是否有任何关于 IP 安全性的简要说明?我们为什么要使用它?
问问题
156 次
2 回答
2
如果您的意思是IPsec它在 IP 数据包级别加密网络流量。您可以使用它来防止其他人——通常——提取通过您的网络传输的数据——尤其是本应加密的敏感数据,但相关应用程序不支持加密。
于 2010-01-22T13:34:11.357 回答
0
Encryption is just one aspect of security. Sometimes, you don't really care if the data can be read by anyone --- you just want to ensure that no one has tampered with it. In this case, the sender can use IP security (IPSec) to just integrity protect the data. The data is now tamper-evident: that is, any attempt to tamper with the data will be discovered by the receiver as integrity verification will fail. In this case NULL algo for encryption (i.e. no encryption) and SHA1 algo for integrity will be used.
Also, note that encryption without integrity protection is not very useful as an attacker can tamper with the data and the receiver won't be able to discover it. You may have to use application level checks to discover tampering and this is not foolproof.
IPSec also gives you protection against replay attacks: an attacker will not be able to capture the packets and replay them back later in an attempt to impersonate the sender.
So, use integrity protection alone (if the data is not sensitive) or integrity plus encryption.
于 2010-10-24T14:47:35.647 回答