Google: a firewall is not the ultimate solution of network security-firewall, VPN,Google-IT information

Href = "http://www.iThome.com/" target= "_blank" information February 18 >IT recently, RSA Security Conference, Google introduced its own access control mechanism. The company said, based on VPN and firewall access control mechanism was not reliable. Device authentication mechanism is a better security solution.

Google's security Director Heather Adkins said, seven years ago, has a Google security engineer inspiration, ideas that do not have a "wall" of the world: authenticated users system based on the employee's work and its equipment, to transfer all the authentication to devices, keeps track of all devices connected to the internal service, dynamic definition of equipment trust.

Site reliability engineering manager Rory Ward said, they have users, devices and each device accessing the Google system trust indicates that the complete information. For example, if an employee wants to access the source system, then he or she must be a full-time employee, use the machine must be fully trusted . This validation of equipment more flexible and precise access control, instead of the firewall filter according to the General rules, such as access to content.

谷歌：防火墙并非网络安全的终极方案 - 防火墙,VPN,Google - IT资讯

href="http://www.ithome.com/" target="_blank">IT资讯2月18日消息 近日，谷歌在RSA安全会议上介绍了自己的访问控制机制。该公司表示，目前基于VPN和防火墙的访问控制机制并不可靠。设备身份验证机制才是更好的安全方案。

谷歌安全总监Heather Adkins称，七年前Google的安全工程师产生了一个灵感，设想了一个没有“墙”的世界：系统根据雇员的工作及其设备认证用户，将所有身份验证都转移到设备，跟踪所有连接到企业内部服务的设备，动态定义设备的信任。

网站可靠性工程经理Rory Ward称，他们掌握了用户、设备和访问Google系统的每一台设备信任指示的完全情报。举例来说，如果一名雇员想要访问源代码系统，那么他/她必须是全职雇员，使用的机器必须是完全可信任的。这种对于设备的验证可以更加灵活和精确地对访问进行控制，而并非防火墙等根据普遍规则来过滤访问内容。