基于Overlay技术的零信任网络研究

doi:10.3969/j.issn.1671-1122.2020.10.011

信息网络安全 ›› 2020, Vol. 20 ›› Issue (10): 83-91.doi: 10.3969/j.issn.1671-1122.2020.10.011

基于Overlay技术的零信任网络研究

刘远¹(), 孙晨², 张嫣玲³

1.中国石油化工集团有限公司,北京 100728
2.石化盈科信息技术有限责任公司,北京 100007
3.公安部信息安全等级保护评估中心,北京 100142

收稿日期:2020-07-09 出版日期:2020-10-10 发布日期:2020-11-25
通讯作者: 刘远 E-mail:liuyuan@sinopec.com
作者简介:刘远（1979—）,男,北京,高级工程师,硕士,主要研究方向为网络安全管理、网络安全体系规划、网络攻防技术研究|孙晨（1983—）,男,北京,硕士,主要研究方向为网络安全架构设计、网络攻击与防范|张嫣玲（1981—）,女,北京,硕士,主要研究方向为信息安全等级保护
基金资助:
国家重点研发计划(2018YFB0803503)

A Zero Trust Network Research Based on Overlay Technology

LIU Yuan¹(), SUN Chen², ZHANG Yanling³

1. China Petrochemical Corporation, Beijing 100728, China
2. Petro-cyber Works Information Technology Co., Ltd., Beijing 100007, China
3. MPS Information Classified Security Protection Evaluation Center,Beijing 100142, China

Received:2020-07-09 Online:2020-10-10 Published:2020-11-25
Contact: LIU Yuan E-mail:liuyuan@sinopec.com

摘要/Abstract

摘要：

随着云计算、移动互联网、物联网和5G技术的飞速发展,企业加快了数字化转型和IT环境的演变。传统边界网络架构以及边界安全防御模型是针对日渐势微的传统业务架构设计的,无法满足当下数字业务的动态安全访问需求。企业需要积极的调整网络安全架构,以应对在新型网络架构下的安全需求。文章以构建无边界网络架构下的安全防御模型为研究目标,运用了Overlay网络技术和零信任安全模型,并结合实践经验,提出了一种建设企业新一代信息基础设施的方法,具有普遍参考意义。

关键词: 零信任, Overlay网络, 无边界网络

Abstract:

With the rapid development of cloud computing, mobile Internet, Internet of things, and 5G technology, enterprises have accelerated the digital transformation and the evolution of the IT environment. The traditional boundary network architecture and boundary security defense model are designed for the declining traditional business architecture, which can’t meet the dynamic security access requirements of digital services. Enterprises need to actively adjust the network security architecture to meet the security needs under the new network architecture. Based on the research goal of constructing the security defense model under the framework of borderless network and coupled with the combination of practical experience, this paper uses overlay network technology and zero trust security model and puts forward a method to build a new generation of information infrastructure in enterprises, which has universal reference significance.

Key words: zero trust, overlay network, unbounded network

中图分类号:

TP309

刘远, 孙晨, 张嫣玲. 基于Overlay技术的零信任网络研究[J]. 信息网络安全, 2020, 20(10): 83-91.

LIU Yuan, SUN Chen, ZHANG Yanling. A Zero Trust Network Research Based on Overlay Technology[J]. Netinfo Security, 2020, 20(10): 83-91.

图/表 4

参考文献 11

[1]	CSA SDP Working Group. Software-defined Perimeter Architecture Guide[EB/OL]. https://cloudsecurityalliance.org/artifacts/sdp-architecture-guide-v2, 2019-5-7.
[2]	KINDERVAG John. Forrester Build Security into Your Network’s DNA: The Zero Trust Network Architecture[EB/OL]. https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf, 2010-11-10.
[3]	NIST. Zero Trust Architecture. [EB/OL]. https://csrc.nist.gov/publications/detail/sp/800-207/archive, 2019-9-23.
[4]	KURT DelBene, MILO Medin, RICHARD Murray. DIB_Zero_Trust_White_Paper[EB/OL]. https://media.defense.gov/2019/Jul/09/2002155219/-1/-1/0/DIB_THE_ROAD_TO_ZERO_TRUST_(SECURITY)_07.08.2019.PDF, 2019-9-8.
[5]	EVAN Gilman, DOUG Barth. Zero Trust Networks[M]. USA, California: O’Reilly Media, Inc., 2017.
[6]	Google. BeyondCorp Research Papers[EB/OL]. https://cloud.google.com/beyondcorp/#researchPapers, 2020-5-20.
[7]	MALLIK M, DINESH D, KENNETH D, et al. Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks[EB/OL]. https://datatracker.ietf.org/doc/rfc7348, 2014-8-26.
[8]	WANG Yuchen. Using Untrusted Infrastructure to Construct Trusted Network Based on Overlay Technology [C]// China Computer Federation. The Paper Collection of The 19th National Conference on Information Security(IS2009), September 14-18, 2009, Dunhuang, China. Beijing: Wanfangdata, 2014: 21-28.
[9]	Jansen, David. Building Data Centers with Vxlan Evpn[M]. USA, New Jersey, Cisco Press, 2017.
[10]	THOMAS D. Nadeau, KEN G. SDN: Software Defined Networks[M]. USA, California: O’Reilly Media, Inc., 2013.
[11]	ZHU Changbo, WANG Guangquan. SDN/NFV Reconstruct Next Generation Network[M]. Beijing: The Posts and Telecommunications Press, 2019.
	朱常波, 王光全. SDN/NFV重构下一代网络[M]. 北京: 人民邮电出版社, 2019.

基于Overlay技术的零信任网络研究

A Zero Trust Network Research Based on Overlay Technology

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 11

相关文章 1

编辑推荐

Metrics

本文评价