Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,67 +1,67 @@
|
||||
---
|
||||
title: "Zero Trust Architecture (ZTA)"
|
||||
type: concept
|
||||
tags: [security, cloud, compliance]
|
||||
date: 2025-03-01
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
零信任架构(Zero Trust Architecture)是一种安全框架,其核心原则是**"永不信任,始终验证"**(Never Trust, Always Verify)。与传统的边界安全模型不同,ZTA假设网络内部和外部都不可信,每个访问请求都必须经过验证。
|
||||
|
||||
## Core Principles
|
||||
|
||||
### 1. Never Trust, Always Verify
|
||||
```
|
||||
传统模型: 边界内 = 可信
|
||||
ZTA模型: 无论位置,均需验证
|
||||
```
|
||||
|
||||
### 2. Least Privilege Access
|
||||
- 仅授予完成任务所需的最小权限
|
||||
- 细粒度访问控制
|
||||
- Just-in-Time (JIT) 访问
|
||||
|
||||
### 3. Assume Breach
|
||||
- 假设系统已被攻破
|
||||
- 持续监控和检测
|
||||
- 微分段隔离
|
||||
|
||||
## Implementation Pillars
|
||||
|
||||
| 支柱 | 描述 | 技术示例 |
|
||||
|------|------|---------|
|
||||
| 身份认证 | 强身份验证 | MFA, SSO |
|
||||
| 设备健康 | 终端安全状态 | MDM, EDR |
|
||||
| 网络分段 | 微隔离 | VPC, Service Mesh |
|
||||
| 应用控制 | 最小权限 | RBAC, ABAC |
|
||||
| 数据加密 | 传输和静态加密 | TLS, KMS |
|
||||
|
||||
## In ITSM Context
|
||||
|
||||
在[[ITSM]]中,ZTA是[[Security-and-Compliance]]的核心:
|
||||
|
||||
```
|
||||
Security & Compliance Management (ITSM 8.0)
|
||||
├── Zero Trust Architecture (ZTA)
|
||||
│ ├── 持续身份验证
|
||||
│ ├── 微分段隔离
|
||||
│ └── 最小权限原则
|
||||
├── AI-based Threat Intelligence
|
||||
│ ├── 行为分析
|
||||
│ └── 异常检测
|
||||
└── Policy-as-Code
|
||||
├── 合规自动化
|
||||
└── 审计追踪
|
||||
```
|
||||
|
||||
## Related Concepts
|
||||
|
||||
- [[Policy-as-Code]] — 策略即代码,合规自动化
|
||||
- [[Security-and-Compliance]] — 安全与合规管理
|
||||
- [[Multi-factor-Authentication]] — 多因素认证
|
||||
- [[Cloud Security]] — 云安全
|
||||
|
||||
## Sources
|
||||
|
||||
- [[understanding-complete-itsm]] — ZTA在现代ITSM中的应用
|
||||
---
|
||||
title: "Zero Trust Architecture (ZTA)"
|
||||
type: concept
|
||||
tags: [security, cloud, compliance]
|
||||
date: 2025-03-01
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
零信任架构(Zero Trust Architecture)是一种安全框架,其核心原则是**"永不信任,始终验证"**(Never Trust, Always Verify)。与传统的边界安全模型不同,ZTA假设网络内部和外部都不可信,每个访问请求都必须经过验证。
|
||||
|
||||
## Core Principles
|
||||
|
||||
### 1. Never Trust, Always Verify
|
||||
```
|
||||
传统模型: 边界内 = 可信
|
||||
ZTA模型: 无论位置,均需验证
|
||||
```
|
||||
|
||||
### 2. Least Privilege Access
|
||||
- 仅授予完成任务所需的最小权限
|
||||
- 细粒度访问控制
|
||||
- Just-in-Time (JIT) 访问
|
||||
|
||||
### 3. Assume Breach
|
||||
- 假设系统已被攻破
|
||||
- 持续监控和检测
|
||||
- 微分段隔离
|
||||
|
||||
## Implementation Pillars
|
||||
|
||||
| 支柱 | 描述 | 技术示例 |
|
||||
|------|------|---------|
|
||||
| 身份认证 | 强身份验证 | MFA, SSO |
|
||||
| 设备健康 | 终端安全状态 | MDM, EDR |
|
||||
| 网络分段 | 微隔离 | VPC, Service Mesh |
|
||||
| 应用控制 | 最小权限 | RBAC, ABAC |
|
||||
| 数据加密 | 传输和静态加密 | TLS, KMS |
|
||||
|
||||
## In ITSM Context
|
||||
|
||||
在[[ITSM]]中,ZTA是[[Security-and-Compliance]]的核心:
|
||||
|
||||
```
|
||||
Security & Compliance Management (ITSM 8.0)
|
||||
├── Zero Trust Architecture (ZTA)
|
||||
│ ├── 持续身份验证
|
||||
│ ├── 微分段隔离
|
||||
│ └── 最小权限原则
|
||||
├── AI-based Threat Intelligence
|
||||
│ ├── 行为分析
|
||||
│ └── 异常检测
|
||||
└── Policy-as-Code
|
||||
├── 合规自动化
|
||||
└── 审计追踪
|
||||
```
|
||||
|
||||
## Related Concepts
|
||||
|
||||
- [[Policy-as-Code]] — 策略即代码,合规自动化
|
||||
- [[Security-and-Compliance]] — 安全与合规管理
|
||||
- [[Multi-factor-Authentication]] — 多因素认证
|
||||
- [[Cloud Security]] — 云安全
|
||||
|
||||
## Sources
|
||||
|
||||
- [[understanding-complete-itsm]] — ZTA在现代ITSM中的应用
|
||||
|
||||
Reference in New Issue
Block a user