Zero-trust network architecture and construction method
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A network architecture and construction method technology, applied in the field of network security, can solve problems such as blurred boundaries between internal and external networks, difficulty in adapting to infrastructure, etc., and achieve the effects of convenient unified maintenance, high availability, and easy expansion
Active Publication Date: 2021-10-29
中孚安全技术有限公司
View PDF8 Cites 29 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004]
With the development of emerging technologies such as cloud computing, wireless interconnection, Internet of Things, and big data, as well as business migration to the cloud, the proliferation of APT attacks, and the trend of mobile office, enterprise data is no longer limited to the intranet. The established internal and external network boundaries are becoming more and more blurred, and there are more technical means that can easily break through the network boundary. Network security is no longer limited to boundary security. Especially now that the focus of security is gradually shifting to data security, full attention should be paid to the security of the enterprise intranet. Data security, while the traditional perimeter-based network security architecture and solutions have been difficult to adapt to modern enterprise network infrastructure
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0059] Such as figure 1 As shown, Embodiment 1 of the present disclosure provides a zero-trust network architecture. The network location boundary no longer determines access rights. Before access is allowed, all access subjects (including traditional internal and external network users and devices, etc.) Identity authentication and authorization are required to solve the security threats brought by the current enterprise network architecture with blurred boundaries.
[0060] The SDP technical architecture proposed by the International Cloud Security Alliance (CSA) includes three components: IH, AH, and SDP Controller. The relationship between the three components is divided into a control plane and a data plane. The architecture scheme adopted in this embodiment follows the two planes of the control plane and the data plane, and combines the actual business scenarios to plan four major components: the controller, the cloud gateway, the edge gateway, and the terminal agent.
...
Embodiment 2
[0068] Such as figure 2 As shown, Embodiment 1 of the present disclosure provides a method for constructing a zero-trust network architecture, including:
[0069] Controller initialization process:
[0070] After the controller is installed, the organization administrator needs to log in to the controller and perform some initialization operations, including:
[0071] To add an area, the administrator needs to enter the information of the area included in the organization, mainly including the area name, description, and planned virtual IP segment (cannot conflict with the private network IP already used by the enterprise);
[0072] Add users, user information includes: name, department, mobile phone, email, etc.;
[0073] Add a cloud gateway, the cloud gateway information includes: name, cluster area, administrator mobile phone, administrator mailbox, etc.;
[0074] Add an edge gateway, the edge gateway information includes: name, organization area, administrator mobile p...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides a zero-trust network architecture and a construction method. The zero-trust network architecture comprises a controller, a cloud gateway, an edge gateway and a terminal agent, the edge gateway is in communication connection with the cloud gateway, the cloud gateway, the edge gateway and the terminal agent are respectively in communication connection with the controller, and the cloud gateway and the edge gateway are respectively in communication connection with the client; the controller is used for controlling registration and login processes of the client, the cloud gateway and the edge gateway and issuing a routing strategy and an authorized access control strategy; the edge gateway is used for controlling resource security access, and the cloud gateway is used for routing when a client accesses resources across regions; the terminal agent is deployed at a client, establishes a tunnel with the cloud gateway and the edge gateway, and performs secure access on authorized resources; the network position boundary no longer determines the access authority, all access subjects need to be subjected to identity authentication and authorization before access is allowed, and the security threat brought by the enterprise network architecture with the fuzzy boundary at present is solved.
Description
technical field [0001] The present disclosure relates to the technical field of network security, in particular to a zero-trust network architecture and construction method. Background technique [0002] The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art. [0003] At present, many enterprises adopt the method of resource access protection to divide the security zone. First, the network is divided into different security zones such as external network, internal network and DMZ, and the network boundary is formed between different security zones, and then the network boundary Deploy security devices everywhere, including firewalls, IDS, IPS, WAF and other network security technologies, to prevent various attacks from outside the border, so as to build an enterprise network security system. In this traditional security concept, the location of the network determines the degree of t...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more