IPSec in the TCP / IP protocol stack bottom. This layer consists of security policies on each machine and sending, the receiving party to provide security association negotiated a load of IP encryption mechanism. In addition, ESP can also provide data validation and data integrity services; therefore can be used in the IPSec ESP header packet header replacement AH. For the realization of a dedicated or public IP network security transmission, IPSec tunnel mode encapsulation and safe way to use the entire IP packet encryption. Then again, the load on the encrypted IP header encapsulated in clear text within the network to tunnel through the server. Tunnel server for processing received packets, in remove the clear IP header, decrypts the content after the initial load by the IP packet. After a normal IP packet load processed in the target network is routed to the destination.
Most of vulnerabilities discovered in 2008 and network applications, of which no more than 74% of the vulnerabilities patched. Therefore, in early 2008, large-scale automated SQL injection vulnerability occurs is still not diminished. The summer of 2008 began to SQL injection attacks, attacks on the end of 2008 the number soared to 30 times. Peter tells us: "The 2008 launch remote attacks exploit the behavior of more than 90%." He also stressed that operating system is not critical security vulnerabilities, really big hit in the network application, "the operating system is web1.0 the safety of the times, and in the cloud computing environment, the key issue in network applications. "