详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
虚拟专用网(VPN,Virtual Private Network)是近几年才兴起的网络新技术,目前Internet本身还是一个没有安全保证的网络,建立虚拟专用网的关键就在于保证专用网的安全性。根据虚拟专用网的特点和发展现状,本文将其安全问题按内容分为三个方面:隧道技术安全、加密技术安全及认证技术安全。并结合企业文档管理系统所涉及到的实际问题,提出了对各类安全问题的解决方案:将L2TP协议与IPSec协议相结合的安全隧道技术新方案、对称加密和非对称加密结合在一起使用的加密方法、使用智能卡来确保认证的安全执行。最后,在现有软、硬件基础上,针对企业文档管理系统中虚拟专用网实现中遇到的实际问题,对一些关键技术的实现进行探讨和编程。
Virtual Private Network is a new rising network technology.At present,Internet itself is still a network without secure assurance,the key of building virtual private network is in how to assure private network's security.according to the characteristic and developing status quo,this article classifies the safety problem into three:the safety of tunneling technology,the safety of encryption and the safety of authentication technology.With the related technologies used in the enterprise document management system,this paper descripted the solutions on the variety of safety problemsrcombining L2TP protocol with IPSec protocol.the symmetric encryption and the asymmetric encryption are both into effect.using intelligent card to enhance authentication's secure performance.At last ,based on current softwares and hardwares,aiming to the actual problem on building virtual private network in enterprise document management system,some key technology's implementation has being discusssed and programed.
    [3].David Leon Clark著,于秀莲,徐惠民等译,虚拟专用网,人民邮电出版社
    [9].[美]Casey Wilson Peter Doak,钟鸣,魏允韬等译,虚拟专用网的创建与实现,机械工业出版社,2000.8
    [14]. R. Atkinson, S. Kent, Security Architecture for the Internet Protocol, RFC2401, November 1998
    [17]. RFC1826
    [28]. Brent. R.P, Parallel algorithim for integer factorisation, in Number Theory and Cryptograhy ,Ed.by J.H.Ioxton,Cambridge University Press, 1990
    [29] Diffie,W.and M.E.Hellman New Dirextions in cryptography ,IEEE Tran,on Info. Theor. 1976,11
    [31]. S.P.Miller, B.C.Neuman, J.I.Schiller, and J.H.Saltzer. Section E.2.1:: Kerberos Authentication and Authorization System, M.I.T. Project Athena, Cambridge, Massachustts, December 21, 1987
    [32]. E.Balkovich,S.R.Lerman, and R.P.Parmelee,Computing in Higher Education: The Athena Experience. Communications of the ACM 28(11), P1214-1224 ACM., November, 1985
    [33]. R.M.Needham and M.D.Schroeder. Using Encryption ofr Authentication in Large Networks of Computher. Communications of the ACM 21(12), P993-999, December, 1978
    [35]. Bruce Schneier, 应用密码学(原著名称:Applied Cryptography protocols, algorithms, and source code in C)
    [36]. Warwick Ford Michael S. Baum, Building the infrastructure for Digital Signature and Encryption, Secure Electronic Commerce
    [37]. [美]John Swartz Todd Lammle著,CCIE: Cisco Certified Internetwork Expert, Publishing House of Electronics Industry, http://www.phei.com.cn,2001.2
    [39].[美]Cisco公司,信达工作室译,Cisco IOS 网络安全,人民邮电出版社,2001.1
    [40]. Kaustubh M. Phaltankar,杨义先,夏光升,李忠献译,内联网与外联网安全指南,人民邮电出版社,2001.1
    [45].Christian Huitema著,陶文星,胡文才译,新因特网协议Ipv6(第2版),清华大学出版社,2000.6
    [46].[美]David J. Stang, Sylvia Moon著,程佩青,闫慧娟译,计算机网络安全奥秘,电子工业出版社
    [49].He, Wei-Hua; Wu, Tzong-Chen, Improvement of Harn's digital signature for Diffie-Hellman public keys, Electronics Letters v 33 n 15 Jul 17 1997. P1304-1305
    [50]. Bellovin S M, Cheswich W R, Networks Firewalls. IEEE Communication Magazine, 1994,32(9), P50~57
    [51]. Oppliger, Rolf, Internet security: Firewalls and beyond, Communications of the ACM v 40 n 5 May 1997. P92-102
    [52]. Ping Lin, Security in Enterprise Networking: A Quick Tour, IEEE Communication Magazine, 1996,34(5), P40~43
    [53]. Forrest, Stephanie, Hofmeyr, Steven A., Somayaji, Anil, Computer immunology, Communications of the ACM v 40 n 10, Oct 1997, P 88-96
    [54]. http://www.mastercard.com/set/set.html