基于零信任SDP的新一代用戶安全訪問控制系統(tǒng)設(shè)計(jì)

打開文本圖片集

摘要：零信任是當(dāng)今最領(lǐng)先的安全架構(gòu)，通過構(gòu)建以身份為中心及軟件定義網(wǎng)絡(luò)（SDN）架構(gòu)實(shí)現(xiàn)對(duì)核心資產(chǎn)的網(wǎng)絡(luò)隱身、動(dòng)態(tài)授權(quán)訪問、網(wǎng)絡(luò)最小化隔離，可以抵御各種網(wǎng)絡(luò)攻擊，對(duì)提升網(wǎng)絡(luò)整體安全防御能力具有重要意義。文章設(shè)計(jì)了一種基于SDP的新一代用戶安全訪問控制系統(tǒng)，可進(jìn)一步提升網(wǎng)絡(luò)的整體安全性。

關(guān)鍵詞：零信任;SDP;安全邊界;網(wǎng)絡(luò)隱身;APT

doi：10.3969/J.ISSN.1672-7274.2022.06.018

中圖分類號(hào)：TP 309.2;TP 311.13                 文獻(xiàn)標(biāo)示碼：A                文章編碼：1672-7274（2022）06-00-03

Design of New Generation User Security Access Control System Based

on Zero Trust SDP

JIANG Yakun， LI Xiaogeng， LIM Xu

（Yunnan power dispatching control center， Kunming 650000，China）

Abstract： Zero trust is the most advanced security architecture today. By building an identity centered and software defined SDN architecture to realize network stealth， dynamic authorized access and network minimization isolation of core assets， it can resist various network attacks and is of great significance to improve the overall security defense ability of the network. This paper designs a new generation of user security access control system based on SDP， which can further improve the overall security of the network.

Key words： zero trust; SDP; safety boundary; network stealth; APT

用戶在從外部互聯(lián)網(wǎng)訪問企業(yè)內(nèi)部信息系統(tǒng)時(shí)，主要通過虛擬專用網(wǎng)絡(luò)（VPN）設(shè)備實(shí)現(xiàn)用戶身份認(rèn)證、數(shù)據(jù)加密等網(wǎng)絡(luò)安全控制，VPN已在各行業(yè)大量使用。（剩余4118字）