Secure Socket Layer (SSL) Secure Shell Protocol (SSH), . IETF (Transport Layer Security TLS). (S-HTTP) web-. SOCKS , / TCP UDP . IP (IPSec) ( IP). X.509 , . . .509 (PKI).
SSL
SSL , Netscape. SSL ( Hypertext Transfer Protocol [HTTP], Telnet, Network News Transfer Protocol [NNTP] File Transfer Protocol [FTP]) TCP/IP. , , ( ) TCP/IP. SSL W3 (W3C) Web- .
SSL , . . , (, TCP), SSL Record Protocol. SSL Record Protocol . , SSL Handshake Protocol, , . SSL , . SSL. SSL , :
. . (, DES).
(, RSA, DSS).
. (MAC). MAC - (SHA, MD5).
|
|
SSL HTTP. SSL, .
SSH
Secure Shell (SSH) . , TCP/IP. SSH , . SSH . , (, DNSSEC, [SPKI], X.509).
SSH :
- (SSH-TRANS) , . . TCP, .
- (SSH-USERAUTH) . .
- (SSH-CONN), . .
IDEA ( DES , DES, RC4-128, Blowfish). RSA, , , ( ). RSA, RSA. () IP ; DNS . , RSA .
. , . . , , .
, . , , .
:
- , . . , , .
- . CA , .
, , . SSL , TCP SSL , TCP , .
|
|
S-HTTP
S-HTTP , HTTP. HTTP HTTP. ( , ). HTTP.
S-HTTP . , S-HTTP, S-HTTP , S-HTTP, S-HTTP . S-HTTP ( ), . S-HTTP , .
S-HTTP (end-to-end) , HTTP, , , . , ( ). , , .
S-HTTP , . , (, , , , ; ), , (RSA DSS , DES ..), . S-HTTP .
SOCKS
SOCKS , / TCP UDP . , . SOCKS : (, Telnet Netscape) (-) .
SOCKS 4 /, TCP, Telnet, FTP , HTTP, Wide Area Information Server (WAIS) GOPHER. SOCKS 5, RFC 1928, SOCKS. UDP, , , , IP v6.
IP, . SOCKS V.5, TCP UDP. , UDP SOCKS V.5 ( , ), : UDP UDP.
|
|
SOCKS . - SOCKS ( ), ( 1080/). SOCKS , . SOCKS , .
SOCKS , - SOCKS ( SOCKS- ). (Telnet, FTP, finger, whois) SOCKS-, SOCKS .
IPSec
IP (IPSec) , IP. IPSec , RFC.
IPsec IPv4 IPv6. , , , replay- ( ), () . IP, IP / .
IPsec : . , IP , . anti-reply , IP .
IPsec IP-, , , , . IPsec , .
IPsec
IPsec Authentication Header (AH) Encapsulating Security Payload (ESP).
- Authentication Header (AH) , anti-replay .
- Encapsulating Security Payload (ESP) () . ESP , anti-replay . . ESP.
IPv4 IPv6. : .
|
|
IPsec , . , , . IPsec :
- .
- .
- , .
IPSec , . (Internet Security Association Key Management Protocol ISAKMP) . , , .
Oakley Key Determination Protocol -, . Oakley . . , , , . , , .
ISAKMP Oakley IKE Internet Key Exchange. IKE, ISAKMP Oakley, ISAKMP Oakley. ( ) , , , , . , , (VPN) , , ( IP), .
IPSec IP , , ( ) . , , , , . (SA), . (Security Association SA) IPsec. SA :
;
;
;
.
SA , . SA AH ESP. , AH ESP, SA. SA ( ).
SA , Security Parameter Index (SPI), IP Destination Address ( ) (AH ESP). , (broadcast) (multicast) . SA SA. , SA point-to-point , point-to-multipoint.
SA: . SA . IPv4 IP ( UDP). ESP SA , IP-. AH IP-.
|
|
SA . , SA . SA , , SA . , , , SNMP-, , . .
B SA IP , IPsec, IP , . IP IP . AH , IP , IP , .. , . ESP, , IP-.
:
- , , .
- . , , , , .
: (SPD) (SAD). , IP . , . , IPsec, .
(SPD)
SPD ( ), -IPsec . , SPD . , SPD ( ). , SPD IPsec-.
SPD , IPsec, , IPsec . : , IPsec IPsec. , , . , IPsec . , IPsec SPD , , ..
IPsec , SPD. SPD , . , , , . SPD , . * .
SPD . , IP , . SA. , , , , , IPsec. IPsec, SA ( SA), , , . , , ESP , 3DES-CBC IV, AH /SHA-1.
(SAD)
IPsec , , SA. , SA SAD. SPD. SAD IP , IPsec SPI.
SA , SA, . , , . SA ISAKMP. , SA . 1 ISAKMP, , , .
.1. SA ISAKMP.
SA , , . , -, MD5 128- . -, , 2.
, IP , . , , -, SA, -. 3, , . , ( ).
.2. IP.
.3. .
, SA , , , . . ESP , : , 4 5.
.4. ESP.
.5. ESP.
IP, IP ESP. , IP . DES ().
IPSec :
, (end-to-end);
(VPN) ;
, , TCP (, UDP);
, , ;
, (, TCP SYN).
.509
, , . PKI. .509 , (). RFC 1422 PKI .509, , (). .509 3 (CRL) 2.
, , ( ), . , , . . , . , , - . PKI. .509 v3 (.6).
.6. X.509 v3.
: , . , , , , ( ). , , . , . -. , -, . (.7).
.7. X.509 v3.
, . , . , (, , ), . .
CRL . . CRL . - (, ), , CRL, , . , CRL. CRL (, , ). CRL. .
8 .
.8. .
/ . .509 v3. , . , 1 2 , :
1. 1 2.
2. 2, .
3. 1 2.
4. 2 1.
5. 1, .
6. 2 1.
, , . -, , , .
(Virtual Private Dialup Networks VPDN) , . , . . : (Layer 2 Forwarding L2F), (Point-to-Point Tunneling Protocol ) (Layer 2 Tunneling Protocol L2TP).
L2F
(Layer 2 Forwarding L2F) Cisco Systems. ( High-Level Data Link Control [HDLC], async HDLC Serial Line Internet Protocol [SLIP]) , , IP. , , , , (SLIP, PPP), . , IP, IPX AppleTalk SLIP/PPP . , . , , , IP, .
Point-to-Point Tunneling Protocol () Microsoft. , . /, , NAS, (VPN). (PNS) , , (), . , (PSTN) ISDN . (GRE) , . IPSec.
L2TP
L2F . Cisco Microsoft ( IETF) , (Layer 2 Tunneling Protocol L2TP).