Design And Implementation Of Ipsec Security Policy Based On The Working Group

IPSec is widely used as a network-layer security technology nowadays. It provides cryptographic-based security protection mechanism for IP packets. The proper implementation of IPSec depends on the security protection parameters included in security policies. Thus the proper configuration and management of security policy is one of the most important parts of the IPSec-based network security technology.According to the internal communication security requirement of Golden Aviation Network, this paper proposes a theory of end-to-end virtual network based on IPSec VPN technique. It introduces a concept of virtual workgroup and group policy to isolate different VPN communication entities safely. Based on the theory of virtual network and analysis and research of current IPSec security policy management method, a workgroup-based security policy system is designed and realized using the socket network communication interface and visualization-support integrated developing environment C++Builder and Kylix. And the function modules and solution to key problems of the workgroup-based security policy system is discussed. The key function components of the security policy system which have been studied and realized are as follows:1. Policy database. By reference of the DMTFs and IETF's standard documents about policy and security policy, the semantic of IPSec security policy defined by those documents is realized at most. And the policy database is designed with the SQLServer2000 RDS.2. Policy server. A security policy database configuration GUI is designed, which is used to configure workgroup, user and group policy centrally. And policy server provide services such as state maintenance and group policy distribution etc to policy clients.3. Policy client. A policy client login GUI is designed. It receives group policy from the policy server. The group policy is parsed into end-to-end user level policy and the policy client notifies the IKE service to negotiate end-to-end IPSec security tunnels with other clients in the same group.This paper finally makes a function test for the workgroup-based security policy system. And the test results show that the system works correctly. As described in this paper theworkgroup-based security policy system, combined with the implementation of IPSec driver and IKE module, is also applicable to the enterprise internal information communication security of other industry.