Hacker News new | past | comments | ask | show | jobs | submit login

BeyondCorp does not imply opening up your network to the entire world! If anything, it means locking down your network tighter, because not even the office is privileged. Production is a black box that you touch by authenticating through the same reverse proxy tier, no matter where outside of it you are. In effect, nginx is your “VPN” server and everyone has to use it.

Plenty of companies paid dearly for trusting every device that merely needed internet access.




> BeyondCorp does not imply opening up your network to the entire world!

I think GP is implying that IT departments are taking away that [wrong] message. Just look at the proliferation of zero trust companies that do no such thing.


> Just look at the proliferation of zero trust companies that do no such thing.

Is there a list I can look at? Who are you referring to?


Internet exposed bastion hosts to production, that have no IP whitelisting are not the best idea, unfortunately not uncommon nowadays.


That's what a VPN server is.


Organizations that have high value assets would deploy multiple layers of these, not just one, basically depending on value of assets.


You're gonna get some pretty fun pathological networking behaviors tunneling VPNs on VPNs.


You need always need multiple layers of security. Using the network itself as one was never necessary, although it has been convenient.

Nowadays U2F based 2fa authentication and need to know based authorization are usually superior.


Applying both is better, then just depending on one of them.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: