摘要
保护内网数据安全的难点在于对终端的安全管控。由于终端上的USB和网络等I/O接口设备可以用于内网系统与外部环境之间的数据交换,因此实际上构成了内网系统的外部边界;这类边界数量大、分布广、管理复杂,很容易被恶意用户和木马程序利用,窃取内网敏感数据。提出一种系统结构化保护方法,减少终端边界接口的类型和数量,从而简化内网系统与外部环境之间的复杂接口关系,提高内网的数据安全保护能力。面向内网数据安全的系统结构化保护方法不仅可以有效保护内网数据安全,而且可以简化系统安全结构、减少安全产品数量,降低系统安全建设成本。
The challenge of Intranet data protection lies in the security management of end points in the system; and for USB, network and other I/O devices in end points could be used to exchange data between Intranet and outside system, these end points, in fact, form the outside boundary of Intranet. This kind of end-point boundary is large in scale, widely distributed and hard to manage, and easily exploited by malicious users and Trojans to steal sensitive Intranet data. Structured protection architecture is proposed to greatly reduce the scale of end-point boundary and its complexity, so as to simplify the complicated interface relations between intranet system and outside environment and improve the capability of data protection. The structured protection architecture for Intranet data security could effectively protect Intranet data and greatly simplify the security structure of Intranet system, reduce the amount of security products to be used and the security cost as well.
出处
《通信技术》
2012年第12期86-90,共5页
Communications Technology
关键词
虚拟机
终端安全
数据安全
结构化保护
边界安全
virtual machine
end point security
data security" structured protection
boundary security