| With the development of Internet,an increasing number of people have access to Internet. They can get the latest information, catch up the developments of the industry, and even improve work efficiency and so on. Internet has been playing a more and more important role in such areas as economy, politics, education, commerce, finance, transportation and telecommunications. The whole society is increasingly dependent on it. However, the networks also bring many new problems, such as the security, ip address depletion, copyright, pornography, and violence. This thesis mainly focuses on the study and analysis of the security of networks and ip address depletion problem.The threats to the security of networks mainly follow into three groups[1], human negligence, human malicious attack, the backdoor and loopholes of software. There are different precautionary technologies against different network threats. IPSec VPN technology against hackers'monitoring sensitive information of clients is studied in this thesis. The fast development of networks gives rise to the shortage of ip addresses. The best solution to the shortage is application of IPv6 network architecture. As the IPv6 network architecture has not been popularized, the shortage of ip addresses will exist for some time. NAT protocol, a network address translater, can temporarily relieve the shortage of ip addresses. The lacking consideration of the compatibility between IPSec protocol and NAT protocol when they were designed, and that they can not work cooperatively in the same system. This thesis makes efforts for the compatibility of IPSec and NAT, and there are my mainly works. Firstly the main objects of study, IPSec protocol and NAT protocol are studied and analyzed. Their components, functions and principles of work are analyzed. The merits and demerits of the existing solutions for their compatibility are analyzed.Secondly the udp-based penetrating model is improved. The IPSec penetrate NAT problem involves nat penetrating hole problem. In the double-NAT system udp-based penetrating model can achieve of normal communication.Becase of udp-based penetrating model's shortcomings, this thesis improved that model. Mobile Agent algorithm will be introduced to udp-based model. The improved model not only has the function of the original model, it is also able to adapt to the environment and can balance the network load.Thirdly this thesis designed the IPSec penetrating NAT system based on virtual adapter. This system is designed by actual needs. This system can not only penetrate the NAT, but also can make IPSec and firewall work collaborative.Finally this paper have implemented and tested this system. The system is implemented by Network Driver Interface Specification. System can be driven by the application layer and driver layer. The mainly work of the application layer is to communicate with the driver layer and set the user information. Driver layer have implemented the functions of IPSec and NAT. After testing this system, IPSec can penetrate NAT and IPSec can work collaboratively with the firewall, and this is high performance system. |
PDF Full Text Request