| With rapid development of the network technology, the network has already been popularized in the society. However, security problems have been headaches in networks especially in Internet, where openness and simplicity were design goals when it was developed in late 70s' last centure. Therefore, it has become the focus people's concern, to ensure the security of network transmission and access effectively.Virtual Private Network (VPN) is a security mechanism similar to leased-line network in an open network environment. For the ability to establish world wide VPNs for enterprises, it has drawn more and more attension from the people. For many elegant features, IPSec has become a de facto standard in realization of VPNs.Network security is the opening of the paper. Firstly, the basic idea and sort are introduced. The key technology of VPN is analyzed in detail.Secondly, IPSec architecture is introduced, including some basic concepts, for example, security policy, security association, selector, and each component of IPSec architecture such as SPD, SAD, AH and ESP etc.. The processing of IPSec is explained in detail.Thirdly, the disertation discusses issues of secure network access of IPSec at including those relevant to end-to-end access, gateway-to-gateway, and host-to-gateway. Basic approches in implementation of IPSec for host, gateway, and router are also introduced.Finally, the discussion on the network layered structure of Linux and Netfilter mechanism are analized to introduce author's implementation of IPSec VPN based Netfilter mechanism. Processing modules and their interrelationshe of the implementation are further discussed together with a preliminary test result concering its functional behavior and performance.
|
PDF Full Text Request