A Zero Trust Network Research Based on Overlay Technology

doi:10.3969/j.issn.1671-1122.2020.10.011

Netinfo Security ›› 2020, Vol. 20 ›› Issue (10): 83-91.doi: 10.3969/j.issn.1671-1122.2020.10.011

Previous Articles Next Articles

A Zero Trust Network Research Based on Overlay Technology

LIU Yuan¹(), SUN Chen², ZHANG Yanling³

1. China Petrochemical Corporation, Beijing 100728, China
2. Petro-cyber Works Information Technology Co., Ltd., Beijing 100007, China
3. MPS Information Classified Security Protection Evaluation Center,Beijing 100142, China

Received:2020-07-09 Online:2020-10-10 Published:2020-11-25
Contact: LIU Yuan E-mail:liuyuan@sinopec.com

Abstract

Abstract:

With the rapid development of cloud computing, mobile Internet, Internet of things, and 5G technology, enterprises have accelerated the digital transformation and the evolution of the IT environment. The traditional boundary network architecture and boundary security defense model are designed for the declining traditional business architecture, which can’t meet the dynamic security access requirements of digital services. Enterprises need to actively adjust the network security architecture to meet the security needs under the new network architecture. Based on the research goal of constructing the security defense model under the framework of borderless network and coupled with the combination of practical experience, this paper uses overlay network technology and zero trust security model and puts forward a method to build a new generation of information infrastructure in enterprises, which has universal reference significance.

Key words: zero trust, overlay network, unbounded network

CLC Number:

TP309

LIU Yuan, SUN Chen, ZHANG Yanling. A Zero Trust Network Research Based on Overlay Technology[J]. Netinfo Security, 2020, 20(10): 83-91.

Figures/Tables 4

References 11

[1]	CSA SDP Working Group. Software-defined Perimeter Architecture Guide[EB/OL]. https://cloudsecurityalliance.org/artifacts/sdp-architecture-guide-v2, 2019-5-7.
[2]	KINDERVAG John. Forrester Build Security into Your Network’s DNA: The Zero Trust Network Architecture[EB/OL]. https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf, 2010-11-10.
[3]	NIST. Zero Trust Architecture. [EB/OL]. https://csrc.nist.gov/publications/detail/sp/800-207/archive, 2019-9-23.
[4]	KURT DelBene, MILO Medin, RICHARD Murray. DIB_Zero_Trust_White_Paper[EB/OL]. https://media.defense.gov/2019/Jul/09/2002155219/-1/-1/0/DIB_THE_ROAD_TO_ZERO_TRUST_(SECURITY)_07.08.2019.PDF, 2019-9-8.
[5]	EVAN Gilman, DOUG Barth. Zero Trust Networks[M]. USA, California: O’Reilly Media, Inc., 2017.
[6]	Google. BeyondCorp Research Papers[EB/OL]. https://cloud.google.com/beyondcorp/#researchPapers, 2020-5-20.
[7]	MALLIK M, DINESH D, KENNETH D, et al. Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks[EB/OL]. https://datatracker.ietf.org/doc/rfc7348, 2014-8-26.
[8]	WANG Yuchen. Using Untrusted Infrastructure to Construct Trusted Network Based on Overlay Technology [C]// China Computer Federation. The Paper Collection of The 19th National Conference on Information Security(IS2009), September 14-18, 2009, Dunhuang, China. Beijing: Wanfangdata, 2014: 21-28.
[9]	Jansen, David. Building Data Centers with Vxlan Evpn[M]. USA, New Jersey, Cisco Press, 2017.
[10]	THOMAS D. Nadeau, KEN G. SDN: Software Defined Networks[M]. USA, California: O’Reilly Media, Inc., 2013.
[11]	ZHU Changbo, WANG Guangquan. SDN/NFV Reconstruct Next Generation Network[M]. Beijing: The Posts and Telecommunications Press, 2019.
	朱常波, 王光全. SDN/NFV重构下一代网络[M]. 北京: 人民邮电出版社, 2019.

A Zero Trust Network Research Based on Overlay Technology

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 11

Related Articles 1

Recommended Articles

Metrics

Comments