| With the rapid development of the network technology, the network has been popular in the society, but it is inevitable there are some potential security problems when the network is providing open and shared resources. How to protect the transmission of secret information on the network effectively has becoming the concern.IPSec is to solve network security problems effectively. Firstly, the paper introduce the IPSec architecture, including some basic concepts, for example, security policy, security association, selector, and the component of IPSec architecture such as SPD, SAD, AH, ESP and IKE, etc. The processing of IPSec is explained in detail.Secondly, based on deep analysis of IPSec and Linux TCP/IP stack, the implementation of IPSec under Linux is especially completed. This paper presents the integration of the Linux IP processing with the outbound and inbound policy through the Linux Netfilter, proposes the use of Radix tree for organizing the security policy database, the use of hash table for organizing the security association database.The implementation of IPSec is tested and applied by constructing a tentative VPN model. Finally this paper analyzes the system of IPSec protocols. The principle is that complexity will result in security weakness, and introduces some modification proposal for them.
|
PDF Full Text Request