基于零信任理念的广播电视网络安全架构设计与应用
Design and Application of Radio and Television Network Security Architecture Based on Zero Trust Concept
桂旭东 1付明远2
作者信息
- 1. 昭通市广播电视安全播出监测中心,云南 657000
- 2. 昭通市广播电视转播台,云南 657000
- 折叠
摘要
在传统范式下,网络边界固定,网络协议存在原生漏洞,严重依赖边界安全设备防护,且执行"先连接后验证",这种传统防护理念与技术架构已不能阻止当下越发高端的网络攻击.本文对传统边界防护理念、技术架构的局限性进行深度分析,同时阐述零信任理念、分析其优势,并设计广电零信任SDP(软件定义边界)技术架构.通过应用零信任SDP架构执行"先验证后连接",能实现细粒度访问控制与动态策略管控,不断缩小信任域与暴露面,隐藏核心资产和设施.该技术架构持续演变进化的免疫力,能有效防御横向纵向流量攻击,能有力应对未来复杂多变的安全威胁.
Abstract
Under the traditional paradigm,network boundaries are fixed,network protocols have native vulnerabilities,heavily rely on border security equipment protection,and the implementation of"connect before verify",these traditional protection concepts and technical architecture can no longer prevent the current increasingly high-end network attacks.This article conducts a deep analysis of the limitations of traditional boundary protection concepts and technical architectures,while elaborating on the zero trust concept,analyzing its advantages,and designing a zero trust SDP(software-defined Boundary)technical architecture for broadcasting and television.By applying the zero-trust SDP architecture to implement"Verify before connect",fine-grained access control and dynamic policy management can be achieved,continuously narrowing the trust domain and exposed surface,and hiding core assets and facilities.The technology architecture continues to evolve and evolve immunity,which can effectively defend against horizontal and vertical traffic attacks and effectively cope with complex and changeable security threats in the future.
关键词
网络安全/零信任/SDP架构/广电系统/架构应用Key words
Network security/Zero trust/SDP architecture/Radio and television system/Architecture application引用本文复制引用
出版年
2024
NETL
NSTL
万方数据