摘要
在了解国际上成熟的零信任构架、相关方案及国内零信任网络安全研究的基础上,概述零信任网络基本构架,分析新疆地震行业网络构架和网络安全防护现状,将“零信任”理念引入新疆地震行业网。在尽可能不改变现有网络构架的基础上,建立新疆地震行业网网络数字身份库,根据业务需求,赋予数字身份最小访问权限;在业务访问时对身份权限实施持续的权限验证、安全评估,不再根据资源所处的网络位置决定其安全与否,由此设计出新疆地震行业网零信任网络安全模型。
Based on the understanding of international mature Zero-Trust architecture,related programs and domestic Zero-Trust network security research,this study outlines the basic architecture of Zero-Trust network.It analyzes the network architecture and current situation of network security protection in the Xinjiang earthquake industry,introducing the concept of“Zero-Trust”into the Xinjiang seismic industry network.Without significantly altering the existing network architecture,a digital identity library of Xinjiang seismic industry network is established,and the digital identity is given the minimum access privileges according to the business requirements.During the business access,the identity privileges are subjected to continuous privilege verification and security assessment,and the security of the resources is no longer determined according to the location of the network,so as to design the Zero-Trust network security model of Xinjiang seismic industry network.
作者
王范霞
朱翔国
马睿
刘东亚
WANG Fanxia;ZHU Xiangguo;MA Rui;LIU Dongya(Earthquake Agency of Xinjiang Uygur Autonomous Region,Urumqi 830011,China)
出处
《地震地磁观测与研究》
2024年第1期153-159,共7页
Seismological and Geomagnetic Observation and Research
基金
中国地震局信息青年重点任务项目(项目编号:CEAITNS202312)。
关键词
零信任
网络安全
新疆地震行业网
Zero-Trust
network security
Xinjiang seismic industry network
