基于堡垒机技术的企业信息网络安全防护模型  被引量：7

作　　者：林志达[1] 张华兵 曹小明 卢伟开 LIN Zhida;ZHANG Huabing;CAO Xiaoming;LU Weikai(Digital Department of China Southern Power Grid Co.,Ltd.,Guangzhou 510700,China;Platform Security Branch of China Southern Grid Digital Grid Research Institute Co.,Ltd.,Guangzhou 510700,China)

机构地区：[1]中国南方电网有限责任公司数字化部,广东广州510700 [2]南方电网数字电网研究院有限公司平台安全分公司,广东广州510700

出　　处：《电子设计工程》2022年第18期179-183,共5页Electronic Design Engineering

摘　　要：目前设计的企业信息网络安全防护模型防护安全漏洞量大,防护能力弱。为解决上述问题,基于堡垒机技术研究了一种新的企业信息网络安全防护模型。网络授权控制器可对来自企业外部的访问业务进行封堵,控制内部信息子网访问的次数,客户端用户采用VPN技术访问内部信息子网后,网络授权控制器根据用户的访问内容,提供相应的企业内部资源信息,并管理其访问权限,控制访问行为,从而完成访问环节。文中分析了防护模型的结构以及网络安全防护流程,实验研究表明,与其他网络安全防护模型对比,基于堡垒机技术的企业信息网络安全模型具有更高的网络安全防护能力,可以有效降低安全漏洞数量,阻止外界攻击企业内部网络。The enterprise information network security protection model designed at present has a large number of security vulnerabilities and a weak protection capability.In order to solve the above⁃mentioned problems,a new enterprise information network security protection model based on bastion machine technology is studied.The network authorization controller can block the access services from outside the enterprise and control the number of visits to the internal information subnet.After the client user uses the VPN technology to access the internal information subnet,the network authorization controller provides corresponding information based on the user’s access content.The internal resource information of the enterprise,and manage its access authority,control the access behavior,and complete the access link.The structure of the protection model and the network security protection process are analyzed.Experimental research shows that,compared with other network security protection models,the corporate information network security model based on bastion machine technology has higher network security protection capabilities,which can effectively reduce the number of security vulnerabilities and prevent outside attacks on the internal network of the enterprise.

关 键 词：堡垒机技术 企业信息 网络安全 防护模型 

分 类 号：TN301[电子电信—物理电子学]