Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Background image

Teleport Academy

Teleport Academy
Additional Resources

Articles by Topic

All
Teleport Academy
Cryptographic Identity
Zero Trust for Infrastructure Access
Authentication and Privileges
Governance
Infrastructure Access
Compliance & Audit
Additional Resources
Compare
How-to Guides
Resource Access and Identity Verification Methods

Articles

Teleport Academy > Cryptographic Identity

What is Cryptographic Identity?

Cryptographic Identity refers to the use of computer science and mathematical theory to securely establish and verify the identity of a user, device, or system in digital communications. Identity-based encryption is vital in ensuring secure interactions over the internet and in various digital systems.

Go to Article

What are short-lived certificates?

Short-lived certificates are digital certificates with a brief validity period, designed to enhance cybersecurity by expiring quickly.

Go to Article

Credentials vs. Cryptographic Identity

With cyberthreats on the rise and now centered on identity, there is a need for methods of authentication that are resilient to phishing and human error.

Go to Article

SSH Keys Explained: Enhancing Secure Access

Whether you're new to SSH or looking to enhance your existing security measures, understanding the fundamentals of SSH keys is crucial for maintaining a secure and streamlined infrastructure.

Go to Article

Teleport Academy > Zero Trust for Infrastructure Access

What is zero trust security for applications and workloads?

Most ZTNA technologies, although adept at securing zero trust access to networks, do not embed the identity and protocol-level information necessary to apply zero trust principles for application access or workload access in modern computing infrastructure.

Go to Article

Teleport Academy > Authentication and Privileges

What is Secretless (Passwordless) Authentication?

Secretless or passwordless authentication eliminates traditional password-based methods and instead uses mechanisms that rely on verifiable identity elements—such as biometrics, digital certificates, and hardware tokens

Go to Article

What are Access Requests?

Access Requests support the principle of least privilege by ensuring individuals have access only to the resources necessary for their specific tasks, thereby minimizing potential security risks.

Go to Article

What is Authorization?

Authorization plays a pivotal role in cybersecurity and access management, serving as the gatekeeper that determines which resources a user can access and what actions they can perform within a system.

Go to Article

What are Ephemeral Privileges?

By granting temporary access rights that expire after a brief period, ephemeral privileges ensure that access is only available for the duration necessary to complete specific tasks.

Go to Article

What is Just-In-Time (JIT) access?

Just-in-time (JIT) access refers to the provisioning of privileged access only when it is needed, and for a limited duration.

Go to Article

Principle of Least Privilege: What It Is & How to Implement It

Principle of least privilege defines just-in-time access to your cloud-native environment to meet security and compliance requirements without disrupting your teams.

Go to Article

What is RBAC?

RBAC stands for Role-Based Access Control. It is a method of regulating access to servers, computers or network resources based on the roles of individual users within an organization.

Go to Article

What is ABAC?

Attribute-Based Access Control (ABAC) is a method of regulating access to resources based on the attributes of both the resource and the user requesting access.

Go to Article

What is MAC (Mandatory Access Control)?

Mandatory Access Control (MAC) is a type of access control that imposes a predefined set of security rules, or labels, to control which users or systems can access specific resources.

Go to Article

What is OAuth 2.0 (Open Authorization)?

OAuth 2.0 (Open Authorization) is a standard for authorization where a user allows an application to access their resources hosted on another application, on their behalf, without the sharing of their credentials.

Go to Article

What is FIDO (Fast IDentity Online)?

FIDO, or Fast IDentity Online, is a group of open standard authentication protocols created to strengthen and simplify the security of online authentication by reducing the reliance on passwords.

Go to Article

What is U2F (Universal 2nd Factor)?

U2F (Universal 2nd Factor) is a universal authentication standard that provides an additional layer of security for online accounts.

Go to Article

What is WebAuthn?

WebAuthn is a web standard for secure, passwordless authentication allowing web servers to authenticate users with asymmetric cryptography instead of passwords.

Go to Article

What is OIDC (Open ID Connect)?

OIDC, or OpenID Connect, is an authentication layer built on top of the authorization protocol OAuth 2.0 and provides a standardized way for users to authenticate themselves to web applications.

Go to Article

What Is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between parties, and in particular, between an identity provider (IdP) and a service provider (SP). The Identity Provider will verify the identity of the user, verifying they are who they say they are.

Go to Article

The Failures of Shared Secrets and How We Can Replace Them

User authentication is a crucial component of securing any system. Access to sensitive infrastructure resources such as servers, databases and applications must be restricted to authorized users only.

Go to Article

What is Time-Based One-Time Password & How it Works

This article provides a deep dive into TOTP (Time-based One-Time Password), a popular multi-factor authentication method. It explains the inner workings of TOTP, its benefits, use cases, and compares it to other authentication methods like SMS and biometric authentication.

