当前位置:网站首页>Features and functions of IPSec

Features and functions of IPSec

2022-06-09 23:04:00 InfoQ

In order to solve IPv6 The security of the protocol ,IETF On 1995 Established in IP Protocol and key management organization , Research in IP The standard on the protocol to ensure the security of data transmission . After years of research, this organization , Proposed a series of protocols , And constitute a security system , It's called IP Security Protocol( abbreviation IPSec).

  • IPSec Has the following characteristics
  • IPSec yes IETF Developing IPv6 Time is guarantee IP Designed for packet security , yes IPv6 Part of the agreement .IPSec Can be directed to IPv4 And IPv6 Provide interoperability 、 High quality and password based security .
  • PSec The security services provided include access control 、 integrity 、 Data source certification, etc . These services are provided at the network layer of the Internet , And provide protection to the network layer and higher layers .
  • IPSec Protocols are actually a family of protocols , Not a single agreement . Its security structure consists of three main protocols and encryption and authentication algorithms , Including authentication header (Authentication Header,AH) Protocol and encapsulation security payload (Encapsulating Security Payload,ESP) agreement , as well as Internet Secure association key management protocol (Internet Security Association and KeyManagement Protocol,ISAKMP)、Internet key exchange (Internet KeyExchange,IKE) agreement .

  • IPSec The main function of
IPSec Pair at the network layer IP Grouping for high-strength encryption and authentication services , Make security services independent of applications , Various applications can share the security services and key management provided by the network layer .
  • Data confidentiality protection
IPSec Of ESP The protocol encrypts packets , It makes it difficult for network attackers to decipher . According to different types of application requirements ,ESP Encryption algorithms with different strengths can be provided .
  • Integrity protection and identity authentication
IPSec For each IP Grouping generates a checksum . By checking the checksum , It can be found whether the data has been tampered with during transmission . meanwhile ,IPSec The identity authentication mechanism of can check whether there is IP Address spoofing attack , Effectively defend against network attacks that borrow legal addresses and user identities .
  • Prevent denial of service and man in the middle attacks
IPSec Use IP Group filtering method , according to IP Address range 、 agreement 、 The port number of a specific protocol determines which data streams can pass through , This prevents denial of service attacks . As a third party , Man in the middle attacks are similar to identity spoofing attacks ,IPSec Pass two-way authentication 、 Shared key , It can effectively prevent man in the middle attacks .

be based on IPSec Agreed VPN Technology has been widely used in the Internet .
原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/160/202206092207480350.html

边栏推荐

猜你喜欢

随机推荐