IPsec

来自开放百科 - 灰狐
2008年12月7日 (日) 10:41Allen (讨论 | 贡献)的版本

(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳转到: 导航, 搜索

Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.

IPsec is an end-to-end security solution and operates at the Internet Layer of the Internet Protocol Suite, comparable to Layer 3 in the OSI model. Other Internet security protocols in widespread use, such as SSL, TLS and SSH, operate in the upper layers of these models. This makes IPsec more flexible, as it can be used for protecting all the higher level protocols, because applications don't need to be designed to use IPsec, whereas the use of TLS/SSL or other higher-layer protocols must be incorporated into the design of an application.

IPsec is the successor of the NLSP (Network Layer Security Protocol) that was standardised by ISO. The NLSP protocol was directly taken from the SP3 protocol that was published by NIST, but defined by the Secure Data Network System project of the NSA.

Implementations

Links

分享您的观点
个人工具
名字空间

变换
操作
导航
工具箱