←back to thread

I read the federal government’s Zero-Trust Memo so you don’t have to

(www.bastionzero.com)
656 points EthanHeilman | 1 comments | 27 Jan 22 15:06 UTC | HN request time: 0.26s | source
Show context
uncomputation ◴[27 Jan 22 17:33 UTC] No.30103419[source]
> “Enterprise applications should be able to be used over the public internet.”

Isn’t exposing your internal domains and systems outside VPN-gated access a risk? My understanding is this means internaltool.faang.com should now be publicly accessible.

replies(10): >>30103496 #>>30103558 #>>30103584 #>>30103588 #>>30103623 #>>30104344 #>>30104669 #>>30105221 #>>30106774 #>>30106879 #
1. nonameiguess ◴[27 Jan 22 17:49 UTC] No.30103623[source]
The point isn't to actually expose your internal services. It's to not assume that attackers can't breach your network perimeter. Internal traffic should be treated with the same level of trust as external traffic, that is, none at all.