This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

https://github.com/noqcks/BeyondCorps

BeyondCorps的更多相关文章

  1. mxonline实战11,课程详情页2,课程章节页

    对应github地址:第11天   一. 课程详情页2   1. 课程详情页第2块中的课程介绍中,修改course-detail.html中代码,搜索课程详情,找到如下代码

随机推荐

  1. B1001 害死人不偿命的(3n+1)猜想 (15 分)

    一.参考代码: #include<iostream> using namespace std; int main(){ int n; int step = 0; cin >> ...

  2. shell脚本特殊变量($0、$1、$2、 $?、 $# 、$@、 $*)

    $0        Shell本身的文件名$1-$n 添加到Shell的各参数值.$1是第1参数.$2是第2参数…$$        Shell本身的PID(ProcessID) $!         ...

  3. thinkphp5.1 - twig使用

    thinkphp5.1 - twig使用1.安装按照:https://github.com/yunwuxin/think-twigTwig Template For ThinkPHP5 安装 comp ...

  4. 关于交叉编译Nodejs的坑

    前言 交叉编译Nodejs到其他平台上的时候,遇到了2个坑,网上极少有人提及,花了整个晚上才解决,在此记录下. 我的编译目标环境为: 龙芯3A 编译脚本 cd 代码目录 export PREFIX=/ ...

  5. zipfile

    zipfile是一个用于处理zip压缩格式的文件的模块, 主要会用到它的ZipFile类 import zipfile zipfile.is_zipfile('myzip.zip')) # 判断一个文 ...

  6. c# 多线程解决死锁问题

    可使用:Monitor.TryEnter()方法.虽然这种方法可以解决死锁问题,但是最好还是不要出现死锁这种情况.如果出现死锁这种情况,就说明代码有问题啊.还是在else里面加个日志记录下吧,然后再解 ...

  7. 动手学深度学习9-多层感知机pytorch

    多层感知机 隐藏层 激活函数 小结 多层感知机 之前已经介绍过了线性回归和softmax回归在内的单层神经网络,然后深度学习主要学习多层模型,后续将以多层感知机(multilayer percetro ...

  8. 动手学深度学习5-softmax回归

    softmax回归 softmax 回归模型 单样本分类的矢量计算表达式 小批量样本分类的矢量计算表达式 交叉熵损失函数 模型预测以及评价 小结 softmax回归 前几节介绍的是线性回归模型适用于输 ...

  9. pod的yaml例子

    apiVersion: apps/v1beta2 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 selecto ...

  10. because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checkin

    1 前言 浏览器报错误(chrome和firefox都会):because its MIME type ('text/html') is not a supported stylesheet MIME ...