虚拟专网的研究与设计
摘要
本文的研究重点是利用VPN虚拟专网实现安全数据通信。当前随着企事业单位与外界环境的交往日益增加,企业内外部数据交换量变得空前巨大,在这种情况下,企业对数据传输中的安全因素要求也正在变得迫切。
本文对采用虚拟专用网(VPN)这一当今广泛流行的信息安全技术及其实现的方案进行了深入的研究。本文从安全问题的现状、分类和对策入手,提出了数据传输的基本解决方案。通过深入研究虚拟专网的技术、用途,具体分类和协议基础,典型的虚拟专网特点及相应的加密体系,最后得出VPN设备的结构模块图以及如何建立一个虚拟专网来实现安全的数据通信。
本文研究的内容主要在以下几个方面:
VPN技术的研究:其中给出了VPN的定义、功能及其特点;VPN的各种分类和不同分类适用的应用环境;重点比较了几种用于实现VPN的安全协议的优缺点,并且详细的阐述了PPTP、L2TP、GRE等VPN建立过程中涉及的协议基础;PPP点对点协议等的具体应用。
VPN设计及其理论分析:本文在研究过程中得出了建立VPN的详细模块图,同时在理论研究的基础上做出了实验,得出在数据传输过程中所遇到的问题并进行了修改,从而实现建立一个健康、安全网络的结论。综合现今企、事业单位的网络现状,详细阐述用VPN技术进行安全的通信设计方案,对网络构成中出现的各种情况应对措施进行了详细研究并进行了理论分析。
The paper research key point uses the VPN special realization security data communication.With the increasing of data exchange capacity inner/inter companies, it's in urgent demand that the safety in data transmission for enterprises. It's focused on the research of data communication in network safety engineering in this paper.
It's presented the intensive study on VPN and its implement program, which is a widely used information safety technique right now. Based on the current situation, classification and strategy of safety problem, it's proposed that the basic solution for data communication. It's discussed in detail that the definition, usage, classification basis of protocol, typical characters of VPN, encryption system, modular structure graph and the method to set up a VPN for safety data communication.
The main content of this paper includes:
Research on VPN, which includes definition, function and characteristics of VPN, different classification for VPN and their application, comparison of some protocols for VPN implementation, detail process of establishing VPN protocols, such as PPTP, L2TP, GRE, etc, PPP protocol and its specific application.
VPN design and its analysis which includes a detailed VPN module graph, several simulation, an elaborated design on safety communication under VPN technique. The synthesis nowadays business, institution's network present situation, the detailed elaboration carries on the safe correspondence design proposal with the VPN technology, had each kind of situation to the network constitution in to be supposed to conduct the dissect to the measure and to carry on the theoretical analysis.
本文对采用虚拟专用网(VPN)这一当今广泛流行的信息安全技术及其实现的方案进行了深入的研究。本文从安全问题的现状、分类和对策入手,提出了数据传输的基本解决方案。通过深入研究虚拟专网的技术、用途,具体分类和协议基础,典型的虚拟专网特点及相应的加密体系,最后得出VPN设备的结构模块图以及如何建立一个虚拟专网来实现安全的数据通信。
本文研究的内容主要在以下几个方面:
VPN技术的研究:其中给出了VPN的定义、功能及其特点;VPN的各种分类和不同分类适用的应用环境;重点比较了几种用于实现VPN的安全协议的优缺点,并且详细的阐述了PPTP、L2TP、GRE等VPN建立过程中涉及的协议基础;PPP点对点协议等的具体应用。
VPN设计及其理论分析:本文在研究过程中得出了建立VPN的详细模块图,同时在理论研究的基础上做出了实验,得出在数据传输过程中所遇到的问题并进行了修改,从而实现建立一个健康、安全网络的结论。综合现今企、事业单位的网络现状,详细阐述用VPN技术进行安全的通信设计方案,对网络构成中出现的各种情况应对措施进行了详细研究并进行了理论分析。
The paper research key point uses the VPN special realization security data communication.With the increasing of data exchange capacity inner/inter companies, it's in urgent demand that the safety in data transmission for enterprises. It's focused on the research of data communication in network safety engineering in this paper.
It's presented the intensive study on VPN and its implement program, which is a widely used information safety technique right now. Based on the current situation, classification and strategy of safety problem, it's proposed that the basic solution for data communication. It's discussed in detail that the definition, usage, classification basis of protocol, typical characters of VPN, encryption system, modular structure graph and the method to set up a VPN for safety data communication.
The main content of this paper includes:
Research on VPN, which includes definition, function and characteristics of VPN, different classification for VPN and their application, comparison of some protocols for VPN implementation, detail process of establishing VPN protocols, such as PPTP, L2TP, GRE, etc, PPP protocol and its specific application.
VPN design and its analysis which includes a detailed VPN module graph, several simulation, an elaborated design on safety communication under VPN technique. The synthesis nowadays business, institution's network present situation, the detailed elaboration carries on the safe correspondence design proposal with the VPN technology, had each kind of situation to the network constitution in to be supposed to conduct the dissect to the measure and to carry on the theoretical analysis.
