- 期刊
結合政策管理與職務角色控管機制之虛擬私有網路系統架構
A Policy-based Virtual Private Network Using the Role-based Security Mechanism
摘要
虛擬私有網路(virtual private network, VPN)的技術核心在於建立資料傳輸通道並利用資料驗證及加密技術在公眾網路做私密性的資料傳輸。藉著虛擬和有網路的應用,企業組織位於不同地理位置的分公司間或與企業夥伴之間,可透過公眾網路進行資料通訊,其有效性與和密性的保障就如同使用數據專線之企業內部網路(intranet)一般。 過去虛擬私有網路技術的發展,多半專注在封包傳送、資料驗證及加密等機制;然而近年來,虛擬私有網路的管理課題也逐漸受到重視。基於企業組織對於虛擬私有網路的安全需求,本研究以虛擬私有網路技術面為出發點,探討在Internet Protocol Security (IPSec)協定為基礎的虛擬私有網路架構下,安全政策在虛擬私有網路系統中的運作與管理模式,並提出以政策管理為基礎的虛擬私有網路整合架構,提供企業組織兼具彈性,又簡化管理複雜性的網路安全管理系統。 為了結合虛擬私有網路系統與企業組織內部的安全控管機制,我們進一步探討企業組織職務角色與虛擬私有網路安全政策之整合控管模式,將原本互相獨立的管理工作,以分散管理但整合應用的精神,使職務角色、政策管理與虛擬私有網路技術相互整合,成為一自動化之安全政策產生機制,進而簡化繁複的控管工作。最後,我們根據本研究所提出的系統架構進行案例與系統可行性分析,以驗證其有效性。
並列摘要
The virtual private network (VPN) provides confidentiality and privacy of data transmission by tunneling, data encryption, and data authentication. By using the VPN, an enterprise is able to share information or transmit data securely between its affiliates and business partners. The effectiveness and privacy of VPN are the same as those of the intranet in an enterprise. In the past, the development of VPN is more emphasized on the packet forwarding, data encryption, as well as the data verification. However, the need of management on the virtual private network obtains more attention in recent years. Based on the Internet Protocol Security (IPSec) which is announced by Internet Engineering Task Force (IETF), when the VPN needs to manage multiple levels of transmission security, key management, security policy database, and security association database are very important. This paper discusses the operation and management models of the IPSec-based VPN. The proposed model provides organizations a flexible and effective network security system on the foundation of policy management. We further integrate the VPN management model with the role-based security mechanism, which may be employed in the enterprise. The entire architecture not only satisfies the requirements of VPN, but also improves the efficiency of virtual private network by automating the management of security policy.
參考文獻
被引用紀錄
延伸閱讀
- Lin, Y. M. (2018). 結合虛擬化技術之核心網路服務動態管理 [master's thesis, National Chiao Tung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0030-0205201911102780
- 莊展昇(2009)。基於角色的權限控管至網路資料庫之研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200900389
- 戴豪君(2013)。建構「網路一體、協同參與、主動服務」的電子化政府。政府機關資訊通報,(310),1-10。https://www.airitilibrary.com/Article/Detail?DocID=P20191031001-201308-201911130018-201911130018-1-10
- Wu, W. N. (2013). A research on security analysis of communication protocols [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://doi.org/10.6826/NUTC.2013.00089
- Wen, M., Dong, L., Zheng, Y. F., & Chen, K. F. (2009). Towards Provable Security for Data Transmission Protocols in Sensor Network. Journal of Information Science and Engineering, 25(1), 319-333. https://doi.org/10.6688/JISE.2009.25.1.18