This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

https://github.com/noqcks/BeyondCorps

BeyondCorps的更多相关文章

  1. mxonline实战11,课程详情页2,课程章节页

    对应github地址:第11天   一. 课程详情页2   1. 课程详情页第2块中的课程介绍中,修改course-detail.html中代码,搜索课程详情,找到如下代码

随机推荐

  1. 【转】jsp 页面 按回车键 触发事件

    转载: https://blog.csdn.net/ludongshun2016/article/details/59536779. 第一种: <script type="text/J ...

  2. Linux性能优化实战学习笔记:第五十讲

    一.上节回顾 上一节,我以 ksoftirqd CPU 使用率高的问题为例,带你一起学习了内核线程 CPU 使用率高时的分析方法.先简单回顾一下. 当碰到内核线程的资源使用异常时,很多常用的进程级性能 ...

  3. dogcom在openwrt上的使用

    前提,先配置并运行mentohust(作为802.1x认证) 1,取得编译完成的可执行文件(可先在虚拟机里测试) 2,上传到路由器 3,把dogcom主程序和配置文件放在/etc/storage/do ...

  4. oracle 错误 ORA-00020问题解析

    问题描述 [oracle@xiaowu ~]$ sqlplus / as sysdba SQL*Plus: Release Production on Wed Oct :: Copyright (c) ...

  5. 2019年上-C语言程序设计课程内容

    第一节课 序言 为何学习C语言 打印hello world程序 编译步骤,认识编译器 冯诺依曼体系结构 hello world程序如何在计算机上运行的 第二节课 基本数据类型与表达式 求华氏温度对应的 ...

  6. sql server 批量备份数据库及删除N天前的备份数据

    很多时候,我们都需要将数据库进行备份,当服务器上数据库较多时,不可能一个数据库创建一个定时任务进行备份,这时,就需要进行批量的数据库备份操作,好了,废话不多说,具体实现语句如下: 1 2 3 4 5 ...

  7. protobuf 中import 的使用

    目录结构如下: test.proto的文件内容如下: syntax="proto2"; package com.eagle.mohrss; option java_outer_cl ...

  8. JavaIO学习:字节流

    JavaIO流之字节流 字节流 抽象基类:InputStream,OutputStream. 字节流可以操作任何数据. 注意: 字符流使用的数组是字符数组,char[] chs : 字节流使用的数组是 ...

  9. 聊聊Lambda架构

    定义 在数据分析场景中,我们可能会遇到这样的问题.例如,我们要做一个推荐系统,如果我们用批处理任务去做,一天或者一小时的推荐频次明显延迟太大.如果用流处理任务,虽然延迟的问题解决了,然而只用实时数据而 ...

  10. mongodb 更新数据时int32变为double的解决办法

       场景: 在命令手动的修改签到表的整型字段synState,multi参数是可以更新多条,如果是false则更新一条. db.getCollection("ClassRecordOneD ...