共查询到18条相似文献,搜索用时 140 毫秒
1.
面向Internet的IPsec安全体系结构 总被引:1,自引:0,他引:1
介绍了一种新型的Internet安全体系结构-IPsec体系,并描述IPsec体系的一些协议,例如IPsec协议和验证报头协议(AHP),封装安全有效负荷协议(ESPP),Internet密钥管理协议(IKMP)。阐述了这些协议的特点和实现要求。 相似文献
2.
IPSEC安全体系与实施 总被引:2,自引:1,他引:2
IPsec是IETF委员会提出的新型的Internet安全体系结构,IPsec为IPv4和IPv6协议提供了强大的、灵活的、基于加密的安全方案。本文分析了IPsec协议套件的体系结构、基本组件与工作原理,并给出了IPsec的实施实例。 相似文献
3.
IKE(Internet Key Exchange)协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsec VPN安全传输的先决条件和保证。在研究IKEv2协议的基础上,将公钥基础设施PKI体系引入其中,对在IKEv2中使用PKI身份认证进行研究。并针对IKEv2中数据通信的特点,将在线证书状态协议OCSP(Online Certificate Status Protocol)与IKEv2协议结合起来,设计了一个基于PKI身份认证的增强型IKEv2协议,从而有效提高系统的效率和部署的可扩展性。最后给出了一个基于Linux2.6内核的IPSec-VPN设计方案。 相似文献
4.
卢晓丽 《网络安全技术与应用》2013,(9):35-36
IPsec(Internet协议安全性)是一种开放标准的框架结构,通过使用加密的安全服务以确保在IP(Internet协议)网络上进行保密而安全的通讯。IPSec VPN数据机密性及低成本相结合的特点,使得该技术在企业互连中的应用越来越广泛。 相似文献
5.
IPsec在Internet中属于IP层的安全协议,下一代IP协议IPv6中内嵌了对IPsec的支持.在分析IPv6协议优势的基础上,详细介绍了使用IPv6内嵌的IPsec实现VPN的关键技术—基于IPv6的IPsec协议及其体系结构、工作模式和相关机制.提出了一种在不改变现有IP本地网络环境的情况下,构建基于IPv6... 相似文献
6.
介绍了一种新型的Intemet安全体系结构-IPsec体系.并描述了IPses体系结构的一些协议,例如IPsec协议和验证报头协议(AHP)、封装安全有效负荷协议(ESPP)、htemet密钥管理协议(IKMP).阐述了这些协议的特点和实现要求. 相似文献
7.
8.
下一代互联网将是基于IPv6的,IPv6的实现必须支持IPsec,IPsec提供了两种安全机制:加密和认证。本文重点对IPsec协议安全体系结构、各部分功能及其相互间关系进行了深入分析研究,并对IPsec协议在IPv6中工作原理、实施应用问题等提出新的见解。最后总结了IPsec在基于IPv6的下一代互联网带来的安全特性和将面对的挑战。 相似文献
9.
IPsec协议的研究和分析 总被引:6,自引:0,他引:6
IPsec设计的目的是通过身份鉴别、数据加密和数据完整性保护,使端对端用户完成安全的通信。IPsec也成为构建VPN的一个基本协议。IPsec的体系结构随着对安全问题的探索而变得越来越庞杂。文章对IPsec的框架体系进行了研究,并分析了各个部分引入的安全问题。 相似文献
10.
IPsec协议体系是IETF制定的新一代网络安全协议标准,用于在IP层为IPv4和IPv6提供可交互操作的、高质量的、基于加密的安全.针对协议一致性测试的要求和IPsec协议体系的特点,设计了一种基于Tcl的IPv6协议体系中的IPsec协议一致性测试系统,并给出一个实例说明如何使用该系统进行测试例的开发,实践表明,该系统具有方便、灵活、模块独立性好等优点,基于Tel的一致性测试是一种有效的协议一致性测试技术. 相似文献
11.
The Internet Engineering Task Force is standardizing security protocols (IPsec protocols) that are compatible with IPv6 and can be retrofitted into IPv4. The protocols are transparent to both applications and users and can be implemented without modifying application programs. The current protocol versions were published as Internet drafts in March 1998. The article overviews the proposed security architecture and the two main protocols-the IP Security Protocol and the Internet Key Management Protocol-describes the risks they address, and touches on some implementation requirements. IPsec's major advantage is that it can provide security services transparently to both applications and users. Also, the application programs using IPsec need not be modified in any way. This is particularly important when securing application programs that are not available in source code, which is common today. This transparency sets IPsec apart from security protocols that operate above the Internet layer. At present, IPsec is likely to be used in conjunction with and complemented by other security technologies, mechanisms, and protocols. Examples include firewalls and strong authentication mechanisms for access control, and higher layer security protocols for end-to-end communication security. In the near future, however, as virtual private networking and corporate intranets and extranets mature, IPsec is likely to be deployed on a larger scale 相似文献
12.
