Scaling Privileged Access for Modern Infrastructure: Real-World Insights
Apr 25
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Background image

Teleport Academy

Teleport Academy
Additional Resources

Articles by Topic

All
Teleport Academy
Cryptographic Identity
Zero Trust for Infrastructure Access
Authentication and Privileges
Governance
Infrastructure Access
Compliance & Audit
Additional Resources
Compare

Articles

Teleport Academy > Cryptographic Identity

What is Cryptographic Identity?

Cryptographic Identity refers to the use of computer science and mathematical theory to securely establish and verify the identity of a user, device, or system in digital communications. Identity-based encryption is vital in ensuring secure interactions over the internet and in various digital systems.

Go to Article

What are short-lived certificates?

Short-lived certificates are digital certificates with a brief validity period, designed to enhance cybersecurity by expiring quickly.

Go to Article

Credentials vs. Cryptographic Identity

With cyberthreats on the rise and now centered on identity, there is a need for methods of authentication that are resilient to phishing and human error.

Go to Article

Teleport Academy > Zero Trust for Infrastructure Access

What is zero trust security for applications and workloads?

Most ZTNA technologies, although adept at securing zero trust access to networks, do not embed the identity and protocol-level information necessary to apply zero trust principles for application access or workload access in modern computing infrastructure.

Go to Article

Teleport Academy > Authentication and Privileges

What is Secretless (Passwordless) Authentication?

Secretless or passwordless authentication eliminates traditional password-based methods and instead uses mechanisms that rely on verifiable identity elements—such as biometrics, digital certificates, and hardware tokens

Go to Article

What are Access Requests?

Access Requests support the principle of least privilege by ensuring individuals have access only to the resources necessary for their specific tasks, thereby minimizing potential security risks.

Go to Article

What is Authorization?

Authorization plays a pivotal role in cybersecurity and access management, serving as the gatekeeper that determines which resources a user can access and what actions they can perform within a system.

Go to Article

What are Ephemeral Privileges?

By granting temporary access rights that expire after a brief period, ephemeral privileges ensure that access is only available for the duration necessary to complete specific tasks.

Go to Article

What is Just-In-Time (JIT) access?

Just-in-time (JIT) access refers to the provisioning of privileged access only when it is needed, and for a limited duration.

Go to Article

Principle of Least Privilege: What It Is & How to Implement It

Principle of least privilege defines just-in-time access to your cloud-native environment to meet security and compliance requirements without disrupting your teams.

Go to Article

What is RBAC?

RBAC stands for Role-Based Access Control. It is a method of regulating access to servers, computers or network resources based on the roles of individual users within an organization.

Go to Article

Configure RBAC for Kubernetes EKS

An overview of best practices for how to configure RBAC for Kubernetes running AWS EKS.

Go to Article

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Configuring Role-Based Access Control (RBAC) for Google Cloud Kubernetes Engine (GCP GKE).

Go to Article

What is ABAC?

Attribute-Based Access Control (ABAC) is a method of regulating access to resources based on the attributes of both the resource and the user requesting access.

Go to Article

What is MAC (Mandatory Access Control)?

Mandatory Access Control (MAC) is a type of access control that imposes a predefined set of security rules, or labels, to control which users or systems can access specific resources.

Go to Article

What is OAuth 2.0 (Open Authorization)?

OAuth 2.0 (Open Authorization) is a standard for authorization where a user allows an application to access their resources hosted on another application, on their behalf, without the sharing of their credentials.

Go to Article

What is FIDO (Fast IDentity Online)?

FIDO, or Fast IDentity Online, is a group of open standard authentication protocols created to strengthen and simplify the security of online authentication by reducing the reliance on passwords.

Go to Article

What is U2F (Universal 2nd Factor)?

U2F (Universal 2nd Factor) is a universal authentication standard that provides an additional layer of security for online accounts.

Go to Article

What is WebAuthn?

WebAuthn is a web standard for secure, passwordless authentication allowing web servers to authenticate users with asymmetric cryptography instead of passwords.

Go to Article

What is OIDC (Open ID Connect)?

OIDC, or OpenID Connect, is an authentication layer built on top of the authorization protocol OAuth 2.0 and provides a standardized way for users to authenticate themselves to web applications.

Go to Article

What Is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between parties, and in particular, between an identity provider (IdP) and a service provider (SP). The Identity Provider will verify the identity of the user, verifying they are who they say they are.

