Micro-isolation protection system adopting zero-trust architecture and protection method thereof

A protection system and architecture technology, applied in transmission systems, electrical components, etc., can solve problems such as springboard attacks, difficulty in controlling east-west traffic, difficulty in realizing north-south traffic access control and business application resource access control, etc., to achieve resistance The effect of stopping infringement and simplifying network isolation management

Active Publication Date: 2021-12-10
云南电网有限责任公司信息中心
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned deficiencies in the prior art, the micro-isolation protection system and method using the zero-trust architecture provided by the present invention solves the difficulty in realizing north-south traffic access control and business application resource access control in the existing network; Difficult to control, easy to trigger springboard attacks; one-time identity verification of network access devices, lack of real-time verification mechanism for device security environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Micro-isolation protection system adopting zero-trust architecture and protection method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] like figure 1 As shown, a micro-isolation protection system adopting a zero-trust architecture includes a logical architecture and a physical architecture, wherein the logical architecture includes an execution layer, an acquisition layer, a persistence layer, a logical function layer, and a presentation layer; the physical architecture includes a policy control Center, Security Gateway and Agent plug-ins;

[0067] The execution layer is used to execute the security policy specified by the policy control center; the collection layer is used to collect the assets of network access devices; the persistence layer is used to format and store asset information, and provide a data basis for the policy control center; The logical function layer is used for network credit access, formulation and maintenance of access policies, equipment environment risk assessment and micro-isolation policy formulation and maintenance; the display layer is used for exporting equipment risk asse...

Embodiment 2

[0072] Based on the system structure in Embodiment 1 above, this embodiment provides a micro-isolation protection method using a zero-trust architecture, the micro-isolation protection method is applied to the micro-isolation protection system, and the micro-isolation protection method using a zero-trust architecture The micro-isolation protection methods are as follows:

[0073] Real-time monitoring of east-west traffic, north-south traffic, and security status of network access devices during network operation, and real-time association of any network in need of self-adaptive control of east-west traffic, security access of north-south traffic, and security status of network access devices When there is one or more items, use the corresponding strategy to achieve micro-isolation protection.

[0074] In the above method, the conditions for adaptive control of east-west traffic are: the east-west traffic used to provide hosts or services exceeds the set threshold;

[0075] Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a micro-isolation protection system and method adopting a zero-trust architecture, the system comprises a logic architecture and a physical architecture, the logic architecture comprises an execution layer, an collection layer, a persistence layer, a logic function layer and a display layer; the physical architecture comprises a strategy control center, a safety gateway and an Agent plug-in; according to the invention, based on full understanding of the cloud computing environment, under the idea of zero-trust safety, multiple safety technologies such as network micro-isolation, safety gateways and system environment perception are integrated, and the effects of south-north traffic safety admission, east-west traffic (adaptive management and control, and real-time network strategy association of the safety state of access equipment) are finally realized.

Description

technical field [0001] The invention belongs to the technical field of network security maintenance, and in particular relates to a micro-isolation protection system adopting a zero-trust architecture and protection thereof. Background technique [0002] With the emergence of new IT technologies such as cloud computing, the increasingly blurred network security boundaries, complex network access environment, and a large number of network assets have also brought new challenges to enterprise security; east-west traffic is difficult to control, huge The network policy is difficult to maintain, the north-south traffic lacks perfect access, and the security level of the access environment is decoupled from the network policy. Traditional protection solutions based on fixed boundaries have gradually begun to fail. [0003] Whether it is for the traditional intranet network environment or the current cloud host network environment, the current network security protection methods h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/20H04L63/1408H04L63/1433H04L63/083H04L63/0428
Inventor 谢林江杭菲璐郭威吕垚陈何雄罗震宇和悦毛正雄何映军张振红
Owner 云南电网有限责任公司信息中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap