使用BeyondCorp实现零信任架构

v20260601

implementing-zero-trust-with-beyondcorp

本技能指导如何部署Google BeyondCorp Enterprise，实现零信任安全模型。它利用身份感知代理（IAP）和访问上下文管理器（ACM），基于用户身份、设备状态和上下文信息，对所有访问GCP资源的请求进行深度认证和授权，彻底消除传统网络边界的信任依赖。

零信任 BeyondCorp Google Cloud IAP 访问上下文管理器安全身份管理云安全

获取技能

259 次下载

概览

Implementing Zero Trust with BeyondCorp

Overview

Google BeyondCorp Enterprise implements the zero trust security model by eliminating the concept of a trusted network perimeter. Instead of relying on VPNs and network location, BeyondCorp authenticates and authorizes every request based on user identity, device posture, and contextual attributes. Identity-Aware Proxy (IAP) serves as the enforcement point, intercepting all requests to protected resources and evaluating them against Access Context Manager policies. This skill covers configuring IAP for web applications, defining access levels based on device trust and network attributes, and auditing access policies for compliance.

When to Use

When deploying or configuring implementing zero trust with beyondcorp capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Google Cloud project with BeyondCorp Enterprise license
IAP API enabled (iap.googleapis.com)
Access Context Manager API enabled (accesscontextmanager.googleapis.com)
GCP resources to protect (Compute Engine, App Engine, or GKE services)
Endpoint Verification deployed on managed devices
Python 3.9+ with google-cloud-iap library

Steps

Step 1: Enable IAP on Target Resources

Configure Identity-Aware Proxy on Compute Engine, App Engine, or HTTPS load balancer backends.

Step 2: Define Access Levels

Create Access Context Manager access levels based on IP ranges, device attributes (OS version, encryption, screen lock), and geographic location.

Step 3: Bind Access Policies

Apply access levels as IAP conditions to enforce context-aware access decisions on protected resources.

Step 4: Audit and Monitor

Query IAP audit logs, verify policy enforcement, and identify gaps in zero trust coverage.

Expected Output

JSON report containing IAP-protected resources, access level definitions, policy binding audit results, and zero trust coverage metrics.

信息

Category 硬件工程

Name implementing-zero-trust-with-beyondcorp

版本 v20260601

大小 9.03KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-06-03