引文
[1] 王达 虚拟专用网(VPN)精解 清华大学出版社 2004
[2] 戴宗昆,唐三平- 网络安全技术与应用,2001
[3] 戴宗昆,VPN与网络安全- 电子工业出版社 2001
[4] 杨波.网络安全理论与应用.北京:电子工业出版社,2002
[5] 李津生,洪佩林.下一代Internet网络技术.北京:人民邮电出版社,2001
[6] StevenBrown.构建虚拟专用网.北京:人民邮电出版社,2000
[7] Rebecca Gurley Bace.陈明奇,吴秋新等译.入侵检测[M].北京:人民邮电出版社,2001
[8] 李涛.网络安全概论[M].北京:电子工业出版社,2004
[9] Karanjit S, Chirs H.Internet. Firewall and Network Security[M]. New Riders Publishing, 1996
[10] 高海曲,薛元星等.VPN技术[M].机械工业出版社,2004
[11] 刘剑波,王能,等.VPN网关的设计和实现[J].计算机工程,2004,30(3):130~132
[12] 北京启明星辰信息技术有限公司.防火墙原理与实用技术[M].北京:电子工业出版社,2002.79-83
[13] 王达.虚拟专用网(VPN)精解[M].北京:清华大学出版社,2004..3
[14] FARINACCI D, LI T, HANKS S. Generic Routing Encapsulation(GRE). RFC 2784[S]. 2000
[15] DEERING S, HINDEN R. Internet Protocol, Version 6(IPv6). RFC2460[S].1998
[16] 许勇 张凌 等.基于VPN的企业内联网[J].计算机工程与应用,2001,37(23):33-34
[17] 叶盛 高海锋等.VPN的实现机制和系统评价[J].小型微型计算机系统,2002,23(9):1053-1058
[18] 刘作炜 吉国力 基于CDMA1X的远程监控系统设计.
[19] 冯超英 基于CDMA1X技术的录井数据远程传输系统
[20] 刘风华 丁贺龙 张永平CDMA1X VPDN接入方案及其在农行无线POS 中的应用
[21] 张平CDMA2000-1x数据业务资源占用分析
[22] 王东峰 董晓宇 王彦峰 流媒体技术在无线通信系统中的应用
[23] 文波 谢光毅基于CDMAIX的企业VPDN应用及研究——用户名和IMSI绑定及固定IP地址分配问题的解决
[24] 林闯 单志广.Internet区分服务及其几个热点问题的研究[J].计算机学报,2000,23(4):419-433,.
[25] 张朝伟 李伟生无线应用场景下基于IPsec VPN的研究与实现
[26] Kent S. Security architecture for the internet protocol 《RFC 2401》 1998
[27] Fu Z U HUANG H HUANG H.IPsec/VPN security policy: Correctness conflict detection and resolution 《IEEE Policy 2001 Workshop》2001
[28] Lupu E C. Conflicts in policy-based distributed systems management 《IEEE Transactions on Software Engineering》 1999
[29] Judy Z Fu. Automatic generation of IPsec/VPN security policies in an intra-domain environment 《Proc.of Conf.on Distributed Systems:Operationand Management (DSOM 2001)》 2001
[30] Kent S.Security architecture for the internet protocol 《RFC 2401》 1998
[2] 戴宗昆,唐三平- 网络安全技术与应用,2001
[3] 戴宗昆,VPN与网络安全- 电子工业出版社 2001
[4] 杨波.网络安全理论与应用.北京:电子工业出版社,2002
[5] 李津生,洪佩林.下一代Internet网络技术.北京:人民邮电出版社,2001
[6] StevenBrown.构建虚拟专用网.北京:人民邮电出版社,2000
[7] Rebecca Gurley Bace.陈明奇,吴秋新等译.入侵检测[M].北京:人民邮电出版社,2001
[8] 李涛.网络安全概论[M].北京:电子工业出版社,2004
[9] Karanjit S, Chirs H.Internet. Firewall and Network Security[M]. New Riders Publishing, 1996
[10] 高海曲,薛元星等.VPN技术[M].机械工业出版社,2004
[11] 刘剑波,王能,等.VPN网关的设计和实现[J].计算机工程,2004,30(3):130~132
[12] 北京启明星辰信息技术有限公司.防火墙原理与实用技术[M].北京:电子工业出版社,2002.79-83
[13] 王达.虚拟专用网(VPN)精解[M].北京:清华大学出版社,2004..3
[14] FARINACCI D, LI T, HANKS S. Generic Routing Encapsulation(GRE). RFC 2784[S]. 2000
[15] DEERING S, HINDEN R. Internet Protocol, Version 6(IPv6). RFC2460[S].1998
[16] 许勇 张凌 等.基于VPN的企业内联网[J].计算机工程与应用,2001,37(23):33-34
[17] 叶盛 高海锋等.VPN的实现机制和系统评价[J].小型微型计算机系统,2002,23(9):1053-1058
[18] 刘作炜 吉国力 基于CDMA1X的远程监控系统设计.
[19] 冯超英 基于CDMA1X技术的录井数据远程传输系统
[20] 刘风华 丁贺龙 张永平CDMA1X VPDN接入方案及其在农行无线POS 中的应用
[21] 张平CDMA2000-1x数据业务资源占用分析
[22] 王东峰 董晓宇 王彦峰 流媒体技术在无线通信系统中的应用
[23] 文波 谢光毅基于CDMAIX的企业VPDN应用及研究——用户名和IMSI绑定及固定IP地址分配问题的解决
[24] 林闯 单志广.Internet区分服务及其几个热点问题的研究[J].计算机学报,2000,23(4):419-433,.
[25] 张朝伟 李伟生无线应用场景下基于IPsec VPN的研究与实现
[26] Kent S. Security architecture for the internet protocol 《RFC 2401》 1998
[27] Fu Z U HUANG H HUANG H.IPsec/VPN security policy: Correctness conflict detection and resolution 《IEEE Policy 2001 Workshop》2001
[28] Lupu E C. Conflicts in policy-based distributed systems management 《IEEE Transactions on Software Engineering》 1999
[29] Judy Z Fu. Automatic generation of IPsec/VPN security policies in an intra-domain environment 《Proc.of Conf.on Distributed Systems:Operationand Management (DSOM 2001)》 2001
[30] Kent S.Security architecture for the internet protocol 《RFC 2401》 1998
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |