The developer must consider the corresponding network security problem when building his/her application system. A transparent network security solution, which is independent of applications, is proposed in this thesis. It frees developers from network security problems and lets them focus on domain developing. Moreover, the transparent security system gives new life to some application systems that were built without security considerations. The concept introduced in this paper helps to resolve network security problems independently and creates an enterprise level security policy. Because of the dependence between the high level protocols and applications, the transparent network security mechanism should be implemented on the IP layer. With the combination of encryption, authentication and IP filter technology, this thesis establishes a transparent network security scheme on the IPV4 (compatible with IPV6) according to IPSEC (RFC24O 1, RFC2402, RFC2406, RFC2408), and achieves host to host secure communication on the internet or intranet. The thesis comprises of three main sections. The first section (Charter 1,2) introduces the theoretical basis and algorithms. The second one (Charter 3,4) presents a schema of IP security system and the outline of the techniques that put the schema into a real system in the Windows Kernel Mode. The third one (Charter 5,6) discusses the software design and programming. |