摘要
目的为企业构建可信、可管、可控、安全的IPv6网络,加强IPv6网络的安全性,尤其是避免IPv6网络中的嗅探威胁.方法通过建立IPv6网络的实验环境,分析传统IPv4网络中的网络嗅探技术,结合IPv6网络协议的特点,重点介绍了来源于IPv6网络中的嗅探威胁,以及这些威胁给实施IPV6网络带来的新挑战.结果提出了在设计基于IPv6协议的互联网络过程中,为避免嗅探威胁应使用伪随机地址和互联网进行通信的预防机制及实施策略.结论给出实施IPv6网络的技术建议.实验证明理想的方法是使用MAC地址扩展的静态地址用于内部通信技术等对IPv6网络的安全控制是有效的.
NGI(Next Generation Internet) based on IPv6 protocol is becoming more and more popularization. As we know, IPv6 protocol suite is the same as vulnerable to a variety of attacks. IPv6 security is in many ways the same as IPv4 security. The basic mechanisms for transporting packets across the network stay mostly unchanged, and the upperlayer protocols that transport the actual application data are mostly unaffected. This paper illustrates sniffing threat against IPv4 and then compares how the threat might influence an IPv6 networks. This is prefaced by a brief overview of current practices around the design of an IPv4 Internet edge network and then followed by a review of how that IPv4 edge network needs to evolve in order to secure the addition of IPv6. As IPv6 security is a large and complex subject, and also, IPv6 network is still at the very beginning stage and has not been fully examined in fact, This paper focus on the security requirements of medium edge networks.
出处
《沈阳建筑大学学报(自然科学版)》
EI
CAS
2006年第5期852-855,共4页
Journal of Shenyang Jianzhu University:Natural Science
基金
国家发展与改革委员会CNGI项目(CNGI-04-15-7A)