|
1.INTRODUCTIONAt present, the construction of key systems such as graduate management, financial management, educational administration management and one-card has begun to take shape. With the further development of office automation (OA), more and more staff put forward the need to operate office computers on the Internet. There are also many software vendors that require remote operation of application system servers. Therefore, secure remote access is an urgent problem to be solved. After investigation, most colleges and universities have built VPN system to provide convenience for teachers and students to access the Intranet system outside the campus. However, complicated operation, repeated login and low efficiency are common. In recent years, there are also some schools to improve the user experience of remote access by teachers and students. The construction of WEBVPN remote access system allows users to access the school system after authentication in the browser. This measure does facilitate the remote access of users. However, the problems of too large scope of authority and weak security are more prominent. How to make teachers and students access the campus system quickly and conveniently under the premise of ensuring safety and reliability and clear authority, remote operation of office computers and servers is a hot issue in the field of remote access resources in colleges and universities. Under the background of the formal implementation of network security level protection 2.0, this paper investigates the Internet access technology of domestic universities. Combining with the strong demand of teachers and students in practical work, the paper puts forward a balanced strategy of intelligent VPN hierarchical management in colleges and universities. This is used to resolve the imbalance between user experience and network security during VPN use. 2.NETWORK SECURITY LEVEL PROTECTION 2.0At present, the information construction of all walks of life is in full swing, and the application of network information system in enterprises is more and more extensive. The state introduced the system of information security work, the strategy of network security level protection regulations, it aims to standardize the information security protection market, improve the level of information security protection. In 1999, China put forward the information system security protection grade standard. After that, it successively issued relevant information system security regulations. In 2007, “Information security level protection management measures” established level protection 1.0. In recent years, with the rapid development of information technology, big data, cloud computing, artificial intelligence and other new technologies have developed rapidly. The existing level of protection 1.0 no longer meets the requirements of the work. Therefore, in 2019, China officially released the network security level protection system 2.0, which marks China’s network security level protection into the 2.0 era. Compared with equal-insurance 1.0, equal-insurance 2.0 focuses more on active defense. The whole process of passive defense is safe and reliable, dynamic perception and comprehensive audit have realized the full coverage of traditional information system, basic information network, cloud computing, big data, Internet of things, mobile Internet and industrial control information system level protection objects. In addition to technical specifications, level protection 2.0 emphasizes the importance of network security management from five levels, including security management system, security management organization, security management personnel, security construction management, security operation and maintenance management. 3.THE CONCEPT OF VPNVirtual Private Network (VPN) is a virtual private network1-3. It can create a channel on a public network, after layers of encryption and authentication, this channel can guarantee the security of virtual space on the network. It is VPN technology4-6. VPNs originate from business requirements, requiring large amounts of data to be transferred between the headquarters and branches. Each branch needs access to the resources of the head office. Important data is not suitable for transmission over the Internet. If the physical dedicated line is set up, the cost is extremely expensive, and the line is easy to be destroyed, thus, VPN technology arises at the historic moment7. The network virtual channel established by VPN technology can be encrypted during information transmission8. This also ensures data privacy to a certain extent. VPNS do not require the re-establishment of specialized physical networks9. It requires very little investment and has very significant safety effects. 4.OAUTH2.0 UNIFIED IDENTITY AUTHENTICATION TECHNOLOGYOAuth (Open Authorization) protocol is an open standard. It is a complement to OpenID. It allows users to do so without providing a user’s name and password. Third-party applications can access their resources on a website, such as user nicknames, profile pictures and other information. OAuth2.0 authentication and authorization technology are based on OAuth protocol. It focuses on version upgrades for ease of development. Oauth2.0 authorized login allows users managed by the platform to securely log in to third-party applications or websites. User authentication (showing passwords or other authentication methods) is completed by the Oauth2.0 system without the intervention of third-party applications. After a user is authenticated, a third party can obtain the user’s interface invocation certificate (access_token). By using access_token, we can obtain the basic information of the current login user, the functions related to the user are implemented. The authorization process is shown in Figure 1.
