基于零信任架构的校园网安全访问研究

Research on Campus Network Security Access Based on Zero Trust Architecture

随着云计算、物联网、数字化校园等技术的快速发展,校园网的内网和外网边界划分更加模糊化,传统校园网的访问模型存在边界安全风险大、网络管控粗粒度和认证授权不灵活等问题无法满足新需求。提出一种零信任架构下校园网全新的安全访问控制方法,基于信任评估算法对用户身份动态授权策略,默认以最小化授权为基准,实现访问授权的细粒度管控,同时避免内网恶意用户横向攻击其他终端。通过在校园网搭建平台测试,相比传统的网络访问模型所提出的方法在安全性方面有极大的提高。

With the rapid development of technologies such as cloud computing,Internet of Things and digital campus,the boundary division between the internal network and external network of the campus network is more blurred.The access model of the traditional campus network has problems such as high risk of boundary security,coarse-grained network management and control and inflexible authentication and authorization,which can not meet the new needs.A new secure access control method for campus network under zero trust architecture is proposed based on the dynamic authorization strategy of user identity and the trust evaluation algorithm.The default is to minimize authorization,so as to realize fine-grained control of access authorization,and avoid malicious users from attacking other terminals laterally.Compared with the traditional network access model,it has greatly improved the security by building a platform on the campus network.