* Zero trust :

The concept of zero trust comes from the development of network de boundary . In the previous concept of network construction , Divide the network into intranet and Extranet , It is the consensus of the industry that network attacks come from the outside of the enterprise , Border protection is safe by default . Enterprise security department through firewall ,IDS/IPS,VPN, Technical means and products such as behavior audit , Ensure the normal access and legal operation of employees , Ability to identify and block malicious or unauthorized access .
The protection of zero trust security architecture to business , Mainly through trust evaluation and dynamic access control for all access from inside and outside the enterprise , Requests for all access to enterprise resources , Conduct certification , Authorization and encryption , Certification includes comprehensive verification of users and equipment used , And each access request is not limited to the terminal environment , User operational risk , Network risk , Real time risk assessment of external threats and other factors , Dynamic access control based on evaluation results .
* Network architecture diagram :
* Application layer zero trust :

Compared with the host and network, the application level zero trust construction is easier to land and cut into users . Application layer zero trust construction from implementation cycle , Business impact , Compared with host and network in many aspects such as construction effect , The short-term effect will be more direct , Easier to start .

Application layer zero trust construction mainly includes application security gateway system , Two systems of user management system ( Modules in the system can be split , Different products and projects ).

Application security gateway system includes : access control , Reverse proxy , load balancing , Unified access , safety protection ( Mainly WAF Related functions ), Access audit ( audit 4-7 Layer flow ),HTTPS Support, etc .

User management system : identity authentication , Dynamic authorization ,SSO, user management , Trust assessment, etc .


Points to be considered in heterogeneous networks :
At present, the business of enterprises is in the heterogeneous network , During the construction of safety protection system , Heterogeneous elements need to be considered :
Heterogeneous terminal equipment —— Equipment of different terminal systems connected to services , Such as mobile phone ,PC, The server , Browser, etc ;
Heterogeneous network environment —— Available through 3G,4G,5G Wait for mobile network or fixed network access ;
Heterogeneous security scenarios —— Exploit with loopholes , defense , Network security requirements with boundary as the core and to identify and deal with malicious users , Business security requirements based on malicious operation ;
Heterogeneous regulatory standards —— The security system needs to meet different national standards , Industry standards and codes ;
Heterogeneous users : Fixed office , Long term employees of mobile office , Outsourcing unit , Short term employees such as security personnel , supplier , Operation and maintenance personnel and other cooperative units and internships , Resigned employees, etc .

Zero trust security architecture has five basic assumptions :

· The Internet has always been in a dangerous environment , There are external or internal threats throughout the network ;

· The location of the network is not enough to determine the credibility of the network , By default, no one inside or outside the network should be trusted / equipment / system ;

· Reconstruct the trust foundation of business access control based on authentication and authorization ;

· All devices , Users and network traffic should be authenticated , Authorization and encryption ;

· Security policy must be dynamic , And based on the multi-source environment data and access behavior data of devices and users .


©2019-2020 Toolsou All rights reserved,
Mybatis Error resolution :There is no getter for property named '*' in 'class Java.lang.String Big data tells you , How tired are Chinese women Message quality platform series | Full link troubleshooting Gude Haowen serial - You deserve to be an engineer ( Preface ) Image explanation of over fitting and under fitting Springboot of JPA Common query methods JAVA Detailed explanation of anomalies vue Of v-if And v-show The difference between python To solve the problem of dictionary writing list in Codeup——601 | problem A: task scheduling