Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Zero-trust network architecture and construction method

A network architecture and construction method technology, applied in the field of network security, can solve problems such as blurred boundaries between internal and external networks, difficulty in adapting to infrastructure, etc., and achieve the effects of convenient unified maintenance, high availability, and easy expansion

Active Publication Date: 2021-10-29
中孚安全技术有限公司
View PDF8 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] With the development of emerging technologies such as cloud computing, wireless interconnection, Internet of Things, and big data, as well as business migration to the cloud, the proliferation of APT attacks, and the trend of mobile office, enterprise data is no longer limited to the intranet. The established internal and external network boundaries are becoming more and more blurred, and there are more technical means that can easily break through the network boundary. Network security is no longer limited to boundary security. Especially now that the focus of security is gradually shifting to data security, full attention should be paid to the security of the enterprise intranet. Data security, while the traditional perimeter-based network security architecture and solutions have been difficult to adapt to modern enterprise network infrastructure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Zero-trust network architecture and construction method
  • Zero-trust network architecture and construction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Such as figure 1 As shown, Embodiment 1 of the present disclosure provides a zero-trust network architecture. The network location boundary no longer determines access rights. Before access is allowed, all access subjects (including traditional internal and external network users and devices, etc.) Identity authentication and authorization are required to solve the security threats brought by the current enterprise network architecture with blurred boundaries.

[0060] The SDP technical architecture proposed by the International Cloud Security Alliance (CSA) includes three components: IH, AH, and SDP Controller. The relationship between the three components is divided into a control plane and a data plane. The architecture scheme adopted in this embodiment follows the two planes of the control plane and the data plane, and combines the actual business scenarios to plan four major components: the controller, the cloud gateway, the edge gateway, and the terminal agent.

...

Embodiment 2

[0068] Such as figure 2 As shown, Embodiment 1 of the present disclosure provides a method for constructing a zero-trust network architecture, including:

[0069] Controller initialization process:

[0070] After the controller is installed, the organization administrator needs to log in to the controller and perform some initialization operations, including:

[0071] To add an area, the administrator needs to enter the information of the area included in the organization, mainly including the area name, description, and planned virtual IP segment (cannot conflict with the private network IP already used by the enterprise);

[0072] Add users, user information includes: name, department, mobile phone, email, etc.;

[0073] Add a cloud gateway, the cloud gateway information includes: name, cluster area, administrator mobile phone, administrator mailbox, etc.;

[0074] Add an edge gateway, the edge gateway information includes: name, organization area, administrator mobile p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a zero-trust network architecture and a construction method. The zero-trust network architecture comprises a controller, a cloud gateway, an edge gateway and a terminal agent, the edge gateway is in communication connection with the cloud gateway, the cloud gateway, the edge gateway and the terminal agent are respectively in communication connection with the controller, and the cloud gateway and the edge gateway are respectively in communication connection with the client; the controller is used for controlling registration and login processes of the client, the cloud gateway and the edge gateway and issuing a routing strategy and an authorized access control strategy; the edge gateway is used for controlling resource security access, and the cloud gateway is used for routing when a client accesses resources across regions; the terminal agent is deployed at a client, establishes a tunnel with the cloud gateway and the edge gateway, and performs secure access on authorized resources; the network position boundary no longer determines the access authority, all access subjects need to be subjected to identity authentication and authorization before access is allowed, and the security threat brought by the enterprise network architecture with the fuzzy boundary at present is solved.

Description

technical field [0001] The present disclosure relates to the technical field of network security, in particular to a zero-trust network architecture and construction method. Background technique [0002] The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art. [0003] At present, many enterprises adopt the method of resource access protection to divide the security zone. First, the network is divided into different security zones such as external network, internal network and DMZ, and the network boundary is formed between different security zones, and then the network boundary Deploy security devices everywhere, including firewalls, IDS, IPS, WAF and other network security technologies, to prevent various attacks from outside the border, so as to build an enterprise network security system. In this traditional security concept, the location of the network determines the degree of t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/08H04L63/0869H04L63/0823H04L63/10H04L63/02H04L41/082Y02D30/50
Inventor 王智超张琳徐吏明凃敏杨文宏魏敬伟
Owner 中孚安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com