【正文】 expose likely to burglar, by have no right limit user check or bowdlerize through to. In the meanwhile, special enterprise work too need for use inter bine therewith mutual to. Inter at advertisement and ebusiness aspect repose whereabouts huge business opportunity, versus user came said inter must. Figure full high speed, cheapness bine possess resolvability, general design to depot IP 協(xié)議 及 IPSec 協(xié)議安 全 分析 專(zhuān)業(yè) 班級(jí) :計(jì)算機(jī)科學(xué)與技術(shù) 4 private and confidential information up lead folk in a OSI to at global within range proceed without a hitch corresponding also, thereof unreliability no more will conceivable to it means end user transmitting data station utilized work element likely to met absence their dam within sight back. But do so should gotten enterprise work Tnumber now that, figure full high speed, cheapness bine possesses resolvability, general design to depot private and confidential information up. In despite of cause how about, now versus work security requirements ratio anciently tighten up, too still necessity to know clearly. It was be on the foundation upward strain for security insure of IPlayer or still definitely said yes at each IP grouping that both data stream among as a matter of fact us has manifold means useful for protective work. Could through the medium of be on the fringe erect one fire wall, filter e off those undefeated data stream out for of dedicated work. Application and transport protocols mand thereof own security mechanism. Other kind of technology, considering hereinafter several cause lead such approach possess definite meaning to： 1. The Intra big city yes repose IP 39。of the both inter and enterprise. Proprietary data stream quantity big city must through IPlayer. Proprietary data too big city yes by IP grouping came loadsupporting。 2. Both it could shield and isolation higher level application exempt meets with safeness attack。 3. It took the part of in being higher level security mechanism。 4. It could took the part of above inter erect one extendible, secure VPN. Both it is time for in order to met the needs of above IPlayer realize safeness, IETF came into existence know clearly IP security (IPSec) workgroup. Transit effort, to workgroup already fetch round robin at IPV four and IPV six upward strains for work layer safeness agreement, mechanism kimono devote one39。s efforts to. IPSec frame station took the part of serve include hereinafter content： 1. access control。 2. data origin authentication(demonstration every last IP grouping)； 3. replay protection (Prevent attacker eavesdrop to certain grouping bine IP 協(xié)議 及 IPSec 協(xié)議安 全 分析 專(zhuān)業(yè) 班級(jí) :計(jì)算機(jī)科學(xué)與技術(shù) 5 after some hour playback)； 4. data integrity (Test withal make IP grouping at transport process suffer have no by distort certain out)。 5. data confidentiality amp。 encryption (Part of past encrypt should grouping stash) 6. limited traffic flow management (The IP address of the conceal originality dispatcher) 7. key management IPSec frame initially definitive agreement include inspect weight head (AH), encapsulation security lotus (ESP) and key management. 2 IPSec:IP layer protocol security IPSec protocol bring necessity forth IPSec at IP layer endue safety service, it lead system be able to according to require select secure protocol, take serve station utilized algorithm in time for clap demand serve required key to relevant OSI in for to with. The path of the IPSec be used to shield a stick of or multiyear mainframe and mainframe partment, safety shut and safety shut partment, safety shut and mainframe partment. Both IPSec be able to submitted safety service multitude include access control, connectionless integrality, data source authentication, reject retransmitted packet(partial sequence integrality form), privacy and finitude transmission current privacy. For these serve equal at IP layer endue, so any higher level protocol use they, for instance TCP, UDP, ICMP, BGP and so on. It was through the medium of twain large transmission secure protocol, header authentication(AH)and encapsulation safe load(ESP), and key manager harmonize discuss 39。use came finished as well that these object. It was by user, application, and / or site, anize versus security and systemic demand came decision that that of required IPSec protocol multitude content very utilized mode. Both the instant correct realize, use these mechanism, they ought not versus use these security mechanism shield tarn missive user, mainframe and rest hero special part bring negative impact forth. This mechanism too by is designed for algorithm IP 協(xié)議 及 IPSec 協(xié)議安 全 分析 專(zhuān)業(yè) 班級(jí) :計(jì)算機(jī)科學(xué)與技術(shù) 6 independent. Such modularity permit select different algorithm multitude instead of impact rest segmental realize for to. For example： In the event of, different user munication is available to different algorithm multitude. It was a sort of away hair homology serial number 39。WRAPT lead system crash39。 method of attack grade means came attack to that of whereas IPv6 WRAPT proper without supply any security protection, hacker could past information packet detect, IP spoofing, joint captive, replay attack. The data packet be in existence hereinafter hazard of the wherefore, us receive： No came from legal dispatcher。 data at transport process suffer by human amend。 data content afterwards by human pick (for instance military secret equiponderance ask informational dialogue) for brains. Both that of that of IPSec purpose namely by way of realize data transfer integrality (source address demonstration and guarantee data have no modify) and confidentiality (without by human run over) and endue to a certainty degree 39。versus replay offensive shield with as well to. IPSec usable it supplies security protection with IP very upper layer protocol (TCP and UDP grade). I