多制式终端路由服务器研究
|
摘要
网络通信是通信技术领域的一个重要分支。在网络通信技术蓬勃发展的今天,不仅个人通信需要网络设备作为支撑,从事商业活动的单位也离不开网络通信技术的支持。本文论述了在多终端应用(如银行、证券、保险业务等)领域有着重要实用价值的终端路由服务器,给出其相关软件的分析、设计和实现。
论文的第一部分着重分析了网络虚拟终端软件。主要论及当前作为Internet标准应用之一的Telnet以及自行研究开发的Reverse Telnet软件。Telnet是一种非常早期的TCP(?)应用程序,它在今天的Internet世界中仍旧发挥着重要作用。然而,由于设计上的原因,Telnet有难以克服的缺陷。论文从分析Telnet协议入手,提出了Reverse Ttlnet这种新型的终端虚拟软件的概念。开发Reverse Telnet可以去除Telnet的某些缺点,使终端虚拟软件从协议本身的定义到软件的代码实现都更为简洁高效,并且还具备其它方面的优点。论文作者设计了基本的实现方案,并且在这部分的最后给出了Reverse Telnet客户机和服务器两部分软件相关代码的主要流程。
论文的第二部分是关于网络安全性的讨论。给出了网络安全性的相关基本概念,实现安全服务的数学基础以及实现安全服务的不同的网络层次,并且比较了在不同层次之间的优劣。集中讨论了IP网络的安全标准——IPSec协议套件。对于IPSec各个组件之间的交互关系、涉及的重要概念(安全关联、安全关联数据库和安全策略数据库)、数据包处理过程、两个安全协议(封装安全载荷和认证头)的协议本身规范和一般实现方法都进行了较为详细的讨论。然后针对在安全系统中至关重要的密钥管理进行了重点分析,这其中包括了Internet安全关联密钥管理协议,以及以它为框架在IPSec中实现的Internet密钥交换协议,并且简单说明了在上述密钥管理协议中密钥信息的生成公式。为了便于读者更深入的理解IPSec,在这部分的最后,论文从最终用户的角度给出了使用IPSec的例子。本论文没有对IPSec使用的特定的加密算法和认证算法进行讨论,有兴趣的读者可以查阅相关的RFC文档。
最后,论文给出这两个模块在终端服务器上的集成过程和实际的测试过程作为结束。
Network communication is an important branch of the communication technology. With the rapid development of network communication, individuals and commercial units all need the support of the network equipment This paper concerns the design and implementation of the software running on the terminal server, which provides the communication between the local terminals and the remote hosts.
The first part of the paper analyses the network virtual terminal software. It discusses the Telnet, one of the standard applications in the Internet, and the Reverse Telnet developed by myself. Telnet is an application developed long before and it still has the important use now. Telnet protocol has complicated definitions about the commands, the negotiation of the options and the sub-options, which do not handle the data desired by the uses. It just is the goal of the development of the Reverse Telnet, by which we can erase the definitions, make the protocol and code terse and get some other advantages. The paper shows the definition of the Reverse Telnet, the fundamental scheme, and the main flowcharts of the programs running on the server end and terminal end.
