This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

https://github.com/noqcks/BeyondCorps

BeyondCorps的更多相关文章

  1. mxonline实战11,课程详情页2,课程章节页

    对应github地址:第11天   一. 课程详情页2   1. 课程详情页第2块中的课程介绍中,修改course-detail.html中代码,搜索课程详情,找到如下代码

随机推荐

  1. opera11以下添加搜索引擎的办法

    opera11以下:首选项,搜索引擎设置添加搜索引擎,地址是https://www.baidu.com/s?wd=%s 这是从其他浏览器里面得到的. opera11以上: http://www.bai ...

  2. Web协议详解与抓包实战:HTTP1协议-如何传递 IP 地址?(6)

    一.HTTP消息在服务器端的路由 Host 头部 规范与实现间是有差距的 二.代理服务器转发消息时的相关头部 1.Host 头部与消息的路由 2.客户端与源服务器间存在多个代理 三.如何传递 IP 地 ...

  3. WEB前端开发职业学习路线初级完整版

    作者 | Jeskson 来源 | 达达前端小酒馆 下面小编专门为广大web前端开发职业者汇总了学习路线初级完整版,其实web前端开发工程师可算是高福利,高薪水的职业了,所以现在学习web前端开发的技 ...

  4. [LeetCode] 684. Redundant Connection 冗余的连接

    In this problem, a tree is an undirected graph that is connected and has no cycles. The given input ...

  5. Excel输入十六进制数,以及十六进制运算

    网上复制来复制去的连个靠谱答案都没有...f**k 所以无奈自己探索出来了 先放效果图 文本值 转 进制值 单元格: A1文本值 A2进制值 输入内容: 'fefe =OCT2HEX(HEX2OCT( ...

  6. 第09组 Beta冲刺(2/5)

    队名:观光队 链接 组长博客 作业博客 组员实践情况 王耀鑫 过去两天完成了哪些任务 文字/口头描述 学习 展示GitHub当日代码/文档签入记录 接下来的计划 完成短租车,页面美化 还剩下哪些任务 ...

  7. C#编写了一个基于Lucene.Net的搜索引擎查询通用工具类:SearchEngineUtil

    最近由于工作原因,一直忙于公司的各种项目(大部份都是基于spring cloud的微服务项目),故有一段时间没有与大家分享总结最近的技术研究成果的,其实最近我一直在不断的深入研究学习Spring.Sp ...

  8. 【网络知识之七】QUIC(http3)

    QUIC(Quick UDP Internet Connection)是谷歌制定的一种基于UDP的低时延的互联网传输层协议. 1.避免前序包阻塞HTTP2的最大特性就是多路复用,而HTTP2最大的问题 ...

  9. gulp的初阶使用方法(转)

    安装好gulp之后接下来就是使用了,此文主要介绍一些前端开发时常用的一些插件及其用法 http://www.imooc.com/article/tag/26/hot/12插件安装 安装本地服务器插件: ...

  10. 如何用代码设置机器人初始坐标实现 2D Pose Estimate功能

    前言:ROS机器人有时候会遇到极端的情况:比如地面打滑严重,IMU精度差,导致积累误差严重,或是amcl匹配错误,导致机器人定位失败, 这时候如何矫正机器人位置变得非常重要,我的思路是利用相机或是在地 ...