I'm looking for a free or cheap way to set this up for my infrastructure. This seems like an appealing model to me, but it doesn't seem very common yet. To have every Google employee work successfully from untrusted networks without the use of a VPN. Google's BeyondCorp mission (2011-present) All access to services must be authenticated, authorized, and encrypted.Access to services is granted based on what we know about you and your device.Connecting from a particular network must not determine which services you can access.Single sign-on, access proxy, access control engine, user inventory, device inventory, security policy, and trust repository. My understanding is the big new thing is Google's BeyondCorp security model which does away with VPNs and just makes everything directly Internet-facing and protected behind an auth layer. The traditional approach would be to set up a VPN and keep everything on the internal network, but that can carry its own issues (can be annoying and disruptive to switch networks results in a "hard shell, soft interior" without other measures). I'd like it to be restricted for all services: SSH, HTTPS, etc. I'm looking to set up some private infrastructure (developer infrastructure like internal wikis, internal webapps, GitLab) and would like to lock every server down behind some sort of SSO with MFA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |