Explore the concept of BeyondCorp and its implementation in enterprise security through this LASCON conference talk. Delve into the challenges of traditional enterprise security models and learn how to adapt to modern remote work environments. Discover the key components of Google's BeyondCorp architecture, including strong user authentication, device authentication, and centralized security control. Examine practical demonstrations of implementing this pattern in open-source web applications, focusing on separating authentication from business functionality using tools like SAML. Gain insights into modifying web application frameworks such as Django to enable conditional permissions based on session metadata. Follow along with hands-on demos showcasing the world's simplest application, device certificate implementation, and extensible access control. Conclude with a discussion on the current state of enterprise security, rules and attributes, and device fingerprinting techniques.
Be Ready for BeyondCorp - Enterprise Identity, Perimeters and Your Application
Overview
Syllabus
Introduction
Not so easy
Protect the environment
Manage the transition
Google BeyondCorp
Architecture
Recap
Understand your assets
Parameters
Outbound perimeter
Device management
Identity ecosystem
BeyondCorp architecture
Policy enforcement
OAuth
Identity Provider
SAML All or Nothing
Application Permissions Demo
Rejecting tools
Demo
Django
Django middleware
Django authentication model
App proxy flow
Extensible access control
Three components
Demos
Worlds simplest application
All Im doing
Demo gods
Send device certificate
Import
Limitations
Summary
Where are we
Rules and attributes
Vice fingerprinting
Contact information
Taught by
LASCON
