为提高IS⁃IS路由协议安全性,增强抵御恶意网络攻击能力,通过分析IS⁃IS协议的报文格式和工作机理,提出其存在的缺陷性。基于数字证书的身份认证的设计思想,提出在协议对等体认证流程和协议报文两方面对IS⁃IS协议进行安全扩展的方法,设计了安全IS⁃IS协议软件。通过试验证明了所提出的安全扩展方法可有效提高IS⁃IS协议的安全性。%To improve the security of the IS⁃IS routing protocol and increase the defensive ability against network attacks, the defects of the IS⁃IS routing protocol are discussed by analyzing the protocol packets and mechanisms. This paper proposes a security extension method of IS⁃IS protocol on the authentication process between protocol peers and the definition of the protocol packet,and designs secure IS⁃IS protocol software.The experiment results show that the proposed security extension method can effectively improve the security of IS⁃IS protocol.
展开▼
