摘要
涉密信息系统普遍存在访问控制粒度粗、知悉范围易扩大等问题。根据保密标准,分级分域访问控制技术对系统内部安全防护至关重要。本文对涉密信息系统分级分域访问控制技术进行研究——综合相关要素,细化安全域和VLAN;部署准入控制系统,实现客户端统一网络准入认证;部署服务器端防火墙,实现访问控制策略精细化管理,满足了标准中关于分级分域访问控制的要求,提高了涉密信息访问控制细粒度,提升了系统整体安全防护能力。
Confidential information systems generally have problems such as coarse granularity of access control and easy expansion of informing scope.According to confidentiality standards,hierarchical and domain-based access control technology is essential for the internal security protection of the system.This paper studies the hierarchical and domain-based access control technology of confidential information systems:integrating relevant elements,detailing security domains and VLAN;deploying the access control system,realizing the unified network access authentication of the client;deploying the server firewall,realizing the refined management of access control strategy,which meets the requirements of the standard on hierarchical and domain-based access control,improves the fine granularity of access control of confidential information,and improves the overall security protection capability of the system.
作者
王博
Wang Bo(Nuclear Power Institute of China,Chengdu 610042,Sichuan Province,China)
出处
《科学与信息化》
2023年第3期70-72,共3页
Technology and Information
关键词
涉密信息系统
网络安全
分级分域
访问控制
confidential information systems
network security
hierarchical and domain-based
access control
