Network system for realizing integrated security services

Abstract

The invention discloses a network system for realizing integrated security services, which comprises the classification separation of data transmission, the security, confidentiality and the QoS (quality of service) guarantee of application services, the integrated security protection of the network system and network management. The network system has the advantage of integrated design of the data transmission, the security protection and application services, thereby constructing a high-efficient security network platform with the QoS guarantee capable of bearing various types of services. Integrated network security is to apply security protective measures in all aspects of network communication and make the security protective measures mutually cooperate and support to guarantee security performance and communication efficiency; and the integrated network services support integrated services such as voice, video, data and the like and guarantee security and QoS of various types of services.

Description

technical field [0001] The invention relates to a network system for realizing integrated security service. Background technique [0002] With the continuous development and evolution of the information society, people's communication needs have developed from a single voice or data communication to interactive multimedia information communication, and the network system has changed from an independent system with separate services to an integrated network with unified services for voice, video and data. develop. In recent years, IP technology has developed rapidly, and the construction of an integrated network with IP technology as the core has gained the consensus of the industry. However, issues such as security and QoS of common IP networks restrict the rapid development of integrated networks. [0003] The following security problems exist in the IP network: the original intention of the IP protocol design is to follow the principles of openness and equality, and ther...

AI Technical Summary

Problems solved by technology

However, issues such as security and QoS of general IP networks restrict the rapid development of integrated networks

[0003] The following security problems exist in the IP network: the original intention of the IP protocol design is to follow the principles of openness and equality, and there are not too many considerations in network security, so that there are many security risks in the current IP protocol architecture

[0004] 2) There is no distinction between user IP address and network IP address

Make it possible for user terminals to attack network devices

[0005] 3) Users freely access the network, and there is no effective source address verification

User terminals can forge source addresses to launch traffic impact or spoofing attacks on the network, but cannot be traced

[0006] 4) User business lacks control and cannot be supervised, leading to out-of-control and flooding of illegal applications

[0007] 5) IP packets are transmitted in plain text, and the information is easily eavesdropped, tampered with, counterfeited, and the IP header has complete source and destination address information, which is easily used and analyzed illegally

This security protection system built by superimposition improves the security and confidentiality performance of the network and business to a certain extent, but there are also some problems: limited network performance: superimposed security and confidentiality devices generate additional transmission and management overhead in the network, Occupies part of the bandwidth resources, increases the forwarding delay of business data, and has a great impact on communication performance; and compared with network switching equipment, the packet forwarding rate of security equipment is generally lower, and lacks a corresponding queue scheduling mechanism, making network switching The forwarding performance cannot be fully utilized, and communication bottlenecks are likely to occur, and it is difficult to guarantee the QoS of the business

However, there are still some problems to be solved in this architecture system: 1) QoS problem at the bearer layer: For IPQoS technology itself, InterServ and DiffServ service models provide technical support for QoS at different levels

However, the current IP network is still dominated by data services. Due to the large scale, different systems, and different standards, it is difficult to effectively implement various QoS technologies in the IP network, and cannot exert its designed performance. Therefore, real-time services such as voice and video Never get satisfactory QoS performance

In addition, the NGN control layer lacks necessary and unified control over the bearer layer, which makes the QoS provided by different bearer networks inconsistent

[0013] 2) Security issues: NGN mainly uses the IP network as the bearer network, and there are inherent security issues in the IP network, especially the security of the control layer has a greater impact on communication services

The security measures involved in the current NGN architecture are far from enough, and it is necessary to solve the security problem of the control layer from the system

[0014] 3) End-to-end connection problem: the integration of multiple services enables different terminals to access the network

[0015] 4) Network interconnection and intercommunication: due to the continuous development of NGN technology itself, the protocol itself also needs to be continuously improved and supplemented according to business needs

At present, the protocols with the same or similar functions have not been unified, and the compatibility between the protocols makes the interconnection and intercommunication of the network still have defects.