Network system for realizing integrated security services

Abstract

The invention discloses a network system for realizing integrated security services, which comprises the classification separation of data transmission, the security, confidentiality and the QoS (quality of service) guarantee of application services, the integrated security protection of the network system and network management. The network system has the advantage of integrated design of the data transmission, the security protection and application services, thereby constructing a high-efficient security network platform with the QoS guarantee capable of bearing various types of services. Integrated network security is to apply security protective measures in all aspects of network communication and make the security protective measures mutually cooperate and support to guarantee security performance and communication efficiency; and the integrated network services support integrated services such as voice, video, data and the like and guarantee security and QoS of various types of services.

Description

technical field [0001] The invention relates to a network system for realizing integrated security service. Background technique [0002] With the continuous development and evolution of the information society, people's communication needs have developed from a single voice or data communication to interactive multimedia information communication, and the network system has changed from an independent system with separate services to an integrated network with unified services for voice, video and data. develop. In recent years, IP technology has developed rapidly, and the construction of an integrated network with IP technology as the core has gained the consensus of the industry. However, issues such as security and QoS of common IP networks restrict the rapid development of integrated networks. [0003] The following security problems exist in the IP network: the original intention of the IP protocol design is to follow the principles of openness and equality, and ther...

AI Technical Summary

Problems solved by technology

However, issues such as security and QoS of general IP networks restrict the rapid development of integrated networks

[0003] The following security problems exist in the IP network: the original intention of the IP protocol design is to follow the principles of openness and equality, and there are not too many considerations in network security, so that there are many security risks in the current IP protocol architecture

[0004] 2) There is no distinction between user IP address and network IP address

Make it possible for user terminals to attack network devices

[0005] 3) Users freely access the network, and there is no effective source address verification

User terminals can forge source addresses to launch traffic impact or spoofing attacks on the network, but cannot be traced

[0006] 4) User business lacks control and cannot be supervised, leading to out-of-control and flooding of illegal applications

[0007] 5) IP packets are transmitted in plain text, and the information is easily eavesdropped, tampered with, counterfeited, and the IP header has complete source and destination address information, which is easily used and analyzed illegally

This security protection system built by superimposition improves the security and confidentiality performance of the network and business to a certain extent, but there are also some problems: limited network performance: superimposed security and confidentiality devices generate additional transmission and management overhead in the network, Occupies part of the bandwidth resources, increases the forwarding delay of business data, and has a great impact on communication performance; and compared with network switching equipment, the packet forwarding rate of security equipment is generally lower, and lacks a corresponding queue scheduling mechanism, making network switching The forwarding pe