高考问答大话容止套装搭配:急求高手翻译一段计算机专业文章
来源:百度文库 编辑:高考问答 时间:2024/04/20 17:15:09
《IPSec Overview》
One of the weaknesses of the original Internet Protocol is that it lacks any sort of general purpose mechanism for ensuring the authenticity and privacy of data as it is passed over the internetwork. Since IP datagrams must usually be routed between two devices over unknown networks, any information in them is subject to being intercepted and even possibly changed. With the increased use of the Internet for critical applications, security enhancements were needed for IP. To this end, a set of protocols called IP Security or IPSec was developed.
The IP Security protocol (IPsec) provides several security services to networked applications. Services include:
1. Confidentiality - Making data unreadable by eavesdroppers
2. Data Integrity - Guaranteeing that data is not changed between sender and receiver
3. Data Authentication - Guaranteeing that received data was not sent by an imposter
IPsec operates at the Network layer. Security services can be provided at any of several network layers, and there are advantages and disadvantages to each. The diagram below illustrates a simplified network protocol stack:
IPSec can be applied to IP packets in two different ways, or modes:
• Transport mode
• Tunnel mode
Transport mode protects the packet's payload, higher-layer protocols, but leaves the original IP address in the clear. The original IP address is used to route the packet through the Internet. ESP transport mode is used between two hosts. Transport mode provides security to the higher-layer protocols only.
ESP tunnel mode is used when either end of the tunnel is a security gateway, a Concentrator, a VPN optimized router, or a PIX Firewall. Tunnel mode is used when the final destination is not a host, but a VPN gateway. The security gateway encrypts and authenticates the original IP packet. Next, a new IP header is appended to the front of the encrypted packet. The new outside IP address is used to route the packet through the Internet to the remote end security gateway. Tunnel mode provides security for the whole original IP packet.
One of the weaknesses of the original Internet Protocol is that it lacks any sort of general purpose mechanism for ensuring the authenticity and privacy of data as it is passed over the internetwork. Since IP datagrams must usually be routed between two devices over unknown networks, any information in them is subject to being intercepted and even possibly changed. With the increased use of the Internet for critical applications, security enhancements were needed for IP. To this end, a set of protocols called IP Security or IPSec was developed.
The IP Security protocol (IPsec) provides several security services to networked applications. Services include:
1. Confidentiality - Making data unreadable by eavesdroppers
2. Data Integrity - Guaranteeing that data is not changed between sender and receiver
3. Data Authentication - Guaranteeing that received data was not sent by an imposter
IPsec operates at the Network layer. Security services can be provided at any of several network layers, and there are advantages and disadvantages to each. The diagram below illustrates a simplified network protocol stack:
IPSec can be applied to IP packets in two different ways, or modes:
• Transport mode
• Tunnel mode
Transport mode protects the packet's payload, higher-layer protocols, but leaves the original IP address in the clear. The original IP address is used to route the packet through the Internet. ESP transport mode is used between two hosts. Transport mode provides security to the higher-layer protocols only.
ESP tunnel mode is used when either end of the tunnel is a security gateway, a Concentrator, a VPN optimized router, or a PIX Firewall. Tunnel mode is used when the final destination is not a host, but a VPN gateway. The security gateway encrypts and authenticates the original IP packet. Next, a new IP header is appended to the front of the encrypted packet. The new outside IP address is used to route the packet through the Internet to the remote end security gateway. Tunnel mode provides security for the whole original IP packet.
<>原先的网际协议的弱点之一, 缺乏任何类多功能机制在保证真实性和数据的隐私时已经忽视网络。 因为IP数据报必须通常被在未知的网络上方在两个设备之间安排,在他们里的任何信息受被拦截和甚至也许改变影响。由于被增加的为关键的应用使用因特网,安全提高被为IP需要。 为此目的,一套协议叫IP为安全或者IPSec被发展。 IP 安全协议(IPsec)对网络应用提供几证券服务。 服务包括:1.机密性 - 使数据不能读偷听的人2。 数据完整 - 保证数据没被在发送人和接收者3之间改变。 数据验证 - 保证得到的数据没被在网络层IPsec 操作的一个冒名顶替者派。 在任何几层网络层安全服务可以被提供, 并且对每一个有利弊。 下面的图解说明一个简化的网络协议堆: IPSec 能用两种不同的方式被用于IP 包,或者方式: 运送方式\ 隧道方式
原始因特网协议的弱点之一是:缺少任何
;;;;