This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.

Introduction

"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.

The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.

The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.

Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.

ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.

Implementation

While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.

https://github.com/noqcks/BeyondCorps

BeyondCorps的更多相关文章

  1. mxonline实战11,课程详情页2,课程章节页

    对应github地址:第11天   一. 课程详情页2   1. 课程详情页第2块中的课程介绍中,修改course-detail.html中代码,搜索课程详情,找到如下代码

随机推荐

  1. [LeetCode] 263. Ugly Number 丑陋数

    Write a program to check whether a given number is an ugly number. Ugly numbers are positive numbers ...

  2. xshell 与服务器断开连接后 服务停止500internal error

    看某教程用uwsgi +nginx运行django项目,但是xshell关掉之后服务会停止. 大佬一席话,胜趟十天坑. 把supervisor配置好之后正常运行. 如何配置?百度啊! 附录一个好的教程 ...

  3. Python3 使用企业微信 API 发送消息

    #coding=utf- import requests import json Secret = "TUbfeW8nFQakwOS4czm13SCnxSUPOqY2K0XHtM8XLT34 ...

  4. 调用其他python脚本文件里面的类和方法

    问题描述: 自己编写了若干个Python脚本. 在testC.py里面需要调用testA.py和testB.py里面的若干类和方法.要怎么办? 需要都打包.安装,再去调用吗? 其实不必那么麻烦. 这里 ...

  5. 我的周记10——“知行合一"

    印象中有个名人说过一句名言:与其游手好闲地学习,不如学习游手好闲 来自 玉伯 .  字是真的好看,有风格 现在已经是第十篇周记了,写着写着慢慢偏离了初衷,但庆幸的是坚持下来写.我相信在用心写好每篇周记 ...

  6. ScheduledThreadPoolExecutor周期任务或延时任务线程池

    ScheduledThreadPoolExecutor可以代替timer,timer的缺点是一个timer启动一个线程,如果任务数量很多,会创建很多线程,不推荐使用. ScheduledThreadP ...

  7. ABA问题的产生及解决

    什么是ABA问题 在CAS算法中,需要取出内存中某时刻的数据(由用户完成),在下一时刻比较并交换(CPU保证原子操作),这个时间差会导致数据的变化. 1.线程1从内存位置V中取出A2.线程2从内存位置 ...

  8. GNU Makefile中的条件控制结构

    在常见的编程语言中,使用条件控制结构诸如if ... else if ... else...是很寻常的事情,那么在GNU Makefile中如何使用呢? ifeq ifneq 例如:foo.sh #! ...

  9. aspect原理分析

    人的记忆能力是有限的,分析.建模与解释能力是无限的 Call Hierarchy isa hook aspect_hookClass() aspect_prepareClassAndHookSelec ...

  10. StringBuilder删除最后的字符

    stringbuilder碰到拼接XXx:XXX:这样的字符的时候,往往需要删除最后一个字符,通过remove(起始索引,向右移除的个数)可以实现. StringBuilder sb = new St ...