Abstract: Abstract: In the context of increasingly severe network security threats and increasingly complex security defense means, zero trust network is a new evaluation and review of traditional border security architecture. Zero trust emphasizes never trust and continuous verification，zero trust networks emphasize that identity is not identified by location, all access controls strictly enforce minimum permissions, and all access processes are tracked in real time and evaluated dynamically. Firstly, the definition of zero trust network is proposed, the main problems of traditional boundary security are pointed out, and the zero trust network model is given. Secondly, the key technologies of zero trust network, such as software defined perimeter, identity and access management, micro segmentation and configuration management system, are analyzed. Finally, the paper summarizes the zero trust network and prospects its future development.

Key words: Keywords: zero trust, network security, security model, automatic system, micro segmentation

摘要： 零信任网络是在网络安全威胁日趋严峻、安全防御手段日益复杂的情况下，对传统边界安全架构的全新评估和审视。零信任强调永不信任与持续验证，零信任网络不以位置标识身份、所有访问控制严格执行最小权限、所有访问过程被实时跟踪和动态评估。首先，提出了零信任网络的基本定义，指出了传统边界安全暴露出的主要问题，给出了零信任网络模型。其次，分析了软件定义边界、身份和访问管理、微隔离、自动配置管理系统等零信任网络中的关键技术。最后，对零信任网络进行了总结，并对未来发展进行了展望。

关键词: 关键词: 零信任, 网络安全, 安全模型, 自动化系统, 微隔离