当前位置:首页 > 报告详情

零信任范式的采用.pdf

上传人: a****d 编号:184999 2024-10-07 11页 395.12KB

1、1|2024 SNIA.All Rights Reserved.Adopting the Zero Trust ParadigmEric Hibbard,CISSP,FIP,CISASamsung Semiconductor,Inc.2|2024 SNIA.All Rights Reserved.Perimeter Security Model Many organizations use a traditional perimeter security model Assumes that all users inside the network can be trusted while a

2、ll users outside the network are untrustworthy Assumes an effective barrier can be established and maintained Resources accessed from the Internet are often located within a DMZ Firewalls,intrusion detection systems(IDS),and virtual private networks(VPN)are common elements of perimeter security3|202

3、4 SNIA.All Rights Reserved.Zero Trust(ZT)Security Model Primarily focused on data and service protection;can also include all enterprise assets(devices,infrastructure components,applications,virtual and cloud components)subjects(end users,applications and other non-human entities that request inform

4、ation from resources)Assumes that an attacker is present in the environment Assumes an enterprise-owned environment is no different(i.e.,no more trustworthy)than any non-enterprise-owned environment In this paradigm,there is no implicit trust4|2024 SNIA.All Rights Reserved.Tenets of Zero Trust All d

5、ata sources and computing services are considered resources All communication is secured regardless of network location Access to individual enterprise resources is granted on a per-session basis Access to resources is determined by dynamic policy The enterprise monitors and measures the integrity a

6、nd security posture of all owned and associated assets All resource authentication and authorization are dynamic and strictly enforced before access is allowed The enterprise collects as much information as possible about the current state of assets,network infrastructure and communications and uses

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了零信任(Zero Trust,ZT)安全模型,与传统的以网络边界为核心的防护模型不同,零信任模型认为内部网络用户不一定可信,外部网络用户同样需要严格验证。零信任模型的核心是数据和服务保护,它假定攻击者已存在于环境中,无论是企业内部还是外部环境,都不应默认信任。其要点包括:所有资源(数据和服务)被视为企业资产,通信无论在何处都应得到保护,资源访问应基于动态政策,并且企业需要持续监控资产的安全状态。美国政府部门正在实施零信任架构,多个供应商也在提供相关产品和服务。国际标准如ISO/IEC 27002:2022和IEEE的草案标准也采纳了零信任原则。总之,零信任安全模型是一个重大转变,需要周密的规划和资源投入,可以逐步在混合环境中实施,并可参与相关标准化工作以促进其发展。
"Zero Trust安全模型有何优势?" "如何确保企业资产在ZT架构下的安全?" "ZT安全模型与传统边界安全模型有何不同?"
客服
商务合作
小程序
服务号
折叠