零信任架构在高速公路机电网络安全管理中的应用研究

Research on the Application of Zero Trust Architecture in Expressway Mechanical and Electrical Network Security Management

针对高速公路网络安全面临的问题,在传统网络安全防护机制下,面对裸奔访问公有云服务等潜在危险时显得无力应对,网络环境中用户、设备、应用以及IT资源之间的连接被暴露在高风险环境中。传统网络环境并没有做到权限最小化原则,一旦黑客攻入内网,或恶意破坏,就可以对内网中进行大肆攻击和破坏。零信任架构的网络安全防护是以“永不信任,始终验证”原则,提倡以身份为边界作为权限管控的基础。零信任架构采用最小特权访问策略,严格执行访问控制,提升所有网络设备连接之间的可信关系,增加了高速公路的网络安全保障,解决高速公路上终端设备、网络、控制中心、数据云平台之前的网络安全,保证监控系统、收费系统、通信系统的数据及信息安全。

In response to the problems faced by expressway network security,under traditional network security protection mechanisms,it appears powerless to cope with potential risks such as naked running access to public cloud services.The connections among users,devices,applications and IT resources in the network environment are exposed in high-risk environments.The traditional network environment does not achieve the principle of minimizing permissions.Once hackers break into the internal network or maliciously damage it,they can carry out extensive attacks and destruction on the internal network.The network security protection of zero trust architecture is based on the principle of“never trust,always verify”,advocating the use of identity as the boundary for the basis of permission control.The zero trust architecture adopts the least privilege access strategy,strictly implements access control,improves the trusted relationship among all network equipment connections,increases the network security guarantee of the expressway,solves the network security before the terminal equipment,network,control center and data cloud platform on the expressway,and ensures the data and information security of the monitoring system,toll collection system and communication system.