摘要
在数据中心网络中,由于数据集中存储,数据的访问控制显得尤为重要。传统的方法是以系统为中心的安全,而随着攻击的无处不在,内部环境和人员也可以作为攻击的发起端。因此,引入零信任模型,在此模型下进行数据中心的安全模型设计。该安全模型包括设备清单数据库、设备证书、用户和组数据库、基于802.1X的Radius网络层访问控制、基于访问代理的强制加密、SSO单点登录、访问控制引擎等机制,以实现对数据资源的保护。
In the data-center network, the data access control is very important because of the concentrated data storage. The traditional method center on system security, and as the attack exists everywhere, the internal environment and the staff may become the attack side. For this reason, the zero trust model is introduced, and just under this model the security model design of data center is done. The security model involves equipment inventory database, equipment certificate, user and group database, 802.1X-based Radius access control, the mandatory encryption, proxy SSO and access control engine, thus to realize the data-resource protection.
出处
《通信技术》
2017年第6期1290-1294,共5页
Communications Technology
关键词
数据中心安全
零信任安全模型
访问控制
数据资源保护
data-center security
zero-trust security model
access control
data-resource protection