Go to Article

Risk-Adaptive Access Control (RADAC): A Deep Dive

Risk-adaptive access control (RADAC) is a modern security approach that tailors authorization based on real-time risk evaluation and contextual factors, going beyond traditional static models. This article explores the benefits, key components, real-world applications, and future trends of RADAC.

Go to Article

SMS MFA: Is It Safe? Security Risks & Better Alternatives

This article delves into the pros and cons of SMS MFA, highlighting its vulnerabilities and why it's often considered less secure than other methods like authenticator apps and security keys. It provides best practices for mitigating SMS MFA risks and discusses potential future advancements in SMS-based authentication.

Go to Article

Rule-Based Access Control (RuBAC): A Complete Guide

This comprehensive guide to Rule-Based Access Control (RuBAC) explains how it strengthens data security by managing user access based on predefined roles and rules. Learn about the benefits of RBAC, best practices for implementation, and how it aligns with Zero Trust security principles.

Go to Article

Time-Based Access Control (TBAC): A Complete Guide

Time-Based Access Control (TBAC) enhances security by adding a temporal dimension to access control models. TBAC grants time-limited privileges, automatically revoking access upon expiration or task completion, minimizing risks and streamlining workflows.

Go to Article

PIM vs. PAM: Choosing the Right Approach for Identity Management

Two key concepts often come into play when discussing privileged access security: Privileged Identity Management (PIM) and Privileged Access Management (PAM). While both PIM and PAM aim to mitigate the risks associated with privileged access, they focus on different aspects of the privileged access lifecycle and offer distinct benefits.

Go to Article

SCIM Overview: Streamlining User Management

As a system administrator, you're always looking for ways to simplify user management across your organization's IT infrastructure. With the growing adoption of cloud services and the need for seamless integration between systems, a standardized approach to identity management has become essential. This is where SCIM comes into play.

Go to Article

Teleport Academy > Governance

What is Identity Governance & Administration (IGA)?

Identity Governance and Administration (IGA) is a comprehensive approach to managing and securing user identities and access within an organization

Go to Article

What is Identity Threat Detection and Response (ITDR)?

Identity Threat Detection & Response (ITDR) focuses on protecting organizational assets through the vigilant monitoring of identity-related events.

Go to Article

What is Cloud Infrastructure Entitlement Management (CIEM)?

Cloud Infrastructure Entitlement Management (CIEM) is a class of cybersecurity identity and access management (IAM) solutions focused on reducing access risk for cloud technologies.

Go to Article

What is Observability?

Observability is a critical capability in modern software engineering, enabling teams to monitor, diagnose, and optimize complex systems across various architectures, including cloud-native, microservices, and serverless

Go to Article

Teleport Academy > Infrastructure Access

What are bastion hosts?

Bastion hosts act as fortified gateways that control access to internal resources from external networks.

Go to Article

What is mutual TLS authentication (mTLS)?

Mutual Transport Layer Security (mTLS) enhances the security of the TLS protocol by implementing two-way authentication and encryption.

Go to Article

What are non-human identities?

In DevOps architectures, where automation plays a key role, CI/CD systems and automated bots like Drone, Jenkins, and GitHub Actions, perform essential tasks related to the management, deployment, and maintenance of applications and services in cloud and on-premises deployments.

Go to Article

What is TCP/IP protocol suite?

TCP/IP, also known as Internet Protocol Suite, is a collection of networking protocols that works together to transfer a data packet from one computer to another using computer networks.

Go to Article

What is a VPN (Virtual Private Network)?

A VPN, or Virtual Private Network, is a tool that allows you to create a secure and private connection between your device and the public internet. A VPN connection will encrypt your internet traffic and route it through a remote server, keeping your activity hidden from hackers, ISPs, and any third-party with malicious intent.

Go to Article

Comparing TCP/IP and OSI Model

TCP/IP and OSI model serves a similar purpose - to map all the bits and pieces involved in networked communication. While OSI is the recommended standard, the internet was designed around the TCP/IP model.

Go to Article

How IPv4 and IPv6 works

IPv4 is a 32 bit network address scheme widely used on the internet. IPv6 is a 128 bit network address scheme designed to replace IPv4.

Go to Article

How to Access and Monitor IoT Devices Securely

Uncover effective strategies for managing IoT devices remotely at scale. Our comprehensive guide provides security teams with solutions for secure and efficient IoT device control.

Go to Article

Implementing Zero Trust Network Access in Cloud-Native Environments

Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to corporate resources based strictly on identity and context. Identity verification for every person and device is required continuously regardless of network location or whether they have previously accessed a resource or not. No one is trusted from inside the network or outside, which is a tighter ship than the traditional approach of one being universally trusted as long as they are inside the network.