Michael Rossberg Guenter Schaefer Thorsten Strufe 《Journal of Network and Systems Management》2010,18(3):300-326
The Internet Protocol Security Architecture IPsec is hard to deploy in large, nested, or dynamic scenarios. The major reason
for this is the need for manual configuration of the cryptographic tunnels, which grows quadratically with the total amount
of IPsec gateways. This way of configuration is error-prone, cost-intensive and rather static. When private addresses are
used in the protected subnetworks, the problem becomes even worse as the routing cannot rely on public infrastructures. In
this article, we present a fully automated approach for the distributed configuration of IPsec domains. Utilizing peer-to-peer
technology, our approach scales well with respect to the number of managed IPsec gateways, reacts robust to network failures,
and supports the configuration of nested networks with private address spaces. We analyze the security requirements and further
desirable properties of IPsec policy negotiation, and show that the distribution of security policy configuration does not
impair security of transmitted user data in the resulting virtual private network (VPN). Results of a prototype implementation
and simulation study reveal that the approach offers good characteristics for example with respect to quick reconfiguration
of all gateways after a central power failure (robustness), or after insertion of new gateways (scalability and agility). 相似文献
13.
IPsec策略管理的研究 总被引:7,自引:0,他引:7
基于策略的管理是当前安全研究的热点问题之一。该文首先介绍IPsec策略的定义及冲突的原因,随后分析了对策略管理提出的要求,在此基础上提出了IPsec策略管理的一个通用框架,并对其中的关键部件给出了具体的解决方案,包括采用SPP协议进行网关和策略发现,使用Keynote信任管理系统进行策略的一致性检查。最后,讨论了当前研究存在的问题及今后的研究方向。 相似文献
14.
随着计算机网络技术的高速发展,利用广泛开放的Internet进行跨地域通信已成为时代发展的趋势。虚拟专用网(VPN)是采用隧道技术以及加密、身份认证等方法,在公共网络上构建企业网络的技术。本文主要以IP安全协议体系IPSec为基础,运用VPN技术且根据广州某船务公司的具体网络结构和使用情况提出了一个在多方跨地域进出口船务系统中的VPN网络实现方案。根据这个方案,采用WatchGuard Firebox安全网关,不仅可以在公司总部、香港公司和多个办事处之间建立虚拟专用网络连接,还可以将区域范围扩展到任何连接Internet的地方。 相似文献
15.
IPSec安全机制的体系结构与应用研究 总被引:17,自引:0,他引:17
IPSec(Internet Protocal Seurity)在Internet和专用内部网中属于IP层次的安全协议,IP层次上的安全对于网络安全是非常重要的,文章分析了IPSec在安全体系结构,包括IPSec提供的安全服务,IPSec的安全协议,以及IPSec有IVc6中的嵌入,最后讨论了IPSec在实现端到端安全和虚拟专用网络中的应用。 相似文献
16.
We discuss the strengths and weaknesses of existing tools with respect to the Internet Protocol security (IPsec) name mapping problem: how to ensure a correct mapping between application-layer target names and network-layer target names. We show that DNSSEC is neither necessary nor sufficient for solving the IPsec name mapping problem. We describe design and implementation results for new techniques that are applicable to legacy applications to partially or completely solve the IPsec name mapping problem. As a corollary, we obtain programming recommendations that make it easier to apply these techniques. We show how the set of current IPsec policy parameters can usefully be expanded. We give a prototype of a modified lookup API and argue that the modified API is the preferred long-term solution to the IPsec name mapping problem. We also cover the implications for IPsec key management. Finally, we summarize the environments where IPsec is being used today and discuss which IPsec name mapping techniques are most appropriate for these environments. 相似文献
17.
Berni Dwan 《Computer Fraud & Security》2000,2000(7):9
For anyone who doesn’t know, the IPsec protocols were “designed to clear the hit list of well-known security flaws in the current Internet Protocol version 4 (Ipv4) and to provide a pre-emptive strike against these same flaws in its possible replacement, the Internet protocol version 6 (Ipv6)”. So, is IPsec the answer to all our network security problems, the simple cure all, or is this too good to be true? The authors of this particular book are of the opinion that IPsec “has raised by far the most hope…as a possible cure for the widespread security problems of networks and networked applications”. But, while offering hope to those responsible for increasingly more complex networks, the authors also prudently point out that “IPsec products can wreak havoc on critical applications and other enhanced networked services.” The problem is, while IPsec can indeed provide solutions never offered before (or in a manner never offered before) interoperability problems, limitations in the base protocols and failure to address known operational conflicts could court disaster. And here is the rub: the potential havoc wreaked could leave the most ambitious of doom laden hackers crazy with envy. 相似文献
18.
如何将会话初始化协议(SIP)与现有的通信网络有机结合,提供安全可靠的数据及通信服务已成为当今的热点问题。VoIP应用也受到业界的持续关注。安全问题一直都是企业实施VoIP的一个阻碍。提出了一个基于SIP的VoWLAN通信平台,将各种语音服务构建于无线局域网之上。利用虚拟专用网(VPN)、数据加密技术、VLAN和防火墙等必要安全技术和策略,应对在系统中的安全威胁,实现了通话质量可靠、安全性高的企业级VoIP无线网络架构。描述了该系统的设计和实现过程,讨论了其中的关键技术。 相似文献