VPN技术在现代通信领域的应用分析

VPN技术是现在社会的最佳选择,有较强的安全性和可靠性,本文对VPN技术进行阐述,分析VPN技术在现代通信领域的应用。     

基于SSL协议的VPN技术

首先介绍SSL协议通信过程,接着分析了SSL协议的安全性及加密技术,然后概述了VPN,包括VPN的定义、特点及分类,最后说明了基于SSL协议的VPN技术的工作原理、设计、特性及优点.     

浅析基于SSL协议的VPN技术

首先介绍SSL协议通信过程,接着分析了SSL协议的安全性及加密技术,然后概述了VPN,包括VPN的定义、特点及分类,最后说明了基于SSL协议的VPN技术的工作原理、设计、特性及优点.     

通道捆绑在VPN技术中的应用

文章首先分析了VPN技术的工作原理以及工作的抑郁,随后针对通道捆绑技术在VPN技术中的运用进行了详细的分析,从某种方面而言,提高了在区域局域网中网络使用的安全性,进而在一定程度上提高了VPN技术的实际操作的能力。     

MPLS VPN安全性及其在青海电力调度数据网中的应用研究

本文主要就MPLS VPN安全性及其在青海电力调度数据网中的应用展开分析和研究,来提高MPLS VPN安全性,为各个地区做好示范作用,保证电力调度作业高效进行,增加电力调度数据网络体系的安全性和稳定性.     

浅析数据远程VPN解决方案

数据远程VPN提高了组网的安全性,为了设计出典型的VPN组网方案,本文以IPSec VPN为研究对象,结合IPSec VPN独立和模块化的两种组网方式,设计出两种典型的IPSec VPN的组网解决方案:大型公司的专线组网方案和无线3G的VPN组网方案。两种设计方案根据实际应用场景和市场组网需要,提供高安全性的专线VPN网络。     

基于IP隧道的MPLS VPN

本文首先介绍了MPLS VPN的工作机制及本地IP骨干网,然后主要分析比较了MPLS包封装在IP隧道中的各种技术方案并指出适合MPLS VPN的技术方案,提出了多隧道机制下的性能交换机制,最后对MPLS VPN安全性作了阐述。     

虚拟专用网络技术的应用

本文将简述虚拟专用网络技术的特点,并针对校园网VPN系统进行了实现,包括最大并发数和服务器性能等测试,最后对构建的校园网VPN系统进行了安全性分析。     

VPN技术在五小车辆养路费征稽系统中的应用

阐述了VPN技术的基本性能，分析了VPN技术在五小车辆养路费征稽系统中的应用方法．并介绍了征稽系统的功能与安全性策略。     

MPLS VPN安全问题探讨

首先指出MPLS VPN可能受到的安全威胁，然后分析了三层VPN、二层VPN在数据面、控制面和管理面上传送信息的安全性，提出目前在网络上可以采用的安全措施。     

基于IPsec VPN的实现

介绍VPN的基础和实现,并比较了常规与基于IPsec的VPN特性及技术。通过研究IPsec,我们提出了设计端-端VPN系统用IPsec的安全关联SA的做法,而分析它的安全特性。     

Policy-based IPsec management

Security is vital to the success of e-commerce and many new valued-added IP services. As a consequence, IPsec is an especially important security mechanism in that it provides cryptographic-based protection mechanisms for IP packets. Moreover, in order for IPsec to work properly, security policies that describe how different IP packets are protected must be provisioned on all network elements that offer IPsec protection. Since IPsec policies are quite complex, manually configuring them on individual network elements is inefficient and therefore infeasible for large-scale IPsec deployment. Policy-based IPsec management strives to solve this problem: Policy-based management employs a policy server to manage a network as a whole; it translates business goals or policies into network resource configurations and automates these configurations across multiple different network elements. Policy-based IPsec management significantly simplifies the task of defining, deploying, and maintaining security policies across a network, thereby significantly simplifying large-scale IPsec deployment. This article describes the motivations, key concepts, and recent IETF developments for policy-based IPsec management. It then applies the key concepts to an example a IPsec VPN service provisioning and further describes an example of an IPsec policy server as well as experience gained from implementing such a server. Challenges facing policy-based IPsec management are also discussed.     

