(www.bastionzero.com)

656 points EthanHeilman | 2 comments | 27 Jan 22 15:06 UTC | HN request time: 2.152s | source

Show context

uncomputation ◴[27 Jan 22 17:33 UTC] No.30103419[source]▶

> “Enterprise applications should be able to be used over the public internet.”

Isn’t exposing your internal domains and systems outside VPN-gated access a risk? My understanding is this means internaltool.faang.com should now be publicly accessible.

replies(10): >>30103496 #>>30103558 #>>30103584 #>>30103588 #>>30103623 #>>30104344 #>>30104669 #>>30105221 #>>30106774 #>>30106879 #

1. mjg59 ◴[27 Jan 22 21:12 UTC] No.30106774[source]▶

>>30103419 #

$ host buganizer.corp.google.com

buganizer.corp.google.com is an alias for uberproxy.l.google.com.

uberproxy.l.google.com has address 142.250.141.129

uberproxy.l.google.com has IPv6 address 2607:f8b0:4023:c0b::81

Google's corp services are publicly accessible in that sense - but you're not getting through the proxy without valid credentials and (in most cases) device identity verification.

replies(1): >>30121031 #

2. joshuamorton ◴[28 Jan 22 22:03 UTC] No.30121031[source]▶

>>30106774 (TP) #

Not to mention login.corp.google.com (which has been on the frontpage of HN before!).

↑

I read the federal government’s Zero-Trust Memo so you don’t have to