Go to Article

SSH Bastion Server on AWS: Setup Guide & Security Benefits

Learn how to set up a secure SSH bastion server for your AWS EC2 instances with Teleport. Explore the advantages, setup options, and step-by-step instructions for enhancing your AWS infrastructure security. Suitable for all skill levels.

Go to Article

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

This article is a how-to guide to deploy self-hosted Teleport in a highly available mode on an on-prem environment using HAproxy, etcd, and minIO.

Go to Article

Mastering SSH Keygen

This article provides a comprehensive guide to using the ssh-keygen command for generating and managing SSH keys. It covers key types, passphrases, using ssh-agent, best practices, and future trends in secure access.

Go to Article

Backend for Frontend (BFF) Pattern: Microservices for UX

The Backend for Frontend (BFF) pattern creates dedicated backends for each frontend application, optimizing user experiences and simplifying development. It acts as an adapter between frontends and microservices, increasing backend agility and promoting faster development processes.

Go to Article

Infrastructure as Code (IaC): Automating IT Infrastructure

IaC revolutionizes infrastructure management by automating provisioning and deployments through code. It increases speed and reliability while enhancing collaboration and reducing costs, using tools like Terraform and Ansible.

Go to Article

Teleport Academy > Compliance & Audit

What is PCI Compliance?

PCI compliance embodies the commitment of organizations to protect cardholder data by adhering to the Payment Card Industry Data Security Standard (PCI DSS).

Go to Article

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) represents a critical regulatory framework designed to ensure the privacy, security, and confidentiality of protected health information (PHI) within the healthcare sector.

Go to Article

What is SOC2 compliance?

The SOC 2 framework is published by the American Institute of Certified Public Accountants (AICPA) and is a voluntary cybersecurity attestation.

Go to Article

What is FedRAMP compliance?

FedRAMP (Federal Risk and Authorization Management Program) is a critical framework for cloud service providers (CSPs) aiming to offer their cloud solutions to the U.S. federal government

Go to Article

Access Logging

Access logging is the practice of system monitoring via a file or a collection of files that detail all of the various activities on a system. Composed of various events and metadata, good access logging practices will help you stay informed on exactly what is happening in your infrastructure, and exactly who is carrying out these various activities.

Go to Article

OS Default Logging with Windows

No matter the size of your company or the size of your engineering team, it is always important to maintain visibility into what’s happening in your infrastructure. As your company grows, however, and you start to need to meet compliance standards like the SOC2 and FedRAMP frameworks, keeping detailed, specific audit logs becomes a must-have.

Go to Article

Guide to Audit Logging for Cloud Native Companies

A deep dive into best practices for what is audit logging with best practices for cloud native companies.

Go to Article

Auditing and Reviewing Amazon EKS Workloads

Auditing and reviewing workload access deployed in Kubernetes clusters is critical for achieving compliance. Learn how to audit AWS EKS Workloads.

Go to Article

Additional Resources > Compare

StrongDM vs Teleport

The post compares StrongDM and Teleport, two infrastructure access platforms. StrongDM is proprietary, while Teleport is open-source and offers advanced security and compliance capabilities.

Go to Article

Hashicorp Boundary vs Teleport

Hashicorp Boundary vs Teleport: Teleport is an open-source infrastructure access platform that replaces secrets like passwords and keys with secure certificates, providing a complete Zero Trust solution, while HashiCorp Boundary is a remote access solution offering deep integration with HashiCorp Vault for temporary credentials. Both solutions offer secure access to infrastructure, but Teleport boasts advanced security features, wider client and protocol support, and a secretless approach.

Go to Article

StrongDM Alternatives to Secure Infrastructure Access

Having some issues with StrongDM or just want to see what else is out there? Today we’ll walk you through what StrongDM is good at, what it’s not so good at and some alternatives that match different use cases.

Go to Article

Teleport vs. CyberArk

Discover the differences between Teleport and CyberArk, two privileged access management (PAM) solutions designed to secure critical infrastructure. While CyberArk uses secrets like passwords and keys, Teleport is an open-source, secretless, and cloud-native PAM that delivers essential capabilities while maximizing developer productivity and supporting modern tools like Kubernetes and cloud databases.

Go to Article

Additional Resources > How-to Guides

Azure AKS RBAC

Configuring Role-Based Access Control (RBAC) for Microsoft Azure Managed Kubernetes Service (AKS)

Go to Article

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate Microsoft Azure Kubernetes Service (AKS) Kubernetes clusters with GitHub single sign-on (SSO).

Go to Article

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

How to Authenticate Azure AKS Kubernetes Clusters with Okta SSO. Consolidating access and providing an audit log for access

Go to Article

Auditing and Reviewing Amazon EKS Workloads

Auditing and reviewing workload access deployed in Kubernetes clusters is critical for achieving compliance. Learn how to audit AWS EKS Workloads.

