摘要
在IPv6网络环境下,虽然IPSec可以为其提供强大的安全支持,但是如果IPSec策略配置不当,将达不到预期的安全目标。在策略驱动的分布式网络环境中,安全策略从配置、分发到实施的每一阶段都必须保持一致。本文首先分析IPv6的安全需求,给出一个多级多域的分布式策略系统,讨论了该模型中策略的存储、配置以及IPSec策略实施阶段策略可能发生的冲突,通过深入研究策略冲突产生的原因给出切实可行的解决方案。
Although IPSec protocols provide Ipv6 network environment with powerful security support, the expected goal in protecting Internet security would never be realized if IPSec policies are improperly configured. In distributed Internet, the establishment, distribution and implementation of the security policy must be consistent. Based on the security requirement of Ipv6, this paper gives a multi-level and multi-domain distributed policy system and discusses the situations of policy-conflict happening, including policy configuration and implementation. By in-depth study of the policy conflicts, the practical solutions are proposed.
出处
《信息安全与通信保密》
2007年第8期142-145,共4页
Information Security and Communications Privacy