(www.bastionzero.com)

656 points EthanHeilman | 1 comments | 27 Jan 22 15:06 UTC | HN request time: 0.218s | source

Show context

uncomputation ◴[27 Jan 22 17:33 UTC] No.30103419[source]▶

> “Enterprise applications should be able to be used over the public internet.”

Isn’t exposing your internal domains and systems outside VPN-gated access a risk? My understanding is this means internaltool.faang.com should now be publicly accessible.

replies(10): >>30103496 #>>30103558 #>>30103584 #>>30103588 #>>30103623 #>>30104344 #>>30104669 #>>30105221 #>>30106774 #>>30106879 #

enriquto ◴[27 Jan 22 17:44 UTC] No.30103558[source]▶

>>30103419 #

As I understand it, this sentence says that the application should be safe even if it was exposed to the public internet, not that it needs to be exposed. It is a good practice to securize everything even if visible only internally. The "perimeter defense" given by a VPN can be a plus, but never the only line of defense.

replies(3): >>30103607 #>>30103636 #>>30103760 #

jaywalk ◴[27 Jan 22 17:47 UTC] No.30103607[source]▶

>>30103558 #

No, the memo pretty clearly says that VPNs need to go away.

replies(2): >>30103780 #>>30103879 #

1. ◴[27 Jan 22 17:59 UTC] No.30103780[source]▶

>>30103607 #

↑

I read the federal government’s Zero-Trust Memo so you don’t have to