摘要
软件定义边界(Software-Defined-Perimeter,SDP)作为零信任安全的最佳实践落地技术架构,打破了旧式边界防护思维,从传统的以网络为中心转变为以身份为中心进行最小权限访问控制。通过网络隐身技术,不区分内外网,确保只有合法的身份以及设备和网络环境才能接入。在访问过程中,对用户行为持续进行安全等级评估,并对风险行为进行动态控制,在云计算及数字化转型的大趋势下能有效地保护企业的数据资产安全。
SDP(Software-Defined-Perimeter)is the best practice technology architecture for Zero Trust.It breaks the old-style boundary protection thinking,and changes from the traditional network-centric approach to identity-centric access control with least privilege.Through network stealth technology,it does not distinguish between internal and external networks,ensuring that only legal identities,equipment and network environment can be accessed,and during the visit,the security level of user behavior is continuously evaluated,and risk behavior is dynamically controlled.Under the general trend of cloud computing and digital transformation,SDP can effectively protect the security of enterprise data assets.
作者
于欣越
孙刚
张亚伟
YU Xinyue;SUN Gang;ZHANG Yawei(Anhui Branch of China Telecom,Hefei Anhui 230000,China;Datathk Information Technology(Nanjing)Co.,Ltd.,Nanjing Jiangsu 210000,China)
出处
《通信技术》
2021年第5期1229-1234,共6页
Communications Technology
关键词
网络安全
零信任
软件定义边界
网络隐身
network security
zero trust
SDP(Software-Defined-Perimeter)
network stealth
