摘要
分析了气象信息网络面临的新形势和存在的问题,设计了一种基于零信任的气象网络安全模型,采用全流量网络数据包认证的方法,解决了模型中零信任服务的主机安全问题以及资源请求全过程的通信安全问题,结合气象网络的实际特点,给出了零信任气象网络的部署方式,并将模型应用在重庆气象业务中的互联网远程访问、互联网/气象专网统一访问和气象云/政务云统一访问等场景,实践证明,该模型提高了气象数据资源的安全性。
The new situation and existing problems of meteorological information network are analyzed,and a meteorological network security model based on zero trust is designed,which adopts the method of full flow network packet authentication.The host security of zero-trust service and the communication security of the whole process of resource request in the model are solved.Combined with the actual characteristics of meteorological network,the deployment mode of zero-trust meteorological network is given.The model is applied to the scenarios of Internet remote access,Internet/meteorological network unified access and meteorological cloud/government cloud unified access in Chongqing meteorological business.The practice shows that the model improves the security of meteorological data resources.
作者
马晋
蒲晓虎
赵思亮
MA Jin;PU Xiaohu;ZHAO Siliang(Key Open Laboratory of Economic Transformation of Climate Resources,China Meteorological Administration,Chongqing Meteorological Information and Technology Support Center,Chongqing 401147,China)
出处
《自动化与仪器仪表》
2023年第7期138-142,共5页
Automation & Instrumentation
关键词
等级保护
零信任
FNPA
网络安全
classified protection
zero trust
full-flow network packet authentication
network security