BeyondCorps
作者:互联网
This repository provides a short description of the BeyondCorp security model and resources for implementing this model at your organization.
Introduction
"BeyondCorp" is a Zero Trust¹ security framework initially created by Google. It challenges the idea of perimeter security in the form of network segmentation in order to separate "outsiders" from trusted employees.
The issue with perimeter security is that it assumes everyone inside the network is trused and everyone outside the network is not! This can be false in two aspects; you can have an intruder that has breached the perimeter and is untrusted, and you can have a trusted employee working from a coffee shop that is unable to access company resources.
The perimeter security model work effectively when all employees work exclusively in buildings owned by the enterprise, but doesn't work nearly as well when a workforce is mobile.
Unlike the traditional perimeter security model, BeyondCorp dispels the notion of network segmentation as the primary mechanism for protecting sensitive resources. Instead, all applications are deployed to the public Internet, accessible through a user and device-centric authentication and authorization workflow.
ScaleFT put together a website that has a more detailed explanation of the BeyondCorp model.
Implementation
While you could technically implement the BeyondCorp model on your own, the architecture requires you to build some non-trivial infrastructure (see image). This blog post by ScaleFT goes into some great deal on the components needed to build a BeyondCorp on your own.
https://github.com/noqcks/BeyondCorps
标签:perimeter,network,BeyondCorps,security,BeyondCorp,model,resources 来源: https://www.cnblogs.com/hshy/p/11980978.html