Go to Article

The Failures of Shared Secrets and How We Can Replace Them

User authentication is a crucial component of securing any system. Access to sensitive infrastructure resources such as servers, databases and applications must be restricted to authorized users only.

Go to Article

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

We will guide you through the steps to configure single sign-On (SSO) for Amazon EKS clusters with Okta, SAML and Teleport Enterprise.

Go to Article

Just-in-Time Access for Amazon EKS

A practical guide showing how you can implement just-in-time access for EKS using Teleport.

Go to Article

Authenticating GCP GKE with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Google Workspace SSO

Go to Article

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO. A how-to guide.

Go to Article

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate AWS EKS Kubernetes clusters with GitHub single sign-on (SSO).

Go to Article

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate Microsoft Azure Kubernetes Service (AKS) Kubernetes clusters with GitHub single sign-on (SSO).

Go to Article

Authenticating Google Kubernetes Engine Clusters with Okta SSO

In this article on securing access to Kubernetes, we will explore how Teleport brings an additional layer of security to clusters based on Google Kubernetes Engine (GKE) managed service from Google Cloud Platform (GCP).

Go to Article

Authenticating AWS EKS Kubernetes Clusters with Okta SSO

This article discusses how to enhance security measures for Kubernetes clusters using Teleport, specifically with the Elastic Kubernetes Service (EKS) managed service from Amazon Web Services (AWS). It introduces Okta as a Single Sign-On (SSO) solution and suggests integrating it with Teleport for an additional layer of security. The article assumes that the reader has already set up Teleport authentication server to work with Okta SSO and provides links to the guide and documentation for reference.

Go to Article

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

How to Authenticate Azure AKS Kubernetes Clusters with Okta SSO. Consolidating access and providing an audit log for access

Go to Article

Configuring Okta as an Identity Provider for Kubernetes Clusters

This post is a tutorial that explains how to use Okta as an identity provider for Kubernetes clusters managed by Teleport. Okta is a platform for managing identities and access in the cloud that allows secure and simple access to multiple programs and services. Teleport is an identity-native infrastructure access platform that provides phishing-proof zero trust for every engineer and service connected to an organization's global infrastructure.

Go to Article

Azure AKS RBAC

Configuring Role-Based Access Control (RBAC) for Microsoft Azure Managed Kubernetes Service (AKS)

Go to Article

Teleport Academy > Governance

What is Identity Governance & Administration (IGA)?

Identity Governance and Administration (IGA) is a comprehensive approach to managing and securing user identities and access within an organization

Go to Article

What is Identity Threat Detection and Response (ITDR)?

Identity Threat Detection & Response (ITDR) focuses on protecting organizational assets through the vigilant monitoring of identity-related events.

Go to Article

What is Cloud Infrastructure Entitlement Management (CIEM)?

Cloud Infrastructure Entitlement Management (CIEM) is a class of cybersecurity identity and access management (IAM) solutions focused on reducing access risk for cloud technologies.

Go to Article

What is Observability?

Observability is a critical capability in modern software engineering, enabling teams to monitor, diagnose, and optimize complex systems across various architectures, including cloud-native, microservices, and serverless

Go to Article

Teleport Academy > Infrastructure Access

What are bastion hosts?

Bastion hosts act as fortified gateways that control access to internal resources from external networks.

Go to Article

What is mutual TLS authentication (mTLS)?

Mutual Transport Layer Security (mTLS) enhances the security of the TLS protocol by implementing two-way authentication and encryption.

Go to Article

What are non-human identities?

In DevOps architectures, where automation plays a key role, CI/CD systems and automated bots like Drone, Jenkins, and GitHub Actions, perform essential tasks related to the management, deployment, and maintenance of applications and services in cloud and on-premises deployments.

Go to Article

What is TCP/IP protocol suite?

TCP/IP, also known as Internet Protocol Suite, is a collection of networking protocols that works together to transfer a data packet from one computer to another using computer networks.

Go to Article

What is a VPN (Virtual Private Network)?

A VPN, or Virtual Private Network, is a tool that allows you to create a secure and private connection between your device and the public internet. A VPN connection will encrypt your internet traffic and route it through a remote server, keeping your activity hidden from hackers, ISPs, and any third-party with malicious intent.

Go to Article

Comparing TCP/IP and OSI Model

TCP/IP and OSI model serves a similar purpose - to map all the bits and pieces involved in networked communication. While OSI is the recommended standard, the internet was designed around the TCP/IP model.

Go to Article

How IPv4 and IPv6 works

IPv4 is a 32 bit network address scheme widely used on the internet. IPv6 is a 128 bit network address scheme designed to replace IPv4.

Go to Article

How to Access and Monitor IoT Devices Securely

Uncover effective strategies for managing IoT devices remotely at scale. Our comprehensive guide provides security teams with solutions for secure and efficient IoT device control.

Go to Article

Implementing Zero Trust Network Access in Cloud-Native Environments

Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to corporate resources based strictly on identity and context. Identity verification for every person and device is required continuously regardless of network location or whether they have previously accessed a resource or not. No one is trusted from inside the network or outside, which is a tighter ship than the traditional approach of one being universally trusted as long as they are inside the network.

Go to Article

SSH Bastion on AWS

Dive into our guide on setting up an SSH bastion server for AWS EC2 instances. Learn the significance of bastion servers and the security advantages they bring. Discover different setup options including self-hosted OpenSSH, OSS Teleport, and Teleport Cloud, with a focus on their relative benefits. Ideal for all skill levels, this post offers the knowledge needed to optimize and secure your AWS infrastructure.

Go to Article

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

This article is a how-to guide to deploy self-hosted Teleport in a highly available mode on an on-prem environment using HAproxy, etcd, and minIO.

Go to Article

Teleport Academy > Compliance & Audit

What is PCI Compliance?

PCI compliance embodies the commitment of organizations to protect cardholder data by adhering to the Payment Card Industry Data Security Standard (PCI DSS).

Go to Article

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) represents a critical regulatory framework designed to ensure the privacy, security, and confidentiality of protected health information (PHI) within the healthcare sector.

Go to Article

What is SOC2 compliance?

The SOC 2 framework is published by the American Institute of Certified Public Accountants (AICPA) and is a voluntary cybersecurity attestation.

Go to Article

What is FedRAMP compliance?

FedRAMP (Federal Risk and Authorization Management Program) is a critical framework for cloud service providers (CSPs) aiming to offer their cloud solutions to the U.S. federal government

Go to Article

Access Logging

Access logging is the practice of system monitoring via a file or a collection of files that detail all of the various activities on a system. Composed of various events and metadata, good access logging practices will help you stay informed on exactly what is happening in your infrastructure, and exactly who is carrying out these various activities.

Go to Article

OS Default Logging with Windows

No matter the size of your company or the size of your engineering team, it is always important to maintain visibility into what’s happening in your infrastructure. As your company grows, however, and you start to need to meet compliance standards like the SOC2 and FedRAMP frameworks, keeping detailed, specific audit logs becomes a must-have.

Go to Article

Guide to Audit Logging for Cloud Native Companies

A deep dive into best practices for what is audit logging with best pratices for cloud native companies.

Go to Article

Auditing and Reviewing Amazon EKS Workloads

Auditing and reviewing workload access deployed in Kubernetes clusters is critical for achieving compliance. Learn how to audit AWS EKS Workloads.

Go to Article

Additional Resources > Compare

StrongDM vs Teleport

The post compares StrongDM and Teleport, two infrastructure access platforms. StrongDM is proprietary, while Teleport is open-source and offers advanced security and compliance capabilities.

Go to Article

Hashicorp Boundary vs Teleport

Hashicorp Boundary vs Teleport: Teleport is an open-source infrastructure access platform that replaces secrets like passwords and keys with secure certificates, providing a complete Zero Trust solution, while HashiCorp Boundary is a remote access solution offering deep integration with HashiCorp Vault for temporary credentials. Both solutions offer secure access to infrastructure, but Teleport boasts advanced security features, wider client and protocol support, and a secretless approach.

Go to Article

CyberArk vs Teleport

Discover the differences between Teleport and CyberArk, two privileged access management (PAM) solutions designed to secure critical infrastructure. While CyberArk uses secrets like passwords and keys, Teleport is an open-source, secretless, and cloud-native PAM that delivers essential capabilities while maximizing developer productivity and supporting modern tools like Kubernetes and cloud databases.

Go to Article

StrongDM Alternatives to Secure Infrastructure Access

Having some issues with StrongDM or just want to see what else is out there? Today we’ll walk you through what StrongDM is good at, what it’s not so good at and some alternatives that match different use cases.

Go to Article

CyberArk Alternatives to Secure Infrastructure Access

Secure access to your cloud infrastructure while keeping devs productive with these service & infrastructure access management platform alternatives to CyberArk.

Go to Article