6.1.3 Implements IPSEC.
In IPv4, we choose subnet 102.2.2.0/24 and subnet 103.3.3.0/24 to implement IPSEC. We will implement IPSEC on router1’s interface which will go to 102.2.2.0/24. On router3 we will implement IPSEC on the interface which will go to 103.3.3.0/24. In the lab, we will use tunnel mode as IPSEC mode, 3DES as security protocol, HMAX-MD5 as authentication protocol.
In IPv6, we choose two PC which belong the same subnet to implement IPSEC. We use transport mode as IPSEC mode, HMAC-MD5 as authentication mode
6.1.4 4 analyses IPSEC.
In IPv4, we will contrast the packets which have been captured by sniffer. We will analysis the different before implement IPSEC and after implemented IPSEC. We have the following results: the packets were encrypted after implemented IPSEC; it can provide confidentiality and Limited traffic flow confidentiality. And we have use HMAC-MD5 as authentication protocol, so it also provide data origin authentication. In IPv6, we use transport as IPSEC mode, which is encrypted data, but it can provide authentication. It also provide connectionless integrity and limited rejection of replayed packets
6.1.5 conclusion.
In the comprehensive network with IPv4 and IPv6, IPSEC is mandatory in IPv6, so it can support for high security data communication. In IPv4, we can apply IPsec depending on what security we want. We can choose different IPSEC mode, and the different encryption protocol, authentication protocol. IPSEC can enhance the security at the process of network transport, so it have a great foreground for government networks, military networks and commercial networks, especially with the new generation IP
Reference books
[1] William Stallings. Network Security Essentials: Applications and Standards. 清华大学出版社, March 2002.
[2] Silvia Hagen. IPv6精髓. Tsinghua University Press, May 2004
[3] 华为3COM技术有限公司. IPv6技术. 清华大学出版社, December 2004
[4] Andrew G. Mason CISCO安全虚拟专用网络. 人民邮电出版社, August 2002
[5] Joseph Davies. 理解 IPv6. 清华大学出版社, March 2004
[6] 张云勇 刘韵洁。 基于Ipv6 的下一代互联网,电子工业出版社, July 2004
[7] SmarTraining 工作室 从日全 等。 Windows server 2003 网络构架, September 2005.
[8] S. Deering and R. Hinden. RFC2460. Internet Protocol, Version 6 (IPv6) Specification, December 1998
[9] S. Deering and R. Hinden. RFC4291. IP Version 6 Addressing Architecture. February 2006.
[10] S. kent and K. Seo. RFC4301. Security Architecture for the Internet Protocol, December 2005
[11] S. kent. RFC4302. IP Authentication Header, December 2005
[12] S.kent. RFC4303. IP Encapsulating Security Payload (ESP), December 2005
[13] C. Kaufman, Ed. RFC4306. Internet Key Exchange (IKEv2), Protocol, December 2005
The introduce of guide teacher
Shengyuan Xu,male, was born 1945.
Shijun Wen, male, was born Feb., 1976, engineer. He graduated from southwest forestry college (SWFC) at July, 1999. Now, he is subdirector of Information and network center of SWFC. He has planned and constructed the first project of SWFC’s campus network at 2000, planned and constructed the second project of SWFC’s campus network during 2001-2003.From 2003 to now, he is the main principal of construct, manage, Running of SWFC’s network and the informational construct. From 2005 to now, he is developing the management system for SWFC’s network center
Acknowledgement
Thanks to my tutor Shengyuan Xu, Shijun Wen, who have guided and encouraged me complete this project. I have learned a lot from their style during last few years. Not only let me know how to study, but also let me know how to work and life.
Thanks to Prof. Kunrong HU, Mr. Xiaolin Wang, who taught me lessons in the past four years and solved the project’s handicap for me
Thanks to all the teachers and friend who taught me lessons and encouraged me in the time when we are together. Yours great lectures and warm help make this happen