6 Repos
Architectures that hide network resources and grant access only to verified entities.
Distinguishing note: Focuses on the perimeter-hiding aspect of security.
Explore 6 awesome GitHub repositories matching security & cryptography · Software-Defined Perimeters. Refine with filters or upvote what's useful.
Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing n
Restricts network access by verifying device identity and enforcing granular communication policies before allowing connection.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Hides network resources from the public internet and grants access only to authenticated users.
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
Hides network resources from the public internet and grants access based on identity and device posture.
OpenNHP is a software-defined perimeter controller designed to secure network infrastructure by rendering services invisible to the public internet. It functions as a zero-trust network access gateway, ensuring that network resources remain hidden from unauthorized discovery and automated scanning tools until a client successfully verifies their identity. The system enforces security through a combination of cryptographic identity verification and dynamic firewall orchestration. By requiring a cryptographically signed packet to initiate a connection, the platform keeps all network ports in a
Provides a software-defined perimeter architecture to obscure network resources from unauthorized discovery.
Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft
Hides network resources from the public internet to enforce a software-defined perimeter.
Ziti is a zero-trust network overlay and identity-based mesh network. It provides a software-defined perimeter that replaces traditional IP-based routing and VPNs by mapping network services to cryptographically verified identities, effectively cloaking applications from the public internet. The project distinguishes itself through an outbound-only connection model that eliminates open listening ports and a Zero Trust SDK that allows developers to embed encryption and identity-based access control directly into application source code. It also provides transparent tunneling proxies to extend
Employs a software-defined perimeter to make network services invisible to unauthorized users and scanners.