| IPSec, a suit of network security protocols, is a network layer security standard issued by IETF. It is aimed to protect the security of data transmitted on public network, such as Internet. It offers the cryptography-based security for information transmitted over the network, as well as security services including information integrity, data origin authentication, protection against replays, and confidentiality for IP and upper layer protocols. IPSec protocol, with the advantages in transparency to the end user, agile security mechanism and powerful function, provides an IP layer security mechanism compared with other technologies of network security.The purpose of this dissertation is to develop a network security system based on IPSec protocol.The mostly content of this dissertation is summed up as follows:The author has analyzed typical attacks on IP protocol and summarized the vulnerabilities of and threats against IP layer. Based on the previous researches, the author has made an analysis of security risks to IP layer.This dissertation researches into the IPSec protocol deeply. It covers the structural analyses of IPSec and presents the principle and process of how it works. In this paper, the author presents the difference between them.The author introduces a security system based on IPSec protocol. It is designed to protect the data packets between two computers using encryption and authentication techniques. It can work under both Linux OS and Windows 2000 OS. In this dissertation, the author has particularly describes the realization of the IPSec driver module under Linux OS and windows 2000 OS.The author discussed the reason for the collision between IPSec protocol and NAT (Network Address Translation) technique, and proposed a scheme by using UDP encapsulation to solve this problem.The author explained the invalidity of the traditional method in compressing IPSec package, and the validity of the method using IPComp correspondingly. |
PDF Full Text Request