zlacker

[return to "I read the federal government’s Zero-Trust Memo so you don’t have to"]
1. static+ua[view] [source] 2022-01-27 15:56:56
>>EthanH+(OP)
This is pretty incredible. These aren't just good practices, they're the fairly bleeding edge best practices.

1. No more SMS and TOTP. FIDO2 tokens only.

2. No more unencrypted network traffic - including DNS, which is such a recent development and they're mandating it. Incredible.

3. Context aware authorization. So not just "can this user access this?" but attestation about device state! That's extremely cutting edge - almost no one does that today.

My hope is that this makes things more accessible. We do all of this today at my company, except where we can't - for example, a lot of our vendors don't offer FIDO2 2FA or webauthn, so we're stuck with TOTP.

◧◩
2. codema+cr1[view] [source] 2022-01-27 21:25:07
>>static+ua
Google does 1, 2, and 3 internally. If you join https://landing.google.com/advancedprotection/ you can get something similar for personal public accounts.
◧◩◪
3. static+Oq2[view] [source] 2022-01-28 04:42:10
>>codema+cr1
My company is built on GSuite. We use APP and CAA for everything.
◧◩◪◨
4. unixhe+ya6[view] [source] 2022-01-29 09:51:44
>>static+Oq2
What do you guys do?
[go to top]