H3C SecPath F1800-A Operation Manual page 11

Operation Manual - Getting Started
H3C SecPath F1800-A Firewall
It provides the end-to-end security from this application on a host to that application
on another host across the network. Application layer security mechanism depends
on the specific application, and its security protocol is a supplement of the application
protocol. Therefore, general application layer security protocol does not exist.
For example, the Secure Shell (SSH) protocol can:
Establish secure remote login session;
Connect other TCP applications through channels.
2) Transport layer security
It provides a process-to-process security service on a host or multiple hosts.
Transport layer security mechanism is based on the security of Inter-Process
Communication (IPC) interface and applications.
Providing security service at transport layer is to strengthen its IPC interface, such as
BSD socket.
Specific process includes:
Authentication of entities at both ends
Exchange of data encryption security keys
Based on this idea, Secure Socket Layer (SSL) is developed on the basis of reliable
transmission service.
SSL v3 includes two protocols:
SSL record protocol
SSL handshake protocol
3) Network layer security
Security provided at network layer, even if the upper layers fail to implement the
security, can also automatically protect the data of the user.
Therefore, IP security is:
The basis of the whole TCP/IP security
The core of the Internet security
At present, the most significant security protocol at transport layer is IP Security
Protocol (IPSec). IPSec is a generic term for a series of network security protocols,
including:
Security protocols
Encryption protocols
IPSec can provide communication parties with services:
Access control
Connectionless integrality
Data source authentication
Anti-replay
Encryption
1-4
Chapter 1 Firewall Overview