top | item 22283298

(no title)

prebrov | 6 years ago

VPN, or any other network segmentation does, indeed, just shift the attack surface, and often creates a false sense of security behind a network perimeter.

Google, for example, proposes a different school of thought – zero trust network, and strong contextual authentication of each individual request.

Precisely because you need to expose more services to more users, you need to be extremely conscious about treating singular network ingress point as a primary security gateway.

Check out https://beyondcorp.com, it’s a very interesting concept.

discuss

No comments yet.