Research on SDP deployment scheme for railway enterprise network against supply chain attack
-
摘要: 在铁路企业信息系统日益开放、拓展互联的过程中,供应链攻击成为当前铁路企业网络安全面临的主要挑战之一。而云计算、移动互联的快速发展导致铁路企业网络的传统内外网边界模糊,传统网络安全防护模式越来越难以应对各种复杂多变的攻击手段。文章基于零信任理念,结合铁路企业网络攻防演练实践,探讨将软件定义边界(SDP,Software Defined Perimeter)模型应用于防范供应链攻击;SDP控制器部署在铁路网络安全管理中心区域,主要由流量检测模块、规则控制模块、流量时间特性分析模块构成;SDP控制器通过这3个模块协同工作,辅助统一日志管理平台完成对铁路信息系统与外部系统的细粒度动态访问控制,以有效应对供应链攻击,构建更加安全的铁路企业网络安全防护体系。Abstract: As the information systems of railway enterprises are becoming more and more open and interconnected, supply chain attack has become one of the main challenges of railway enterprises' network security. However, the rapid development of cloud computing and mobile Internet has led to the blurring of the traditional internal and external boundaries of enterprise networks, and the traditional network security protection mode is increasingly difficult to cope with a variety of complex and changeable attacks. Based on the concept of zero trust and combined with the attack and defense drilling of railway enterprise network, this paper discusses the application of SDP model to guard against supply chain attacks. The SDP controller is deployed within the railway network security management center and mainly consists of the traffic detection module, the rule control module and the traffic time characteristic analysis module. These three modules work together to assist the unified log management platform to complete fine-grained dynamic access control over the interactions between the railway information systems and external systems so as to effectively cope with supply chain attacks, thus building a more secure network security protection system for railway enterprises.
-
-
表 1 流量检测模块完成的流量检测与分析任务
流量检测任务 主要检测内容 Web层面APT攻击检测 各种已知Web攻击特征检测、Webshell检测、Web行为分析、异常访问、C&C IP/URL检测等 邮件层面APT攻击检测 WebMall漏洞利用攻击检测、恶意邮件附件攻击检测、邮件头欺骗、发件人欺骗、邮件钓鱼、恶意链接等邮件社工行为检测等[7] 文件层面APT攻击检测 多引擎检测已知特征攻击、静态无签名shellcode检测、动态沙箱行为分析等 木马回连行为分析 C&C IP/URL自动学习提取、非法回连行为检测、恶意数据盗取检测等 -
[1] 李春林, 金宏洲, 程 亮. 一种零信任理念下的应用融合方案: 中国, CN202011625802.3[P]. 2021-05-11. [2] 铁路信息化总体规划, 中国国家铁路集团有限公司, 2020. [3] 何熙巽,张玉清,刘奇旭. 软件供应链安全综述 [J]. 信息安全学报,2020,5(1):57-73. [4] 蹇诗婕,卢志刚,杜 丹,等. 网络入侵检测技术综述 [J]. 信息安全学报,2020,5(4):96-122. [5] 李长连,马季春,蔺 旋. 基于 SD-WAN 构建 SASE 模型思路浅析 [J]. 邮电设计技术,2021(6):78-83. [6] 刘建华. 基于零信任架构的 5G 核心网安全改进研究 [J]. 邮电设计技术,2020(9):75-78. [7] 张 瑜,潘小明,LIUQingzhong,等. APT攻击与防御 [J]. 清华大学学报(自然科学版),2017,57(11):1127-1133. [8] 何国锋. 零信任架构在 5G 云网中应用防护的研究 [J]. 电信科学,2020,36(12):123-132. -
期刊类型引用(2)
1. 马一博,石勇. 轨道交通供电系统电缆故障在线定位技术研究. 计算机测量与控制. 2021(01): 20-23+28 . 百度学术
2. 肖梓林. 城市轨道交通再生能量利用的直流牵引供电系统仿真研究. 电气工程学报. 2021(01): 166-172 . 百度学术
其他类型引用(1)