5.REVERSE PROXY SERVICEA reverse proxy is a server that accepts connection requests from users on the network10. The request is then forwarded to the corresponding application service on the network and the results obtained from the application service are returned to the requesting user client on the network. In this case, the server acts as a reverse proxy server11-13. Users accessing web applications through proxy servers do not need to change any configuration. It just needs to visit the website normally. Common reverse proxy tools include HAProxy, Fikker, Squid, Nginx, etc. This paper mainly uses Nginx as a reverse proxy tool for research14. It identifies the target address status through user-defined configuration and dynamically directs Intranet sites. 6.THE BALANCING STRATEGY OF COMPLEX VPN HIERARCHICAL MANAGEMENT IS PROPOSEDAccording to the application requirements, a hierarchical management balancing strategy of intelligent VPN in colleges and universities is proposed under the condition of ensuring network security. This leads to solving the imbalance between user experience and network security guarantee in VPN use. The workflow is shown in Figure 2. It can be divided into client SSLVPN and WEBVPN according to VPN demand and crowd. The former has higher permissions and can remotely log in to an IP server or PC. The latter accesses campus resources directly through the web. 6.1WEBVPN workflow
6.2Client VPN workflow
7.CONCLUSIONAt present, the rapid development of information technology has put forward new requirements for our school’s information work. With the continuous expansion of enrollment and teaching scale, the multi-campus and multi-teaching site management mode is implemented through the implementation of intelligent VPN hierarchical management scheme. On the premise of ensuring network security, the problem of multi-campus access in campus network is solved. This enables campus users and users outside the campus to access various resources on the campus network through VPN channels anytime and anywhere, and ensures user identity authentication and data encryption transmission between campuses. The application of intelligent VPN hierarchical management balance strategy in campus network promotes the development of smart campus in our school. It has positive and beneficial significance in the process of school internal management and teaching activity management. ACKNOWLEDGEMENTThis research was financially funded by the Project of Hunan Development and Reform Commission (XFGTZ [2019] No. 412) and Industry-university-research Innovation Fund of China Universities, No.2020ITA07018. REFERENCESTang, P. Y., Li, G. C., Yu, G., et al.,
“Network communication security based on QS-KMS and VPN,”
Computer Engineering, 44
(12), 13
–7
(2018). Google Scholar
Wang, L., Feng, H. M., Liu, B., et al.,
“Research on SSL VPN encrypted traffic identification based on hybrid method,”
Computer Applications and Software, 36
(2), 315
–22
(2019). Google Scholar
Du, L. M.,
“Design and research of wireless campus Network based on SSL VPN technology,”
Journal of Jining Normal University,
(3), 30
–3
(2017). Google Scholar
Chen, H. Q., Zhang, L. J., Lai, Y., Y., et al.,
“Design and implementation of power security gateway based on SSL VPN technology,”
Electronic Design Engineering, 28
(13), 97
–100
(2020). Google Scholar
Muc, A., Muchowski, T., Murawski, L., et al.,
“Providing the ability of working remotely on local company server via VPN,”
Multidiplinary Aspects of Production Engineering, 3
(1), 195
–205
(2020). https://doi.org/10.2478/mape-2020-0017 Google Scholar
“VPN technology and application based on SSL protocol,”
Information & Computer,
(3), 146
–8
(2013). Google Scholar
Wang, Z. Y., Wireless Interconnection Technology, 21
–2
(2019). Google Scholar
He, Y.,
“Application of VPN technology in local area network,”
Computer Products and Circulation, 42
(05),
(2019). Google Scholar
Chen, Q. S.,
“Application analysis of virtual private network technology in computer network security,”
Science and Technology Innovation and Application,
(019), 177
–8
(2018). Google Scholar
Wang, Y. and Kong, C.,
“Application of reverse proxy Technology in Digital Campus,”
Information and Computers: Theoretical Edition,
(11), 195
–196
(2019). Google Scholar
Tan C., Tan, X., Hu, L., et al.,
“Dynamic weight load balancing algorithm based on nginx in cloud center,”
Journal of Chongqing University of Posts and Telecommunications: Natural Science Edition, 33
(6), 991
–998
(2021). Google Scholar
Huang, C. and Teng J.,
“Performance optimization of web-based course selection system based on reverse proxy server,”
Microcomputer Applications, 36
(10), 132
–134
(2020). Google Scholar
Liu, S. and Zhong, L.,
“A Load Balancing Algorithm for Web Cluster Based on Service Type,”
Journal of Wuhan University of Technology, 31
(19), 134
–136159
(2009). Google Scholar
Wei, M. and Wei, Y.,
“Load balancing of streaming media in network system,”
Journal of Wuhan University of Technology: Information and Management Engineering,
(4), 529
–532536
(2008). Google Scholar
|