Security System .ipv4/ipv6 Transition Phase Design

As the basic protocol in the next generation internet, ipv6 considers the factor of security in addition to interconnectivity. IPv6 uses ipsec (IP Security) to implement encryption and authentication at the network layer, and has solved some problems in the current IP protocol. However, ipsec can't replace traditional security facilities such as firewall and intrusion detection system. The latter can protect against attacks caused by administratation errors, improper user operations and software holes. The best security could be achieved by the combination of ipsec and current security solutions.One of the most important goals of the ipv6 design is to be compatible with ipv4. Communications between ipv6 nodes rely on the current ipv4 network facilities. In addition, ipv6 nodes have to communicate with ipv4 correspondents. As a result, the situation that ipv6 and ipv4 coexist will last fairly long time. To ensure the information security of the next generation internet in our country, it is not only realistic but necessary to investigate the security architecture in the periods of transition from ipv4 to ipv6.In this essay i examine the security characteristics of ipv6 both from the point view of ipv6 header and ipsec. Considering the challenge the transition brings for traditional security facilities, i put forward an integration model of firewalls and intrusion detection systems and realize an implementation. The new enviroment of the next generation ipv6 high speed networks means designers must find ways to increase the security architecture performance to keep up with demands. This paper will discuss two solutions for enchancing the ids (intrusion detection system) performance, including load balance policies and analysis engine optimizations.Considering the improved security due AH and ESP, the combination of ipsec and firewall will result in more secure networks in the future. This paper presents several solutions. According to the last ideal solution of firewall authenticaiton, we redesign the IKE (Internet key exchange).