在了解国际上成熟的零信任构架、相关方案及国内零信任网络安全研究的基础上,概述零信任网络基本构架,分析新疆地震行业网络构架和网络安全防护现状,将“零信任”理念引入新疆地震行业网。在尽可能不改变现有网络构架的基础上,建立新疆地震行业网网络数字身份库,根据业务需求,赋予数字身份最小访问权限;在业务访问时对身份权限实施持续的权限验证、安全评估,不再根据资源所处的网络位置决定其安全与否,由此设计出新疆地震行业网零信任网络安全模型。
Based on the understanding of international mature Zero-Trust architecture, related programs and domestic Zero-Trust network security research, this study outlines the basic architecture of Zero-Trust network. It analyzes the network architecture and current situation of network security protection in the Xinjiang earthquake industry, introducing the concept of “Zero-Trust” into the Xinjiang seismic industry network. Without significantly altering the existing network architecture, a digital identity library of Xinjiang seismic industry network is established, and the digital identity is given the minimum access privileges according to the business requirements. During the business access, the identity privileges are subjected to continuous privilege verification and security assessment, and the security of the resources is no longer determined according to the location of the network, so as to design the Zero-Trust network security model of Xinjiang seismic industry network.
2024,45(1): 153-159 收稿日期:2023-07-26
DOI:10.3969/j.issn.1003-3246.2024.01.020
基金项目:中国地震局信息青年重点任务项目(项目编号:CEAITNS202312)
参考文献:
埃文·吉尔曼,道格·巴斯. 零信任网络在不可信网络中构建安全系统[M]. 北京:人民邮电出版社,2022.
陈本峰,李宇航,高巍. 零信任网络安全[M]. 北京:电子工业出版社,2021.
李欢欢. 基于零信任的网络安全模型架构与应用研究[J].科技资讯,2021,19(17):7-9.
马春亮.基于零信任的认证技术研究[D]. 重庆:重庆邮电大学,2022.
张泽洲,王鹏. 零信任与身份安全模型研究[J].保密科学技术,2021,(9):45-52.
诸葛程晨,王群,刘家银,等.零信任网络综述[J].计算机工程与应用,2022,58(11):12-29.