Building an Application-Aware IPsec Policy System

As a security mechanism at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage is limited to virtual private networks (VPNs). The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet key exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks the knowledge of the context of applications running at upper layers, making it infeasible to configure application-specific policies in practice. In this paper, we propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine. In turn, the engine translates the application policies into the underlying security policies, and then writes them into the IPsec security policy database (SPD) via the existing IPsec policy management interface. We implement a prototype in Linux (Kernel 2.6) and evaluate it in our testbed. The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers. Configured with the application-aware IPsec policies, both secured applications at upper layers and legacy applications can transparently obtain IP security enhancements.     

Scalability implications of virtual private networks

This article gives an overview of the most promising technologies for service providers to offer virtual private network services. The focus is on the analysis of the scalability implications of these virtual private network mechanisms on existing service provider backbone networks. Very often, when deploying VPN services, service providers will be confronted with a trade-off between scalability and security. VPNs that require site-to-site interconnectivity without strong (cryptographic) security can be deployed in a scalable way based on the network-based VPN model, as long as the interaction between the customer and provider routing dynamics are controlled. VPNs that require strong (end-to-end) cryptographic security should be deployed according to the CPE-based VPN model, using the available IPsec protocol suite     

Policy-based dynamic provision of IP services in a secure VPN coalition scenario

This article describes a recent R&D result in supporting secure and dynamic coalition internetworking scenarios, where a number of military and civil subnetworks are combined using IPsec in a higher-level IP secure military network. It is part of the work undertaken in the VPN workshop initiative, where a set of national defense and research organizations are meeting together to align their vision and requirements on what an IPv4 or IPv6 secure and dynamic IPsec-based virtual private network should be, and how to deploy it in an international multidomain scenario.     

移动IP的安全隧道实现

在当前的安全机制中，移动IP遇到了一些挑战。在利用网络进行通讯时IPSec协议提供了一个强加密的标准协议（RFC2002）的安全、快速的移动网络。     

IPsec VPN中硬件加密卡的应用研究

主要讲述了在网络安全产品在IPsec VPN之中应用硬件加密卡来提高产品的吞吐量的方法和步骤。介绍了当今流行的硬件加密卡一般框架和硬件组成部分,以及各部分功能。并结合安全产品的特点,讲述了IPsec VPN中IPsec包的主要处理流程。在此基础上,结合硬件加密卡与IPsec处理流程的切合点,概述了硬件加密卡驱动的主要内容。通过硬件加密卡在IPsec VPN中的应用,使得软件加解密和硬件加解密可以完美切换,提高了产品的性能和质量。     

一种改进的基于PKI/ECC的IKE协议设计

IKE协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsec VPN安全传输的先决条件和保证.文章在研究现有IKE协议的基础上,将公钥基础设施PKI体系引入其中,提出将ECC技术、X 509数字证书、访问控制技术同IKE协议相结合,设计了一个基于PKI身份认证和访问控制的增强型IKE协议,从而提高了IPsec VPN网关的安全性和可扩展性,有效保护了VPN网络资源的安全.最后给出了基于最新Linux2.6内核的实现方案,并对由此构建的IPsec VPN安全网关原型系统的工作过程作了说明.     

因特网密钥交换协议的远程用户认证技术

在Internet密钥交换协议的基础上引入扩展IKE协议和混合认证方式,解决了IPsec协议中远程用户认证的问题,同时根据公钥基础设施PKI部署的不同情况提出了远程用户接入基于IPsec协议的VPN网络的解决方案。     

Firewalls — Evolve or Die

Businesses have traditionally relied on perimeter firewalls to enforce their security policy. However, perimeter controls do not provide a comprehensive solution to secure a private network connected to the Internet. This paper describes how the dynamic business environment and techniques, such as protocol tunnelling, have leveraged the use of IP networks. The use of these protocols and techniques means that perimeter firewalls alone no longer provide sufficient security. IPsec network security is reviewed and it is shown how its security services can be used to provide greater protection for the network by securing connections end to end. The paper also describes tools for firewall and VPN policy management that address the problem of managing the overall security policy with network implementations comprising multiple vendors' products. Finally, the paper proposes a vision of how future secure virtual networks will be established over existing infrastructures.