摘要
本文介绍了国内外零信任安全新型网络安全架构研究与应用情况,重点阐述了典型工业企业IPv6安全自组织网络解决方案的技术架构、产品组成、部署实施路径以及方案的应用成效。IPv6安全自组织网络贯彻“零信任安全”理念,基于自主研发的IPv6密码标识体系,系统性整合零信任网络访问(ZTNA)、软件定义边界(SDP)、网络微隔离(MSG)技术,实现双向鉴权、加密通信、端一端防护的Overlay网络架构。IPv6安全自组织网络采用以“用户为中心”的模式,构建安全、私密、易于管理的覆盖网络(Overlay),可在当前及未来的泛在网络环境中,形成跨越几乎任何设备、网络或环境的专属互联网络,可为工业行业构建IT/OT融合网络创新安全范式,提供一体化安全与组网解决方案,解决工业企业网络管理和运营中的多个关键问题。
This paper introduces the research and application of zero-trust security new network security architecture at home and abroad,and focuses on the technical architecture,product composition,deployment and implementation path and the application effect of the typical IPv6 security Ad-Hoc network solution for industrial enterprises.The IPv6 security Ad-Hoc network implements the concept of"zero-trust security"and systematically integrates zero-trust network access(ZTNA),software-defined boundary(SDP),and network micro-isolation(MSG)technologies based on the self-developed IPv6 cryptographic identity system,which is an overlay network architecture that implements bidirectional authentication,encrypted communication,and end-to-end protection.IPv6 security Ad-Hoc network adopts the"user-centered"mode to build a secure,private,and easy-to-manage overlay network,which can form an exclusive Internet network spanning almost any device,network or environment in the current and future ubiquitous network environment,and can build an innovative security paradigm of IT/OT converged network for industrial industries,and provides integrated security and networking solutions to address multiple critical issues in network management and operation of industrial enterprises.
作者
蒋驰
李国风
马帅
Jiang Chi;Li Guofeng;Ma Shuai(Mingyang Industrial Technology Research Institute(Shenyang)Co.,Ltd.,Shengyang Liaoning,110000)
出处
《工业信息安全》
2024年第1期41-51,共11页
Industry Information Security
关键词
工业企业
零信任网络
IPv6安全自组织网络
新型企业网络架构
解决方案
Industrial Enterprises
Zero Trust Network
IPv6 Security Ad-Hoc Network
New Enterprise Network Architecture
The Solution