The second part concerns the network security, providing the basic conceptions and the mathematical fundament, showing the implementations on the different network layers and revealing the advantage and disadvantage of the implementations. This part discusses the security standard in the Internet, the IPSec protocol suit. It analyses in details the interplay of all the components, the essential concepts such as Security Association, Security Association Database and Security Policy Database, the process of the package handling, the two security protocol Encapsulating Security Payload and Authentication Header It concerns not only the regulations of the protocols themselves but also the implementation schemes. It pays a great attention to the Internet Security Association and Key Management Protocol (ISAKMP) and the Internet Key Exchange (IKE) based on ISAKMP, because the key management is always the most consequential part of any security systems. To make the usage of
IPSec understood easier, at the end of this part, it gives the reader an example indicating the usage as a ultimate user Whereas, the paper do not offer the encryption algorithms and nthontication algorithms Anvone who is introstcd in tho firl rni reter to RFC documents
In the end, the paper shows the combination between the two modules discussed above and the actual tcsi pun-ess and the resuiis
论文的第一部分着重分析了网络虚拟终端软件。主要论及当前作为Internet标准应用之一的Telnet以及自行研究开发的Reverse Telnet软件。Telnet是一种非常早期的TCP(?)应用程序,它在今天的Internet世界中仍旧发挥着重要作用。然而,由于设计上的原因,Telnet有难以克服的缺陷。论文从分析Telnet协议入手,提出了Reverse Ttlnet这种新型的终端虚拟软件的概念。开发Reverse Telnet可以去除Telnet的某些缺点,使终端虚拟软件从协议本身的定义到软件的代码实现都更为简洁高效,并且还具备其它方面的优点。论文作者设计了基本的实现方案,并且在这部分的最后给出了Reverse Telnet客户机和服务器两部分软件相关代码的主要流程。
论文的第二部分是关于网络安全性的讨论。给出了网络安全性的相关基本概念,实现安全服务的数学基础以及实现安全服务的不同的网络层次,并且比较了在不同层次之间的优劣。集中讨论了IP网络的安全标准——IPSec协议套件。对于IPSec各个组件之间的交互关系、涉及的重要概念(安全关联、安全关联数据库和安全策略数据库)、数据包处理过程、两个安全协议(封装安全载荷和认证头)的协议本身规范和一般实现方法都进行了较为详细的讨论。然后针对在安全系统中至关重要的密钥管理进行了重点分析,这其中包括了Internet安全关联密钥管理协议,以及以它为框架在IPSec中实现的Internet密钥交换协议,并且简单说明了在上述密钥管理协议中密钥信息的生成公式。为了便于读者更深入的理解IPSec,在这部分的最后,论文从最终用户的角度给出了使用IPSec的例子。本论文没有对IPSec使用的特定的加密算法和认证算法进行讨论,有兴趣的读者可以查阅相关的RFC文档。
最后,论文给出这两个模块在终端服务器上的集成过程和实际的测试过程作为结束。
Network communication is an important branch of the communication technology. With the rapid development of network communication, individuals and commercial units all need the support of the network equipment This paper concerns the design and implementation of the software running on the terminal server, which provides the communication between the local terminals and the remote hosts.
The first part of the paper analyses the network virtual terminal software. It discusses the Telnet, one of the standard applications in the Internet, and the Reverse Telnet developed by myself. Telnet is an application developed long before and it still has the important use now. Telnet protocol has complicated definitions about the commands, the negotiation of the options and the sub-options, which do not handle the data desired by the uses. It just is the goal of the development of the Reverse Telnet, by which we can erase the definitions, make the protocol and code terse and get some other advantages. The paper shows the definition of the Reverse Telnet, the fundamental scheme, and the main flowcharts of the programs running on the server end and terminal end.
The second part concerns the network security, providing the basic conceptions and the mathematical fundament, showing the implementations on the different network layers and revealing the advantage and disadvantage of the implementations. This part discusses the security standard in the Internet, the IPSec protocol suit. It analyses in details the interplay of all the components, the essential concepts such as Security Association, Security Association Database and Security Policy Database, the process of the package handling, the two security protocol Encapsulating Security Payload and Authentication Header It concerns not only the regulations of the protocols themselves but also the implementation schemes. It pays a great attention to the Internet Security Association and Key Management Protocol (ISAKMP) and the Internet Key Exchange (IKE) based on ISAKMP, because the key management is always the most consequential part of any security systems. To make the usage of
IPSec understood easier, at the end of this part, it gives the reader an example indicating the usage as a ultimate user Whereas, the paper do not offer the encryption algorithms and nthontication algorithms Anvone who is introstcd in tho firl rni reter to RFC documents
In the end, the paper shows the combination between the two modules discussed above and the actual tcsi pun-ess and the resuiis
引文
(1) W.Richard Stevens. UNIX环境高级编程,尤晋元等译.机械工业出版社,2000.
(2) W.Richard Stevens. UNIX网络编程(第2版)第1卷:套接口API和X/Open传输接口API.施振川等译.清华大学出版社.1999.
(3) W.Richard Stevens. TCP/IP详解 卷1:协议,范建华等译.机械工业出版社,2000.
(4) Douglas E.Comer.用TCP/IP进行肉际互连 第1卷:原理、协议和体系结构(第3版),林瑶等译.电子工业出版社,1998
(5) Robin Burk. UNIX技术大全——系统管理员卷,孙志刚等译.机械工业出版社,1998.
(6) Brian W. kernighan and Dennis M. Ritchie. C程序设计语言,徐宝文等译.机械工业出版社,2001.
(7) WindRiver System, Inc. VxWorks Programmer's Guide. WindRiver System, Inc. 1999.
