实用技巧 利用IPSec来武装NAT服务
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 NAT技术可以通过端口映射或者地址映射,让外部用户能够访问企业内部的应用服务器;也可以把内部计算机隐藏起来,以加强其安全性。无论是哪一种功能,NAT服务器都是通过数据包包头的地址与端口信息
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入
NAT技术可以通过端口映射或者地址映射,让外部用户能够访问企业内部的应用服务器;也可以把内部计算机隐藏起来,以加强其安全性。无论是哪一种功能,NAT服务器都是通过数据包包头的地址与端口信息来实现的。即当数据包从企业内网通过NAT服务器传到互联网的时候,NAT服务器会改变数据包包头中的信息。会把内网的IP地址信息转变为NAT服务器的公网IP地址。
但是,此时如果网络管理员同时想用IPSec技术来加强NAT技术的安全,就会出现问题。因为IPSec机护送会检查数据包的包头信息。如果数据包的包头信息被修改的话,则IPSec会认为这个包被篡改过,而丢弃。也就是说IPSec安全技术是不允许变更数据包的包头。
一、利用IPSec武装NAT服务时可能遇到的问题描述
IPSec技术主要采用AH(传输模式)或者ESP(隧道模式)两种安全措施。传输模式会将所传送的信息签名。这个信息签名主要用来确认收到的信息没有被篡改,由此接收方可以确认信息确实是由索要通信的计算机发送过来的,从而防止欺骗攻击以及传送过程中信息被非法修改。隧道模式同传输模式一样,也会对所需要传送的信息签名。不过他与隧道模式有一个很大的不同,就是隧道模式会对信息进行加密。但是传输模式却不会对信息进行加密处理。但是无论采用哪种方式,IPSec都不允许在传输过程中对包头信息进行更改。
如在传输模式下,IPSec会将整个数据包签名,也就是说在传输过程中若对数据包进行任何的更改,都会影响这个数据包的签名信息。所以如果NAT服务器改变数据包内的IP地址或者端口信息,IPSec服务器就会将认为这个数据包被非法篡改了,而将此数据包视为无效而丢弃掉。
如ESP传输或者隧道模式中,虽然ESP传输模式的原始IP包头或者ESP隧道模式的新建隧道模式还是保留原状,并没有被IPSec技术签名或者加密。但是数据包中的端口信息会被加密,因而NAT服务器无法读取。所以虽然在这种情况下,NAT服务器可以改变在传输模式中的客户端IP地址,或者是隧道模式中的端点计算机的IP地址,但是却无法更改被IPSec技术加密过的端口信息。为此NAT服务器在此时也将无用武之地。
虽然通讯计算机之间存在的所有路由器或交换机等网络设备都会将加密的数据包转发给它们的目的地。但是,如果这个传输路径中有防火墙、安全路由器或代理服务器,就可能不会转发IPSec技术加密过的数据包。此时必须配置这些设备以允许IPSec协议数据包经过。如果IPSec数据包未加密(即采用AH模式,只签名不加密),防火墙或安全路由器仍可以检查端口或数据包中的其他内容。如果这些数据包的内容在发出之后被修改,那么接收计算机就会检测出这种修改并丢弃这些数据包。
[1] [2] [3]
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1385
52
NAT Boost vs. Qos for games; which one is better?
Feb 19, 2024 pm 07:00 PM
In today's situation where almost all games are online, it is not advisable to ignore the optimization of home network. Almost all routers are equipped with NATBoost and QoS features designed to enhance users' gaming experience. This article will explore the definition, advantages and disadvantages of NATBoost and QoS. NATBoost vs. Qos for games; which one is better? NATBoost, also known as Network Address Translation Boost, is a feature built into routers that improves their performance. It's especially important for gaming because it helps reduce network latency, which is the time it takes for data to be transferred between the gaming device and the server. By optimizing the data processing method within the router, NATBoost achieves faster data processing speed and lower latency, thus changing the
Troubleshooting Tomcat 404 Errors: Quick and Practical Tips
Dec 28, 2023 am 08:05 AM
Practical Tips to Quickly Solve Tomcat404 Errors Tomcat is a commonly used JavaWeb application server and is often used when developing and deploying JavaWeb applications. However, sometimes we may encounter a 404 error from Tomcat, which means that Tomcat cannot find the requested resource. This error can be caused by multiple factors, but in this article, we will cover some common solutions and tips to help you resolve Tomcat 404 errors quickly. Check URL path
Solution to Windows 10 Security Center service being disabled
Jul 16, 2023 pm 01:17 PM
The Security Center service is a built-in computer protection function in the win10 system, which can protect computer security in real time. However, some users encounter a situation where the Security Center service is disabled when booting the computer. What should they do? It's very simple. You can open the service panel, find the SecurityCenter item, then right-click to open its properties window, set the startup type to automatic, and then click Start to start the service again. What to do if the Win10 Security Center service is disabled: 1. Press "Win+R" to open the "Operation" window. 2. Then enter the "services.msc" command and press Enter. 3. Then find the "SecurityCenter" item in the right window and double-click it to open its properties window.
