Secure Practices for Teleport Clusters

To help ensure that Teleport can protect your infrastructure in a production environment, you should be aware of and follow recommended security practices and address potential security issues to reduce system vulnerabilities and to avoid security incidents. In most cases, there are tradeoffs between convenience and security that you should take into consideration.

The topics in this section are intended to help secure your Teleport cluster in a way that's acceptable and reasonable for your organization.

You should note that the security practices covered in this section aren't necessarily reflected in the examples used in the documentation. Examples in the documentation are primarily intended for demonstration purposes and for development environments.

• Restrict Access for Privileged Accounts. Learn about potential risks of allowing privileged access and how to mitigate them.
• Reducing the Blast Radius of Attacks. Prevent attackers from accessing your infrastructure even if they manage to obtain passwords or certificates.
• Revoking Access. Revoke access in the event of a compromise.