Go to Article

Just-in-Time Access for Amazon EKS

A practical guide showing how you can implement just-in-time access for EKS using Teleport.

Go to Article

Auditing and Reviewing Amazon EKS Workloads

Auditing and reviewing workload access deployed in Kubernetes clusters is critical for achieving compliance. Learn how to audit AWS EKS Workloads.

Go to Article

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate AWS EKS Kubernetes clusters with GitHub single sign-on (SSO).

Go to Article

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO. A how-to guide.

Go to Article

Authenticating Google Kubernetes Engine Clusters with Okta SSO

In this article on securing access to Kubernetes, we will explore how Teleport brings an additional layer of security to clusters based on Google Kubernetes Engine (GKE) managed service from Google Cloud Platform (GCP).

Go to Article

Authenticating GCP GKE with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Google Workspace SSO

Go to Article

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Configuring Role-Based Access Control (RBAC) for Google Cloud Kubernetes Engine (GCP GKE).

Go to Article

Authenticating GKE Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate Google Kubernetes Engine (GKE) Kubernetes clusters with GitHub single sign-on (SSO).

Go to Article

Authenticating Google Kubernetes Engine Clusters with Okta SSO

In this article on securing access to Kubernetes, we will explore how Teleport brings an additional layer of security to clusters based on Google Kubernetes Engine (GKE) managed service from Google Cloud Platform (GCP).

Go to Article

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

We will guide you through the steps to configure single sign-On (SSO) for Amazon EKS clusters with Okta, SAML and Teleport Enterprise.

Go to Article

How to Access Proxmox Virtual Environment with Teleport

An overview guide for how to protect and connect to Proxmox VE edition using Teleport.

Go to Article

Additional Resources > Resource Access and Identity Verification Methods

A Guide to EC2 Instance Connect

Learn how to use EC2 Instance Connect for secure, SSH-keyless access to your AWS EC2 instances. Simplify your workflow and boost your cloud security today.

Go to Article

Managing Amazon EKS Clusters with kubectl

Master kubectl for Amazon EKS in this concise guide. Learn key commands to deploy, manage, and scale applications on AWS Kubernetes clusters. Ideal for IT pros and developers seeking to streamline their EKS workflows

Go to Article

Accessing the Inaccessible: Your Guide to AWS EC2 Serial Console

This guide explores AWS EC2 Serial Console, a powerful tool for remotely accessing your EC2 instances, even when traditional methods like SSH fail. Learn how to enable, access, and use EC2 Serial Console for troubleshooting, system maintenance, and more.

Go to Article

Secure EC2 RDP: The Ultimate Guide to Safe Access

This guide provides a comprehensive overview of establishing secure EC2 RDP connections to your Windows instances. It covers the setup process, security best practices (including alternatives to direct RDP), troubleshooting common issues, and answers to frequently asked questions.

Go to Article

Secure AWS EC2 Access with Session Manager

This guide explores AWS Session Manager as a secure alternative to SSH for accessing your EC2 instances. Discover its benefits, step-by-step setup, and how it enhances your cloud security posture while simplifying management.

Go to Article

How to SSH into an EC2 Instance: A Step-by-Step Guide

This comprehensive guide provides a step-by-step walkthrough on how to establish a secure SSH connection to your Amazon EC2 instance. It covers key concepts, security best practices, and common troubleshooting tips for a secure and efficient remote access experience.

Go to Article

PostgreSQL LDAP Authentication: A Step-by-Step Guide

This guide provides a detailed walkthrough of setting up LDAP authentication for PostgreSQL, explaining how to enhance database security and simplify user access management. It also covers benefits like centralized control and answers frequently asked questions about the process.

Go to Article

Secure PostgreSQL with RADIUS Authentication: A Step-by-Step Guide

This guide provides a comprehensive overview of implementing RADIUS authentication for your PostgreSQL database. It covers the benefits, setup process, and answers frequently asked questions to help you strengthen your database security.

Go to Article

Simple Random Tokens: A Guide to Secure Authentication

This guide explores how Simple Random Tokens provide a critical layer of security for web applications by generating unique, time-limited identifiers for user verification. Learn how these tokens work, their advantages, and best practices for implementation to strengthen your authentication processes.

Go to Article

PostgreSQL Password Authentication: A Complete Guide

This guide explains how PostgreSQL password authentication safeguards your data. You'll learn how to configure authentication methods in pg_hba.conf, set strong passwords, and follow essential security best practices to protect your database from unauthorized access.

Go to Article

PostgreSQL SSL Authentication: A Step-by-Step Guide

This guide provides a comprehensive walkthrough of setting up SSL authentication for your PostgreSQL database. It covers generating SSL certificates, configuring your server, and enforcing secure connections, ensuring your data remains protected.

Go to Article