How to open Remote Desktop Connection Service using command
Dec 31, 2023 am 10:38 AM
Remote desktop connection has brought convenience to many users' daily lives. Some people want to use commands to connect remotely, which is more convenient to operate. So how to connect? Remote Desktop Connection Service can help you solve this problem by using a command to open it. How to set up the remote desktop connection command: Method 1. Connect remotely by running the command 1. Press "Win+R" to open "Run" and enter mstsc2, then click "Show Options" 3. Enter the IP address and click "Connect". 4. It will show that it is connecting. Method 2: Connect remotely through the command prompt 1. Press "Win+R" to open "Run" and enter cmd2. In the "Command Prompt" enter mstsc/v:192.168.1.250/console
How to use GitLab for project document management
Oct 20, 2023 am 10:40 AM
How to use GitLab for project document management 1. Background introduction In the software development process, project documents are very important information. They can not only help the development team understand the needs and design of the project, but also provide reference to the testing team and customers. In order to facilitate version control and team collaboration of project documents, we can use GitLab for project document management. GitLab is a version control system based on Git. In addition to supporting code management, it can also manage project documents. 2. GitLab environment setup First, I
How to enter safe mode in win7
Dec 26, 2023 pm 06:09 PM
win7 system is a very easy to use system. During the continuous use, many friends are asking how to enter safe mode in win7 system? Today, the editor will bring you a detailed tutorial with pictures and text on how to enter safe mode on a win7 computer. Let’s take a look. Graphical tutorial on how to enter safe mode in Windows 7: Method 1: Use shortcut keys to enter advanced startup items 1. Press the "F8" key repeatedly before booting to the Windows system startup screen, or hold down the "CTRL" key. In this way, we can enter the advanced startup options of the Windows system and choose to enter safe mode. Method 2: Set the boot to enter the advanced startup items 1. If the win7 system can start normally, you can use the Win key + R key combination to open the run box.
How to enable audio service in win7
Jul 10, 2023 pm 05:13 PM
Computers have many system services to support the application of various programs. If the computer has no sound and most audio services are not turned on after troubleshooting hardware problems, how do you enable audio services in win7? Many friends are confused, so for the question of how to enable the audio service in win7, the editor below will introduce how to enable the audio service in win7. How to enable audio service in win7. 1. Find the computer on the computer desktop under Windows 7 system, right-click and select the management option. 2. Find and open the service item under Services and Applications in the computer management interface that opens. Find WindowsAudio on the service interface on the right and double-click to open the modification. 4. Switch to the regular project and click Start to enable the function.
How to enter the bios setting interface on Lenovo desktop
Jul 14, 2023 pm 12:53 PM
Recently, many netizens have asked how to enter the bios of a Lenovo desktop computer and set up a U disk boot. I just bought a desktop computer to install the computer system and found that the prepared U disk boot could not be found. Let's talk to you about how to enter the Lenovo computer bios interface. . 1. First turn on the computer power. When the screen "Lenovo" appears on the computer screen, you will also see the following words "PressF2toSetup" in the lower left corner. At this time, quickly press the "F2" key on the keyboard to enter the BIOS settings. 2. Next, the computer will enter the hardware BIOS setting interface. 3. After we complete the BIOS settings of the computer, we can press "F10" on the keyboard to save the current configuration and exit the BIOS program. 4. Finally
