Shulou(Shulou.com)06/01 Report--

What is xxx?

It is a superimposed private network formed on the common network by using encryption and tunneling technology, so as to ensure the privacy of information, the integrity of data, the traceability of users, and anti-replay. (virtual private network)

Composition of IPsec: IKE (used for negotiation of security parameters) ESP (about encryption, authentication and other security methods) AH (authenticates the entire packet and does not allow encryption)

Operation mode of three IPsec: tunnel mode (used to protect data between two secure gateways) transmission mode (used to protect data between two hosts)

4. The five steps of IPsec:

① defines the traffic of interest

② Ike Policy (lke sa)

③ IPsec Policy (IPsec SA)

④ IPsec session

End of ⑤ tunnel

Note: SA: the Security Policy Alliance (which defines how to encrypt) is the foundation of IPsec and the one-way nature of IPsec.

SA: static: manual configuration (manual sa never ages)

Dynamic: Ike autonegotiation (established by Ike with lifetime)

SA: survival time in two ways:

① time-based time to Live

Traffic-based lifetime of ②

SA: is the agreement of certain elements between the peers of ipsec.

IPsec peer: IPsec provides secure communication between two endpoints, which are called.

Five security protocols

① AH (IP Protocol number 51) applies to unclassified data

② ESP (50) data encrypted

6 ways in which AH is used in conjunction with ESP:

First, the message is encapsulated by ESP, then the message is encapsulated by AH.

Authentication algorithm:

① HMAC--MD5 (fast computing)

② HMAC--SHA1 (high degree of security)

Encryption algorithm:

① DES

② 3des

③ AFS

Note: ranked in turn, the speed is fast and the security is getting higher and higher

Seven IPsec

① main mode: specify IP of both parties, 6 message exchanges (high security), specify IP address, slow negotiation

② savage mode: must have 3 NAT interactive messages (low security). Specify a name and negotiate quickly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.