In this blog post we’ll explain how an attacker can get access into a cloud environment by sending a malicious pull request.
We are thrilled to announce the general availability of Session and Identity Locking feature that allows quick incident containment.
Do you want to become a cybersecurity expert but don’t know where to start? We have interviewed several computer security professionals and here’s what we’ve learned.
Secure remote access to cloud infrastructure is painful. Access Plane technology allows consolidating access in one place.
In this blog post we explain how hardware security modules (HSM) help protect sensitive data and how Teleport 7.2 uses HSM to make remote access more secure.
Utilizing the power of Datalog and logic programming to answer difficult access-related questions.
The guide for Okta Directory security hardening using Terraform
Announcing the release of Teleport 7.0 which brings support for MongoDB. Users of MongoDB can now enjoy consolidated identity-based secure access to all of their MongoDB instances across all environments.
With the rise of security threats comes an increased need for strong security measures, but it’s hard to know where to invest your time and money, especially if you’re a small startup.
In this blog post we illustrate how we use Teleport to achieve SOC2 compliance at Teleport
Kubernetes is driven by an HTTP API server which allows complete configuration and control of Kubernetes runtime. Therefore, securing access to the API server is one of the most critical security controls to ensure resilient Kubernetes in production.
Overview of the best practices for securing access to MongoDB databases.
An introduction to KRSI and how you can use it to dynamically prevent data exfiltration based on IP ranges.
Access requests is a new modern technique to implement the principle of least privilege for accessing cloud-native infrastructure. In this blog post, we’ll cover how to get started with access requests using Teleport
Russell examines the available mechanisms for securely transferring user sessions across different web applications running at different domains.
We revamped the second-factor authentication in Teleport 6.0. This post provides a birds-eye view of U2F and other cryptographic hardware standards.
Learn what SAML 2.0 Authentication is and how it works. SAML implements corporate single sign-on (SSO) solutions for centralized identity management.
A comprehensive overview of the best practices for securing access to PostgreSQL databases.
Understanding Server-Side Request Forgery (SSRF) and Its Mitigations.
Understanding Cross-Site Request Forgery (CSRF) and its Mitigations.
Making sense of authorization, policy and access management systems.
Understanding Cross-Site Scripting (XSS) and Its Mitigations.
How to deploy SSH certificates in production to make security better, not worse.
What are SSH security best practices? How to SSH properly and improve the security of your SSH model using nothing but OpenSSH?
What is a microservice? What is Kubernetes for? In this post, we try to explain microservices, containers and Kubernetes in 10 minutes
Managing shell level access access is difficult enough when you know your users. So how do you implement secure access to a revolving door of users?
Unify indentity access controls across the entire stack with a single place to define, enforce, view, and manage global authorization.
The Twitter hack was not orchestrated by a sophisticated operation coordinated by a nation state. Twitter was hacked by an average teenager who was too young to have his own license.
This paper talks about how companies can secure infrastructure access by basing decisions on identity, not trusting private networks, and centralizing auditing/monitoring.
What is OIDC? This blog post compares two common authentication methods (OIDC and SAML) and discusses how OIDC works in relation to OAuth.
In this blog post we aim to provide some clarity on what SOC 2 is, what to expect from the certification process based on our own experiences preparing for our Teleport Cloud launch
Compare Zero Trust with “traditional” network security models focusing on the access portions of networks
Learn how we built SELinux support for Gravity 7.0, issues we had, and useful tips. Also learn how we are confining Kubernetes services and workloads.
How SaaS companies approach the trade-off between having solid cloud infrastructure security and upsetting their own engineers by overdoing it
You can SSH into self-driving robots using a reverse SSH tunnel, but this method only scales so far, and it requires more than 50 steps to set up.
Evolution from perimeter based security to Zero Trust security - how it protects modern organizations, remote workforces, and web applications.
The Zero Trust approach to SSH and security is based not on where you are, but who you are, making it possible to access resources in cloud-native, hybrid cloud, or legacy environments securely.
Teleport’s Enhanced Session Recording feature can add vital extra visibility into commands being run on your systems.
Most monitoring tools are great for a high-level view of how your applications and infrastructure are performing, but have many gaps when it comes to security. In this blog, we look at two areas where visibility is typically lacking: SSH and Kubernetes.
How are some big, well-known companies approaching SSH? We took a look at three who are setting an example for others to follow.
Today we’re announcing a new milestone with Teleport 4.0 - IoT Security, FedRAMP Support
Discussion on Wormhole - networking plugin for Kubernetes. How do Kubernetes solutions trust the underlying network? - What about WireGuard/Wormhole?
Secure Shell (SSH) is a widely used Transport Layer Protocol to secure connections between clients and servers. In this post we explain how SSH handshake works.
We are excited to announce the new open source project: Teleport Wormhole, a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
How to restrict SSH sessions to specific commands? How to have a restricted shell for some users? In this article we cover some common ways to answer these questions.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
The recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
In this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
In this blog post we show how to record SSH sessions with OpenSSH sshd using Teleport as a recording proxy
How do you let your employees access company AWS infrastructure using their Github credentials? How do you restrict parts of your infrastructure to certain Github teams? How do you configure SSH to use Github credentials? This blog post covers it all.
Part 1 of the series of articles about managing Kubernetes clusters across multiple teams, regions or organizations.