8 dépôts
Techniques for isolating network zones to contain potential breaches.
Distinguishing note: Specifically addresses network-level isolation rather than application-level access control.
Explore 8 awesome GitHub repositories matching security & cryptography · Network Segmentation. Refine with filters or upvote what's useful.
Ce projet est une ressource éducative et un guide d'étude complet axé sur l'architecture des systèmes distribués et la conception d'infrastructures backend. Il fournit un programme structuré pour maîtriser les principes de scalabilité, de fiabilité et de performance requis pour concevoir des systèmes logiciels complexes. Le dépôt se distingue en offrant une approche méthodique de la préparation aux entretiens techniques, intégrant des modèles de conception, des compromis architecturaux et des outils de répétition espacée pour aider les utilisateurs à retenir des concepts complexes. Il met l'accent sur l'analyse axée sur les contraintes, enseignant aux utilisateurs comment évaluer des exigences concurrentes comme la latence, la cohérence et la disponibilité lors de l'élaboration de conceptions architecturales. Le contenu couvre un large spectre de capacités de conception de systèmes, notamment des stratégies pour la mise à l'échelle des bases de données, la gestion du trafic et l'optimisation de l'infrastructure. Il détaille des techniques pour la mise à l'échelle horizontale, la mise en cache multicouche, la communication asynchrone et la découverte de services, tout en fournissant des cadres pour effectuer des estimations de ressources et la planification de la capacité. La documentation est organisée comme un guide d'étude, offrant un chemin systématique à travers les fondamentaux de l'ingénierie backend et de la conception de systèmes à grande échelle.
Provides guidance on isolating network zones to contain potential breaches within distributed system architectures.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Provides strategies for isolating network segments to limit lateral movement during security incidents.
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
Synchronizes user identities and group memberships to automate network access control and isolate network segments.
Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft
Creates isolated, encrypted network overlays to enforce security boundaries between departments, environments, or workloads without requiring separate physical infrastructure.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Teaches network segmentation as a fundamental strategy to isolate zones and contain breaches.
zrok est un service de réseau zero trust qui fournit un overlay mesh sécurisé pour exposer des services et des fichiers locaux à travers les pare-feux et le NAT, sans nécessiter de redirection de port manuelle. Il fonctionne comme un gestionnaire de réseau zero trust, orchestrant les identités, les politiques et les routeurs pour établir une connectivité sécurisée entre les applications et les utilisateurs. Le projet se distingue par l'utilisation du routage basé sur l'identité et de frontends HTTP durcis qui s'intègrent à des fournisseurs d'identité externes. Ces capacités permettent la création de proxies conscients de l'identité et de reverse proxies sécurisés qui authentifient les utilisateurs avant d'accorder l'accès aux applications web internes. Les capacités plus larges de la plateforme incluent le partage de ressources peer-to-peer pour les services TCP et UDP, le partage de lecteurs réseau et la micro-segmentation consciente de l'identité pour les réseaux informatiques et opérationnels. Il fournit également une interface programmatique via un SDK de partage sécurisé pour intégrer ces capacités de tunnelisation directement dans des applications externes. L'infrastructure peut être déployée en tant que contrôleur auto-hébergé et stack réseau privée sur des environnements Linux, Docker ou Kubernetes.
Enforces identity-aware security policies and observes traffic flows across IT and OT networks.
This repository provides a structured set of hands-on lab workbooks for learning Microsoft Azure administration. It is designed to guide learners through the practical tasks required to manage core Azure services, covering identity and access management, governance, storage, compute, and networking. The labs focus on key administrative capabilities, including managing user identities and role-based access control within Microsoft Entra ID, enforcing organizational rules with Azure Policy, and deploying and managing virtual machines, container apps, and web apps. The content also covers config
Provides labs for creating isolated virtual networks with subnets, NSGs, and peering in Azure.
Scanopy is a self-hosted infrastructure inventory and network discovery tool. It identifies hosts, services, and workloads across subnets to build a live model of network infrastructure, maintaining a searchable catalog of assets. The system features an interactive network topology visualizer that generates physical, logical, and application dependency diagrams. It maps the nesting chain from physical hardware and hypervisors down to virtual machines and containers, utilizing SNMP for hardware metadata and container APIs for workload discovery. The platform supports distributed network scann
Categorizes and labels subnets by type to organize local network segments and remote assets.