(8) WindRiver System, Inc. VxWorks Network Programmer's Guide. WindRiver System, Inc. 1999.
(9) WindRiver System, Inc. VxWorks 5.4 Reference Manual. WindRiver System, Inc. 1999.
(10) WindRiver System, Inc. Tornado User's Guide. WindRiver System, Inc. 1999.
(11) Carlton R. Davis. IPSec:VPN的安全实施,周国彬等译.清华大学出版社,2002.
(12) N. Doraswamy and D. Harkins. IPSec:新一代因特网安全标准.机械工业出版社,2000.
(13) Donald C. Lee. Cisco网络增强型IP服务,谈利群等译.电子工业出版社,2000.
(14) 陈运.信息加密原理.电子科技大不出版社,1996.
(15) Andrew S. Tannenbaum. 计算机网络,熊桂喜等译.清华大学出版社,1998.
(16) Network Working Group. RFC2411. IP Security Document Roadmap. R. Thayer, N. Doraswamy and R. Glenn. November 1998.
(17) Network Working Group. RFC2401. Security Architecture for the Internet Protocol. S. Kent (?) on. November 1998.
(18) Network Working Group. RFC2402. IP Authentication Header. S. Keut and R. Atkinson. November 1998.
(19) Network Working Group. RFC2406. IP Encapsulating Security Payload (ESP). S. Kent and R. Atkinson. November 1998.
(20) Network Working Group. RFC2408. Internet Security Association and Key Management Protocol (JSAKMP). D. Maughan, M. Scliertler and J. Turner. November 1998.
(21) Network Working Group. RIT2409. The Internet Key Exchange (IKE). D. Harkins and D. Carrel. November 1998.
(22) Network Working Group. RFC2412 . The AKLEY Key Determination Protocol. H. Orman. November 1998.
(2) W.Richard Stevens. UNIX网络编程(第2版)第1卷:套接口API和X/Open传输接口API.施振川等译.清华大学出版社.1999.
(3) W.Richard Stevens. TCP/IP详解 卷1:协议,范建华等译.机械工业出版社,2000.
(4) Douglas E.Comer.用TCP/IP进行肉际互连 第1卷:原理、协议和体系结构(第3版),林瑶等译.电子工业出版社,1998
(5) Robin Burk. UNIX技术大全——系统管理员卷,孙志刚等译.机械工业出版社,1998.
(6) Brian W. kernighan and Dennis M. Ritchie. C程序设计语言,徐宝文等译.机械工业出版社,2001.
(7) WindRiver System, Inc. VxWorks Programmer's Guide. WindRiver System, Inc. 1999.
(8) WindRiver System, Inc. VxWorks Network Programmer's Guide. WindRiver System, Inc. 1999.
(9) WindRiver System, Inc. VxWorks 5.4 Reference Manual. WindRiver System, Inc. 1999.
(10) WindRiver System, Inc. Tornado User's Guide. WindRiver System, Inc. 1999.
(11) Carlton R. Davis. IPSec:VPN的安全实施,周国彬等译.清华大学出版社,2002.
(12) N. Doraswamy and D. Harkins. IPSec:新一代因特网安全标准.机械工业出版社,2000.
(13) Donald C. Lee. Cisco网络增强型IP服务,谈利群等译.电子工业出版社,2000.
(14) 陈运.信息加密原理.电子科技大不出版社,1996.
(15) Andrew S. Tannenbaum. 计算机网络,熊桂喜等译.清华大学出版社,1998.
(16) Network Working Group. RFC2411. IP Security Document Roadmap. R. Thayer, N. Doraswamy and R. Glenn. November 1998.
(17) Network Working Group. RFC2401. Security Architecture for the Internet Protocol. S. Kent (?) on. November 1998.
(18) Network Working Group. RFC2402. IP Authentication Header. S. Keut and R. Atkinson. November 1998.
(19) Network Working Group. RFC2406. IP Encapsulating Security Payload (ESP). S. Kent and R. Atkinson. November 1998.
(20) Network Working Group. RFC2408. Internet Security Association and Key Management Protocol (JSAKMP). D. Maughan, M. Scliertler and J. Turner. November 1998.
(21) Network Working Group. RIT2409. The Internet Key Exchange (IKE). D. Harkins and D. Carrel. November 1998.
(22) Network Working Group. RFC2412 . The AKLEY Key Determination Protocol. H. Orman. November 1998.