| Today, Internet is developing more and more quickly and it plays an important role in the modern society. At the same time, the security of network is becoming a focus of Internet. Internet nowadays bases on the suite of TCP/IP protocols, which is insecure by itself, Internet is very frangible in security; almost all the IP packets in Internet are transported in plaintext and could be sniffed or intercepted easily. In order to provide security services for traffic on Internet, the IPSec protocol was offered by IETF in the late 1990's.IPSec was implemented in the IP layer and can protect all the upper layers. IPSec can provide a unify platform for all security services. For its high performance, IPSec is adopted as the base security protocols of the next generation Internet (Ipv6). IPSec is the most widely used protocols in the development of VPN. It may be the standard of IP VPN in the future. IPSec protocol provides the protection for IP layer and all of upper layer protocols, so it's transparent for applications and users. Any IPSec VPN that runs well like a well-run Intranet, and not have to train the user specially. But IPSec is a set of new protocols and very complex, many problems have not been solved. So it is very valuable for the research of IPSec. The deficiencies of IPSec are mainly brought by its complexity and flexibility. IPSec protocol includes so many options and provides overburdent versatility. We ofen find there are many implemention modes for the same task in the process of research and implement of IPSec.For example, the option of encryption arithmetic, security protocol and key management ect, That's may bring security problem for the implement. This paper put forward some advice of modification via the research of IPSec protocols, and how to implement IPSec VPN gateway by FreeS/WAN. In this paper, we detailed the configuration of IPSec protocol in Section II, including security association (SA), security protocol AH, ESP as well as Key management protocol IKE. IPSec protocol was thoroughly analysised and improved in Section III. We located the troubles existing in the much too complex protocol system and improved it; and then We pointed out the complexity of IPSec, amiliorated the security protocol and work mode; and also probed into the default encryption algorithm and mode, I considered AES-Counter the most optimized choice; We stated the problems in unilateralism SA and security policy (SP) and gave some advice to improve them; With the negotiation of security parameters, we thought the two-stage negotiation has security defect and suggests to get rid of the second stage. We talked about the way of IKE protocol authentication in details and brought up improved ways. Section IV mainly dealt with how to realize IPSec in FreeS/WAN, and...
|
PDF Full Text Request