摘要
针对IPSec与防火墙不能协同工作问题,文中提出了一种解决方案,即将协议头和数据部分分别进行安全处理,并将这种分层思想与密钥协商方法结合,让防火墙介入IPSec的密钥协商阶段,经过协商让加密的数据包通过防火墙,并且通过IDS(入侵检测系统)更进一步的防御非法入侵,从而解决IPSec对防火墙功能的处理问题。实验结果表明,该方法保证了IPSec的安全性,提高了防火墙与IPSec结合时的效率。
For the cooperation question of IPSec and firewall, this paper proposes the solution that handles security problems on protocol head and data in IP datagram separately, combines this layered approach with the key agreement way, and lets the firewall involved in the key agreement phase of IPSec and the encrypted data packets pass, based on consultation, through the firewall, including IDS (Intrusion Detection System) for further defense against intrusion, thus solving the compatibility operation problem. Test results show that this method can ensure the security of IPSec, and raise the efficiency of combination of firewall with IPSec.
出处
《通信技术》
2008年第6期119-121,共3页
Communications Technology
基金
河南省校园示范工程项目504058
关键词
安全关联
密钥协商
入侵检测系统
safe connection (SA)
key agreement
intrusion detection system
