摘要
传统的办公系统以系统为中心,网络划分为内网和外网,用户分为内部用户和外部用户,通常在内、外网边界构建隔离认证区进行认证与控制,保障网络通信和办公业务访问安全。但随着移动办公、云计算等技术的广泛采用,应用方式向移动化转变,用户向外延伸,数据向云上迁移,导致网络、用户再无内、外之分,以网络边界防护的安全架构已不再适用。以用户为中心、先认证后连接、动态授权和加密传输的零信任网络架构,可有效解决现有办公系统的安全防护短板。
Existing office systems are system-centric.Networks are divided into intranets and extranets,and users are divided into internal users and external users.Usually,isolated authentication zones are built at the boundaries of the intranets and extranets for authentication and control to ensure the security of network communication and office business access.However,with the widespread adoption of mobile office,cloud computing and other technologies,the application mode begins to shift to mobility,the user to the outside,the data to the cloud migration,resulting in the networks,the users are no longer have internal or external distinction,and the security architecture that realizes protection at the network boundary is no longer applicable.The zero trust network architecture with user-centricity,authentication before connection,dynamic authorization and encrypted transmission can effectively solve the security protection shortfalls of the existing office system.
作者
曾勇
马睿
汪超
王营杰
夏海斌
虞江
ZENG Yong;MA Rui;WANG Chao;WANG Yingjie;XIA Haibin;YU Jiang(CETC Cyberspace Security Technology Co.,Ltd.,Chengdu Sichuan 610041,China;The PLA Joint Logistic Support Force,Wuhan Hubei 430010,China;Unit 93501 of PLA,Beijing 100061,China)
出处
《通信技术》
2023年第7期882-888,共7页
Communications Technology
关键词
零信任
边界防护
身份认证
动态授权
访问控制策略
zero trust
border protection
identity authentication
dynamic authorization
access control policy
