什么是IP安全性?
[英]What is IP security?
问题描述
Is there any brief explanation for IP security? 
是否有关于IP安全性的简要说明? And Why do we use it? 为什么我们要使用它?
2 个解决方案
解决方案1
2 已采纳 2010-01-22 13:34:11
If you mean IPsec It encrypts network traffic at the IP packet level. 如果您的意思是IPsec,它将在IP数据包级别加密网络流量。 You use it to prevent other people -- in general -- from extracting the data travelling through your network -- especially sensitive data that is meant to be encrypted, however the application in question doesn't support encryption. 通常,您使用它来防止其他人提取通过网络传输的数据,尤其是要加密的敏感数据,但是有问题的应用程序不支持加密。
解决方案2
0 2010-10-24 14:47:35
Encryption is just one aspect of security. 加密只是安全性的一方面。 Sometimes, you don't really care if the data can be read by anyone --- you just want to ensure that no one has tampered with it. 有时,您并不真正在乎数据是否可以被任何人读取---您只想确保没有人篡改过它。 In this case, the sender can use IP security (IPSec) to just integrity protect the data. 在这种情况下,发送方可以使用IP安全性(IPSec)来完整性保护数据。 The data is now tamper-evident: that is, any attempt to tamper with the data will be discovered by the receiver as integrity verification will fail. 现在,数据已被篡改:也就是说,由于完整性验证将失败,因此接收方会发现任何篡改数据的企图。 In this case NULL algo for encryption (ie no encryption) and SHA1 algo for integrity will be used. 在这种情况下,将使用用于加密(即不加密)的NULL算法和用于完整性的SHA1算法。
Also, note that encryption without integrity protection is not very useful as an attacker can tamper with the data and the receiver won't be able to discover it. 另外,请注意,没有完整性保护的加密不是很有用,因为攻击者可以篡改数据,并且接收者将无法发现数据。 You may have to use application level checks to discover tampering and this is not foolproof. 您可能必须使用应用程序级别检查来发现篡改,但这并非万无一失。
IPSec also gives you protection against replay attacks: an attacker will not be able to capture the packets and replay them back later in an attempt to impersonate the sender. IPSec还为您提供了防范重播攻击的保护:攻击者将无法捕获数据包并稍后重播它们,以冒充发送者。
So, use integrity protection alone (if the data is not sensitive) or integrity plus encryption. 因此,请单独使用完整性保护(如果数据不敏感)或完整性加加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.