摘要
为了解决目前集团信息系统中普遍存在的用户账号管理与安全防护的问题,提出了一种基于零信任架构的集账号、认证和审计于一体的AAA系统。首先,对AAA系统的用户管理、身份认证授权、用户审计等模块进行功能描述;然后,针对传统网络边界防护问题,采用基于零信任架构的认证授权方式对业务场景进行身份鉴别,以保障业务系统环境的可靠性;最后,对AAA子系统的逻辑及集团级系统开发平台配置进行说明。提出的AAA系统可有效提高集团级企业信息系统的业务安全,弥补零信任环境下用户登录账号的安全问题,也进一步提高了集团级企业内网络设备、应用设备、系统和应用管理的安全防护能力。
In order to solve the problems of user account management and security protection in current group information system,this paper proposes a three-in-one AAA system of account,authentication and audit based on zero-trust architecture.Firstly,it describes the function of user management,authentication authorization,user audit and other modules of the AAA system.Secondly,in view of the conventional network boundary protection problem,the authentication authorization method based on zero trust architecture is applied to identify the business scenario,thus to ensure the reliability of the business system environment.Lastly,it illustrates the logic of the AAA subsystem and group-level system development platform configuration.The proposed AAA system can effectively improve the business security of group-level enterprise information system,compensate for the security issues of user login account under zero-trust environment,and further improve the security protection ability of network equipment,application equipment,system and application management in group-level enterprise.
作者
肖力炀
毕玉冰
刘骁
朱博迪
刘迪
刘超飞
崔逸群
XIAO Liyang;BI Yubing;LIU Xiao;ZHU Bodi;LIU Di;LIU Chaofei;CUI Yiqun(Xi'an Thermal Power Research Institute Co.,Ltd.,Xi'an 710054,China)
出处
《热力发电》
CAS
CSCD
北大核心
2023年第9期171-180,共10页
Thermal Power Generation
基金
中国华能集团有限公司总部科技项目(HNKJ21-H29)。
关键词
零信任
身份认证
账号安全
认证授权
网络安全
zero trust
identity authentication
account security
certification authorization
cyber security
