摘要
虽然将IPSec用在虚拟专用网(VPN)是一种很好的网络安全解决方案,极大地改进了传统IP协议缺乏安全机制的问题,但因其身份鉴别不完善而影响到在复杂环境下的网络安全。PKI是由公开密钥密码技术、数字证书、证书认证机构等基本成分组成的一套安全平台,可提供身份认证和角色控制服务。该文分析了IPsec和PKI在安全上的技术特点,提出了一种如何将PKI证书机制应用到IPsec-VPN中,实现强身份认证和访问控制机制,进而完善VPN安全的方案。
Although the use of IPSec in virtual private network (VPN) is a good network security solutions and the Internet Protocol Security is significantly improved, the network security in complicated environment, due to its lack of perfect identity authentication, is seriously affected.As a publicly trusted platform , PKI is composed of public key technology, digital certificates, CA and security strategy, which can provide identity authentication and role access control service. This paper gives a scheme for applying PKI into IPSec-VPN to strengthen identity authentication and access control mechanisms, thus making the security of VPN more perfect more secure.
出处
《通信技术》
2009年第1期259-260,263,共3页
Communications Technology
关键词
安全
虚拟专用网
公钥基础设施
因特网安全协议
security: virtual private network(VPN): publick key infrastructure(PKI): internet protocol security(IPSec)