Zero-trust network security system

A technology of network security system and intrusion prevention system, which is applied in the field of computer network, can solve problems such as heavy burden on central nodes, hidden dangers of single-point failure of functions, and large influence range, and achieve scientific and reasonable structural design, reduce network security risks, and structural design layered effect

Pending Publication Date: 2020-06-19
李刚
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (2) The burden on the central node is heavy, forming a bottleneck
The failure of the central node will lead to the paralysis of the network
[0006] (3) The distributed processing capacity of each site is low
[0007] (4) The network sharing ability is poor, and the utilization rate of communication lines is not high
However, when an intruder uses an unknown vulnerability to attack, these defense devices cannot be recognized, resulting in the server device under protection being controlled by the intruder. Attack, the scope of the intrusion will expand dramatically, which may lead to the entire network being controlled by the intruder
[0012] The existing star network has the hidden danger of a single point of failure in function, which is the inherent deficiency of the star network
Under the existing star network, partition and domain defense can be achieved, but it cannot be dedicated to the private network. For example: the service area only listens to port 80 or 443 to avoid operating system vulnerability attacks
The data flow direction cannot be unidirectional and standardized, and the management and maintenance operations are relatively cumbersome. The scope of equipment maintenance is relatively large, and there are uncontrollable risks
The calculation pressure of the core switch is high, and the low-end equipment cannot be realized
Unable to implement security prevention and control measures in the security domain
It is impossible to realize that the minimum security protection unit is the host and the application program (the switch does not support a large number of access control lists), that is, the security protection function of the switch cannot be fully utilized
The database security domain cannot avoid Internet routing, and there is a threat of Internet attack (only relying on the firewall to restrict access, resulting in a single-layer defense of the database security domain, which may be broken through)
When there are devices under unauthorized control in the network due to unknown vulnerability attacks, the scope of damage cannot be limited. In extreme cases, the security of the overall network will be uncontrollable
The security pressure of network entrances and exits is too great, and the pressure of defense cannot be dispersed, and the network cannot be layered and deepened

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Zero-trust network security system
  • Zero-trust network security system
  • Zero-trust network security system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, not to limit the present application. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0031] Those skilled in the art can understand that, unless otherwise defined, all terms (including technical terms and scientific terms) used herein have the same meanings as commonly understood by those of ordinary skill in the art to which this application belongs. It should also be understood that terms, such as those defined in commonly used dictionaries, should be understood to have m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a zero-trust network security system. The system comprises a service area and a management area, wherein the service area comprises a firewall, a first system intrusion prevention system, a first switch, a second switch, a first server cluster, a fourth switch, a second system intrusion prevention system, a fifth switch, a first database server, a sixth switch and a database backup server which are connected in sequence. The system also comprises a second database server, and a third switch and a second server cluster which are connected with each other. The second database server is connected with the fifth switch and the sixth switch. And the management area comprises a management server, a seventh switch and a bastion host which are connected in sequence. The zero-trust network security system provided by the invention is scientific and reasonable in structural design, hierarchical in structural design and strong in anti-attack capability, reduces the networksecurity risk, and can well meet the requirements of practical application.

Description

technical field [0001] The application relates to the technical field of computer networks, in particular to a zero-trust network security system. Background technique [0002] The most important topological structures of computer networks are bus topology, ring topology, tree topology, star topology, hybrid topology and mesh topology. Among them, ring topology, star topology, and bus topology are the three most basic topological structures. In the local area network, the most used is the star structure. Other topologies are basically no longer used, so they will not be discussed. [0003] The star topology has the following disadvantages: [0004] (1) The cable length and installation workload are considerable. [0005] (2) The burden on the central node is heavy, forming a bottleneck. Failure of the central node will lead to the paralysis of the network. [0006] (3) The distributed processing capacity of each site is low. [0007] (4) The network sharing ability is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/0272H04L63/1441H04L63/20
Inventor 李刚李鹏飞
Owner 李刚
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap