摘要
为帮助各类型组织提升网络系统防护能力,分析了零信任思想的本质和零信任网络的功能架构,并分别从网络身份管理、网络身份认证、网络访问授权、传输安全保障、行为安全监控5个方面提出了零信任网络实现要素及方法,最后总结了突破零信任网络实现难点的方法。研究表明,通过在管理投入、业务融合、成本方面进行改进,组织和企业能够有效利用零信任网络,实现网络安全防御能力的实质性提升。
In order to help various types of organizations improve the protection capability of network systems,this paper analyzes the essence of zero-trust idea and the functional architecture of zero-trust network,and puts forward the factors and methods of zero-trust network implementation from five aspects:network identity management,network identity authentication,network access authorization,transmission security assurance,and behavior security monitoring,respectively.Finally,it summarizes the ways to break through the difficulties of implementing zero-trust network.The results indicate that by making improvements in management investment,business convergence,and operational cost,organizations and enterprises can effectively utilize zero-trust network to achieve substantial improvements in cybersecurity defense capabilities.
作者
罗栗
黎臻
陈洋
LUO Li;LI Zhen;CHEN Yang(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2023年第4期509-514,共6页
Communications Technology
基金
国家重点研发计划(2016YFE0206700)。
关键词
网络架构
零信任
网络安全
访问控制
身份认证
network architecture
zero-trust
cybersecurity
access control
identity authentication
