This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

https://github.com/noqcks/BeyondCorps

BeyondCorps的更多相关文章

  1. mxonline实战11,课程详情页2,课程章节页

    对应github地址:第11天   一. 课程详情页2   1. 课程详情页第2块中的课程介绍中,修改course-detail.html中代码,搜索课程详情,找到如下代码

随机推荐

  1. [LeetCode] 785. Is Graph Bipartite? 是二分图么?

    Given an undirected graph, return true if and only if it is bipartite. Recall that a graph is bipart ...

  2. rIoTboard学习系列

    刚在咸鱼买了块开发板,比较老了14年的,SOC为imx6solo,内核3.10,uboot2009的,准备先移植一个较新的uboot 到nxp的git下获取他们维护的uboot,网址http://gi ...

  3. JVM系列之五:垃圾回收

    . jdk1.7的堆内存 1. 堆(Java堆) 堆是java虚拟机所管理的内存中最大的一块内存区域,也是被各个线程共享的内存区域, 在JVM启动时创建,该内存区域存放了对象实例(包括基本类型的变量及 ...

  4. Java 中 override 和 overload 区别

    问题出现: 即使对于一个经验丰富的开发人员来说,方法重载和方法覆盖的区别都能让他犹豫一下, 对于新手来说,经常容易弄混淆. 有没有比较深入浅出的理解方式,能让人过目不忘,用起来还能有条件反射般的速度呢 ...

  5. PDMan-2.1.0 正式发布:用心开源,免费的国产数据库建模工具 PowerDesigner

    PDMan是一款开源免费的数据库模型建模工具,支持Windows,Mac,Linux等操作系统,是PowerDesigner之外,更好的免费的替代方案.他具有颜值高,使用简单的特点.包含数据库建模,灵 ...

  6. 使用Docker构建Jekyll框架网站

    使用Docker构建Jekyll框架网站 使用dockerfile构建apache + jekyll 目录 Jekyll基础镜像 构建Jekyll基础镜像 Apache镜像 构建Jekyll Apac ...

  7. Ext.Net GridPanel (属性|方法|配置|详细介绍)

    1.Ext.NET ---- GridPanel 主要配置项: store:表格的数据集 columns:表格列模式的配置数组,可自动创建ColumnModel列模式 autoExpandColumn ...

  8. Sentry异常捕获平台

    本文包括Sentry平台的介绍,以及环境搭建两部分,更多细节请查阅官方文档. 简介 Sentry是一个实时事件的日志聚合平台.它专门监测错误并提取所有有用信息用于分析,不再麻烦地依赖用户反馈来定位问题 ...

  9. Elasticsearch Field Options Norms

    Elasticsearch 定义字段时Norms选项的作用 本文介绍ElasticSearch中2种字段(text 和 keyword)的Norms参数作用. 创建ES索引时,一般指定2种配置信息:s ...

  10. 单点登录(sso)入门

    单点登录的英文名叫做Single Sign On,简称SSO. 在以前,一般我们就单系统,所有的功能都在同一个系统上. 后来,我们为了合理利用资源和降低耦合性,于是把单系统拆分成多个子系统. 比如阿里 ...