摘要
在网络安全威胁日趋严峻、安全防御手段日益复杂的情况下,零信任网络能够对传统边界安全架构进行全新的评估和审视。零信任强调不要永远信任,而且要持续验证,而零信任网络不以位置标识身份,所有访问控制严格执行最小权限,所有访问过程被实时跟踪和动态评估。首先,给出了零信任网络的基本定义,指出了传统边界安全暴露出的主要问题,并描述了零信任网络模型;其次,分析了软件定义边界(SDP)、身份和访问管理、微隔离、自动配置管理系统(ACMS)等零信任网络中的关键技术;最后,对零信任网络进行了总结,并展望未来发展。
With increasingly severe network security threats and increasingly complex security defense means,zero trust network is a new evaluation and review of traditional boundary security architecture.Zero trust emphasizes never always trusting anything and verifying things continuously.Zero trust network emphasizes that the identity is not identified by location,all access controls strictly execute minimum permissions,and all access processes are tracked in real time and evaluated dynamically.Firstly,the basic definition of zero trust network was given,the main problems of traditional perimeter security were pointed out,and the zero trust network model was described.Secondly,the key technologies of zero trust network,such as Software Defined Perimeter(SDP),identity and access management,micro segmentation and Automated Configuration Management System(ACMS),were analyzed.Finally,zero trust network was summarized and its future development was prospected.
作者
王群
袁泉
李馥娟
夏玲玲
WANG Qun;YUAN Quan;LI Fujuan;XIA Lingling(Department of Computer Information and Cybersecurity,Jiangsu Police Institute,Nanjing Jiangsu 210031,China;Library and Information Center,China Pharmaceutical University,Nanjing Jiangsu 210009,China)
出处
《计算机应用》
CSCD
北大核心
2023年第4期1142-1150,共9页
journal of Computer Applications
基金
国家自然科学基金资助项目(61802155)
江苏省高校自然科学研究重大项目(20KJA520004)
江苏省高校优秀科技创新团队
公安技术、网络空间安全“十四五”江苏省重点学科
江苏省社会科学基金资助项目(21MLD012)。
关键词
零信任
网络安全
安全模型
自动化系统
微隔离
zero trust
network security
security model
automatic system
micro segmentation
