This paper focuses on the research of IPSec VPN security policies. Given a general introduction on the concepts of VPN and IPSec protocol first, the paper presents the major content of VPN study on the base of analyzing the problems of VPN security management and the relationship between security management and security policy.Among the study of IPSec VPN security policies, policy conflict is a big problem. In this paper, we analyze the existed solutions of the problem,and proposed an algorithm, which based on the Policy-Generation algorithm, to solve the problem. The new algorithm greatly satisfies the requirement of security function and security intensity as well as improving the efficiency of conflict solving problem.The paper bring the service-oriented concepts to the security policy management model to increase the manageable of security policy and implement the separation of policy and operation by taking use of the service characteristic.As the problem in the risk assessment decision-making, an algorithm is presented here to solve it. Then some policy organization modes are made to support the defense system, detect system and response system. Finally a harmonious algorithm is given to balance the resources between system performance and network bandwidth. |