS completely throws away the complexity both in deployment and in operation but is different with the so-called SSL VPN which is just a Web proxy. The security and performance analysis show that our solution is quite secure and easy-to-use with a little lost in efficiency which results from the handshake process but would not affect its whole performance.
[1]
Eric Rescorla,et al.
SSL and TLS: Designing and Building Secure Systems
,
2000
.
[2]
Gregory B. White,et al.
Secure Computers and Networks: Analysis, Design, and Implementation
,
2000
.
[3]
Craig Shue,et al.
Analysis of IPSec overheads for VPN servers
,
2005,
1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)..
[4]
Bruce Schneier,et al.
Ten Risks of PKI
,
2004
.
[5]
William Stallings.
Network and Internetwork Security: Principles and Practice
,
1994
.
[6]
S. V. Raghavan,et al.
Security in computer networks and distributed systems
,
1996,
Comput. Commun..