blog

12020-10-19

SEAN K.H. LIAO

beyondcorp

BeyondCorp the zero trust security framework developed by Google to shift the security perimeter to individual people and devices.

Part of that work goes into networking, creating finer grained tunnels and access controls than what VPNs offer.

overview

productcloud / selfprotocolsnotes
Tailscalecloud / selfIPp2p wireguard tunnel setp, technically a VPN
Google IAPcloud hostedTCPlocal proxy, tunnels TCP over HTTPS
Cloudflare Accesscloud hostedTCPlocal proxy, tunnels TCP
Hashicorp Boundaryself hostedTCPlocal proxy, tunnels TCP
AWS Worklinkcloud hostedHTTPSremote desktop/browser?
Oauth2-proxyself hostedHTTPSreverse proxy for HTTPS
yahoo/athenzself hostedHTTPSreverse proxy for HTTPS
Pomeriumself hostedHTTPSreverse proxy for HTTPS / ext auth endpoint
Azure App Proxycloud hostedHTTPS / RDPreverse proxy for HTTPS / RDP?
Duo Network Gatewayself hostedHTTPS / SSHreverse proxy for HTTPS / SSH
Okta Access Gatewayself hostedHTTPS / SSHreverse proxy for HTTPS / SSH (Adv.Server Access)
Trasaself hostedHTTPS / SSH / RDPreverse proxy for HTTPS / SSH / RDP / ext auth endpoint
strongDMcloud hosted?SSH / RDP / k8s? / databaseslocal proxy, tunnels TCP over TLS, extra support for SSH / RDP / K8s / databases
Gravitational Teleportself hostedSSH / k8s?reverse proxy for SSH / some k8s specific support?

other

productcloud / selfprotocolsnotes
Smallstepcloud hostedSSHSSO for SSH (issues SSH certs on demand)