- 论坛徽章:
- 0
|
HP-UX 11i IPsec
HP-UX 11i IPsec
provides authentication, integrity, and confidentiality of end-to-end
communication ensuring that the data exchange is done in a secure way.
It implements a family of interrelated protocols, including the
Authentication Header (AH), the Encapsulating Security Payload (ESP),
the Internet Key Exchange (IKE), and the Internet Security Association
Key Management Protocol/Oakley (ISAKAMP/Oakley).
AH and ESP define encryption and authentication methods for IP
payloads. IKE and ISAKMP manage the exchange of secret keys,
authenticate the communicating parties, and manage their security
associations (SA). IKE dynamically manages and generates the secret
cryptography keys used to encrypt and authenticate IP packets.
ISAKMP/Oakley allows a receiver to obtain a public key and authenticate
a sender using digital certificates.
IPSec supports two encryption modes: Transport and Tunnel. In
Transport mode, IPSec provides host-to-host security for a host running
IPSec from HP or non-HP vendors. Transport mode encrypts only the data
(payload) of each packet, leaving the header unencrypted. In Tunnel
mode, IPSec implements tunnels to a gateway running IPSec from non-HP
vendors. Tunnel mode encrypts both the header and the payload; the
receiving IPSec-compliant device must decrypt each packet.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/39440/showart_1136450.html |
|