資訊管理學報
羅濟群;莊秉文;邱士哲;
頁: 139-160
日期: 2004/04
摘要: 虛擬私有網路(virtual private network, VPN)的技術核心在於建立資料傳輸通道並利用資料驗證及加密技術在公眾網路做私密性的資料傳輸。藉著虛擬和有網路的應用,企業組織位於不同地理位置的分公司間或與企業夥伴之間,可透過公眾網路進行資料通訊,其有效性與和密性的保障就如同使用數據專線之企業內部網路(intranet)一般。 過去虛擬私有網路技術的發展,多半專注在封包傳送、資料驗證及加密等機制;然而近年來,虛擬私有網路的管理課題也逐漸受到重視。基於企業組織對於虛擬私有網路的安全需求,本研究以虛擬私有網路技術面為出發點,探討在Internet Protocol Security (IPSec)協定為基礎的虛擬私有網路架構下,安全政策在虛擬私有網路系統中的運作與管理模式,並提出以政策管理為基礎的虛擬私有網路整合架構,提供企業組織兼具彈性,又簡化管理複雜性的網路安全管理系統。 為了結合虛擬私有網路系統與企業組織內部的安全控管機制,我們進一步探討企業組織職務角色與虛擬私有網路安全政策之整合控管模式,將原本互相獨立的管理工作,以分散管理但整合應用的精神,使職務角色、政策管理與虛擬私有網路技術相互整合,成為一自動化之安全政策產生機制,進而簡化繁複的控管工作。最後,我們根據本研究所提出的系統架構進行案例與系統可行性分析,以驗證其有效性。
關鍵字: 虛擬私有網路;網路安全;政策管理;
Abstract: The virtual private network (VPN) provides confidentiality and privacy of data transmission by tunneling, data encryption, and data authentication. By using the VPN, an enterprise is able to share information or transmit data securely between its affiliates and business partners. The effectiveness and privacy of VPN are the same as those of the intranet in an enterprise. In the past, the development of VPN is more emphasized on the packet forwarding, data encryption, as well as the data verification. However, the need of management on the virtual private network obtains more attention in recent years. Based on the Internet Protocol Security (IPSec) which is announced by Internet Engineering Task Force (IETF), when the VPN needs to manage multiple levels of transmission security, key management, security policy database, and security association database are very important. This paper discusses the operation and management models of the IPSec-based VPN. The proposed model provides organizations a flexible and effective network security system on the foundation of policy management. We further integrate the VPN management model with the role-based security mechanism, which may be employed in the enterprise. The entire architecture not only satisfies the requirements of VPN, but also improves the efficiency of virtual private network by automating the management of security policy.
Keywords: virtual private network VPN;network security;policy management;
瀏覽次數: 10856 下載次數: 70
引用 導入Endnote
頁: 139-160
日期: 2004/04
摘要: 虛擬私有網路(virtual private network, VPN)的技術核心在於建立資料傳輸通道並利用資料驗證及加密技術在公眾網路做私密性的資料傳輸。藉著虛擬和有網路的應用,企業組織位於不同地理位置的分公司間或與企業夥伴之間,可透過公眾網路進行資料通訊,其有效性與和密性的保障就如同使用數據專線之企業內部網路(intranet)一般。 過去虛擬私有網路技術的發展,多半專注在封包傳送、資料驗證及加密等機制;然而近年來,虛擬私有網路的管理課題也逐漸受到重視。基於企業組織對於虛擬私有網路的安全需求,本研究以虛擬私有網路技術面為出發點,探討在Internet Protocol Security (IPSec)協定為基礎的虛擬私有網路架構下,安全政策在虛擬私有網路系統中的運作與管理模式,並提出以政策管理為基礎的虛擬私有網路整合架構,提供企業組織兼具彈性,又簡化管理複雜性的網路安全管理系統。 為了結合虛擬私有網路系統與企業組織內部的安全控管機制,我們進一步探討企業組織職務角色與虛擬私有網路安全政策之整合控管模式,將原本互相獨立的管理工作,以分散管理但整合應用的精神,使職務角色、政策管理與虛擬私有網路技術相互整合,成為一自動化之安全政策產生機制,進而簡化繁複的控管工作。最後,我們根據本研究所提出的系統架構進行案例與系統可行性分析,以驗證其有效性。
關鍵字: 虛擬私有網路;網路安全;政策管理;
A Policy-based Virtual Private Network Using the Role-based Security Mechanism
Abstract: The virtual private network (VPN) provides confidentiality and privacy of data transmission by tunneling, data encryption, and data authentication. By using the VPN, an enterprise is able to share information or transmit data securely between its affiliates and business partners. The effectiveness and privacy of VPN are the same as those of the intranet in an enterprise. In the past, the development of VPN is more emphasized on the packet forwarding, data encryption, as well as the data verification. However, the need of management on the virtual private network obtains more attention in recent years. Based on the Internet Protocol Security (IPSec) which is announced by Internet Engineering Task Force (IETF), when the VPN needs to manage multiple levels of transmission security, key management, security policy database, and security association database are very important. This paper discusses the operation and management models of the IPSec-based VPN. The proposed model provides organizations a flexible and effective network security system on the foundation of policy management. We further integrate the VPN management model with the role-based security mechanism, which may be employed in the enterprise. The entire architecture not only satisfies the requirements of VPN, but also improves the efficiency of virtual private network by automating the management of security policy.
Keywords: virtual private network VPN;network security;policy management;
瀏覽次數: 10856 下載次數: 70
引用 導入Endnote