| 摘要 |
Virtual Private Networking (VPN) is an emerging technology area enabling e-business on the Internet. A key underlying VPN technology is IP Security (IPsec), a means of providing private (encrypted and authenticated) secure data transmission over public (Internet) networks. The definition of what data to protect ultimately results in IP filter rules, loaded to the operating system kernel. These are used to select the correct IP datagrams and cause each to be processed by the correct IPsec Security Associations. Along with other attributes, a VPN connection can be started, stopped, and monitored. Connection filters which are used to implement VPN connections are dynamic, and must be inserted and deleted within the currently installed set of IP filters (non-VPN related). Since IP filter order is crucial to proper functioning, the basic problem is, where to place these dynamic filters. This filter placement problem has a macro and a micro part. The macro filter placement problem is solved, and a customer policy to protect data is enforced, even if no VPN connection is active.
|
