【正文】 ur)through the medium of Hierarchical Direct, customtailor privilege class supervise grade instrument came realize Network security management.(five)past sophisticated alarm, log and audit function realize work clock.(six)supply visit list and in such a way that sshv2(secure shell beta two edition), snmpv3(Simple Network Management Protocol beta three edition), endue tenor visit security, line visit security with.(four)past Hierarchical Direct, customtailor privilege class supervise grade instrument critical event deplete work resource of potential safety hazard, such as both encapsulation attack, broadcast packet attack, MAC waterflooding, spanning tree attack grade second floor attack, as well as mendacious ICMP messenger, ICMP waterflooding, source address beguile , route oscillation grade aim at threeply consultative attack into erect security user tunnel grade came kept away aim at two tiered attack； in such a way that route filtration, versus route informational encrypt and authentication, orient multicasting control, advance route rapidity of convergence withal alleviate route oscillation impact grade measure, filter , versus route informational encrypt and authentication, orient multicasting control, bump route rapidity of convergence withal relieve route oscillation impact grade measure, came muscle threeply Network security up at up out for above physical layer upwards stratification plane, subsistent potential safety hazard mostly has be from aim at different kinds of consultative security menace, as well as with a view of illegality IP 協(xié)議 及 IPSec 協(xié)議安 全 分析 專業(yè) 班級(jí) :計(jì)算機(jī)科學(xué)與技術(shù) 9 occupancy work resource or exhaust work resource39。attack； past MAC address and IP address binding, confine per port39。ACL, foundation security user tunnel grade came kept away aim at two tiered attack； in such a way that route filtration, versus route informational encrypt and authentication, orient multicasting control, advance route rapidity of convergence withal alleviate route oscillation impact grade measure, filter , versus route informational encrypt and authentication, orient multicasting control, bump route rapidity of convergence withal relieve route oscillation impact grade measure, came muscle threeply Network security up at up out. At the same time, in order to pose construct safety Tnumber, return ought adopt rest safety precautions.(one)incorporation AAA authentication, natpt, two / threeply mpls VPN, repose ACL standard visit list and static state spread visit list, phony sliver fold attack grade came realize safety precautions in.(two)through the medium of route filter , static route, policy route and route loadsharing came realize security route out.(three)through the medium of sshv2(secure shell beta two edition), snmpv3(Simple Network Management Protocol beta three edition), ex., endue tenor visit security, line visit security with.(four)through the medium of Hierarchical Direct, customtailor privilege class supervise grade instrument came realize Network security management.(five)through the medium of sophisticated alarm, log and audit function realize work clock39。log, routing protocol event and error logging grade, for administration of works personnel make fault analysis, orient and statistics with. put together station state, secure work. IPSec basic structure analyses It was avail authentication header (AH) and encapsulation melt security lotus IP 協(xié)議 及 IPSec 協(xié)議安 全 分析 專業(yè) 班級(jí) :計(jì)算機(jī)科學(xué)與技術(shù) 10 (esp.) came realize pact technique authentication and encrypt of that that of IPSec basic structure. And that be used to realize integrity of data, this be used to realize pact technique confidentiality. The transmission provision know clearly amphipods of the at the same time logarithm according to： Transmission mode and channel mode. Either at transmission mode suffer, IP head inscribe layer protocol head of partment embed one new IPSec head (AH or esp.)。support up (4) Stream tag (5) Both identity authentication and secrecy 1. Spread address The clean culture address and design to appoint by one or more of mainframe intercept 39。consist, IPv6 suffer contain at least 1 two loaf differ field, even length at without option bear date two 0 byte, therefore at contain option hour approve reach six 0 byte. IPv6 by the exercise of Fformat39。efficiency still high done. Toe39。 certain operate mode occur know clearly change. On the one hand, possession toe length unify, hence had no further use for toe length field into. Furthermore, through the medium of make amendment of fold sectional rule could at toe suffer chip some field away in. IPv6 have no option bear date two 0 byte, therefore at contain option hour approve reach six 0 byte reduce need for test get field the quantity of, these should so as to channel selection39。t impact reliability, and these above all for head check sum should by still higher level agreement (UDP and TCP) preside. 3. Tone toward spread and option 39。work upper of done of the along with it dispose hopbyhop option of the in IPv6 suffer could at IP cephalic tail join option, therewith differ, IPv6 suffer do with option plus at separate spread head suffer. Through the medium of such means, option heads none but in case of need but need for test dispose out to. IPv6 manse subsection only take place on source node upper, hence need for take subsection spread cephalic node none but source node and destination node into consideration to. Source node preside subsection bine begin spread head, said spread head should lay in IPv6 head and next higher level agreement head of partment. destination node take over said fold bine use spread head proceed reshipment in. possession intermediate node big city could in security overlook said subsection spread head, in this way with bump know clearly fold channel selectio