Research And Implementation Based On Ipsec Network Security Protocols

With the development of computer and network application , we rely increasely on this widely used network. So network information security issues gradually become the factor that affact the netwsork efficiency . However, common departments'network vulnerabilities are in a serious situation. More seriously, many of these departments have been completely unable to meet the needs of network's rapid development and the process of information construction. So it is very important to ensure the Internet users'communication information security .In fact, there are a lot of security standards about the Internet. For example, we can use GSSAPI defined by RFC1508 and 1509, Telnet, FTP and HTTP. To ensure the secure and secret communications in any IP network, and to unify the different standards and products, IETF established a suit of open standard network security protocol IPSec(IP Security). Using the encryption technology in network layer, we can provide security services such as data authentication, data integrity, access control and confidentiality at the sender and the receiver side.Based on these protocols, many manufacturers have developed various software or hardware equipments to offer information security. In this paper, we also develop such an application software, which is designed to protect the data packets between two computers. By using encryption and authentication techniques that can avoid the transmission of plaintext on public network, this system can protect the data transmission from ordinary network attacks such as sniffing, denial-of-service attack, replay attack, etc.Firstly,this paper describes the IPSec protocols used in our system. IPSec protocols are consisted of two protocols, one is authentication header (AH), the other is the encapsulation security payload (ESP). Besides, the IPSec protocols have two working modes, tunnel mode and transport mode. The paper compares the two protocols and the two working modes, gives the differences between them, and finally chooses the encapsulation security payload protocol to apply. The paper also compares many other security protocols that are widely used in virtual private network (VPN). This paper analysis system development and needs of the users, studies the security level which the users need . Then, we develop our system on Windows 2003 operating system which supports IP Sec protocol well and is widely used . In the end , we establish a system development scheme which make sure communication information safe and is easily operated.The system is programmed with Visual C++. The user interface is just like the traditional Windows interface. The client has a very simple dialog window. Users can choose either establishing or dismantling the security protection by clicking the buttons on the interface. The server can record the logging information and modify the user information. After compiling the program, the system is tested by pinging another computer and transferring a file with FTP tools. The result shows that our system can offer effective protection to the data packets. The security system will lightly influent the network performance, so users will not feel any trouble with it.