Access for Hackers

Hello Teleport Community,

Our team has just returned from Hacker Summer Camp (bSides Las Vegas, Blackhat and DEFCON). I met many customers, OSS users, hackers and security engineers at bSides. I had lots of great conversations at the bSides, and it was good to chat with both red and blue teams. This month’s newsletter is a review of some of my conversations from the week.

Teleport for Blue Teams

The Blue Teams are defenders of the infrastructure. While the team ‘blue team’ has a specific meaning, I’m encompassing all security engineers, SREs and DevOps teams tasked with protecting infrastructure. Teleport can help in a few key areas:

1. Improving security (replacing long-lived secrets with short-lived certificates)
2. Robust access controls
3. Detailed audit log and session recordings
4. Easy principle of least privilege

These benefits are well known for current Teleport deployments. The other common benefit of Teleport was its ease of helping with GRC (Governance, Risk and Compliance), with both our SaaS offering with ISO 27001, HIPAA, and SOC 2 Compliance Milestones or our Self-hosted binary to help with FedRAMP, HIPAA and SOC2.

Teleport for Red Teams

The Red Teams are attackers of the infrastructure. They may be in-house but are often brought on as consultants, as pentesters or in the offensive team. Teleport may not seem like an obvious choice or tool for Red Teams, but this is why I think it’s perfect.

1. Comprehensive logging and session recording: Teleport audit log and session recordings make it very easy to share / replicate findings. A collection of session recordings acts as a self-updating journal.
2. Remote and short-lived access to remote systems: I spoke to a lot of red-team consultants who often need to access a system for a short period of time but not leave a system open. Teleport Trusted Clusters are a perfect solution for this deployment model, as the control can be maintained by the 3rd party completing the audit.
3. eBPF Magic: There are a few sneaky ways in which red teams can circumvent Teleport session recording. This is why we recommend using enhanced session recording, and this tool can be used to better understand scripts and programs.
4. Protecting Zero-Days: We have a team on our Protect OSS initiative that’s using Teleport to protect a non-profit organization researching malware and zero-days. They use Teleport to protect the infrastructure used to research, deploy and test zero-days. Having the ease of Teleport creates an audited and secure environment for the team to get the job done.

Teleport for the Paranoid

Lastly there is a 3rd group of people: the paranoid. Teams are worried about both external and insider threats. Insider threats are a tricky problem to solve. To limit any potential blast radius for insider threats, we recommend a couple of things.

• Use Access Requests for JIT (Just In Time) Access. It’s much less likely that a person will ‘poke and prod’ a system or database if they only have short-lived access. Learn more about Teleport’s JIT Access Requests.
• Roll out webauthn/passwordless. Passkeys for infrastructure are ‘phishing-proof, I would recommend using them over OTP.
• Use multiparty and moderated sessions. Moderated sessions is an awesome feature for watching and observing interactive SSH and kubectl sessions. They allow one or many people to watch access to a live system, with the ability to terminate the session if anything goes awry.

Teleport conference Connect 2023 - SF - Oct 25th

We are back with our 2nd user conference. Our agenda is almost finished and we’ll have two tracks again. This year we’ll have a dedicated Teleport Engineering track that’ll deep-dive into both Teleport features and best practices and tips for running Teleport at scale. The main room will feature a keynote speaker and highlight stories from our community.

As a reader of the newsletter, we would like to offer you 50% off your conference ticket. Please use TeleportNews50 promo to get a ticket for only $74.50!

Learn more about Teleport Connect 2023, and see our first batch of speakers at

https://goteleport.com/teleport-connect-2023

Product updates

• Teleport 13.3.2
• Teleport 13.3.1
• Teleport 11.3.20

ICYMI

• [blog] Teleport Achieves ISO 27001, HIPAA, and SOC 2 Compliance Milestones
• [video] Teleport Cloud Enablement Series 101