A comprehensive overview of the best practices for securing access to PostgreSQL databases.
Understanding Server-Side Request Forgery (SSRF) and Its Mitigations.
Understanding Cross-Site Request Forgery (CSRF) and its Mitigations.
Making sense of authorization, policy and access management systems.
Understanding Cross-Site Scripting (XSS) and Its Mitigations.
How to deploy SSH certificates in production to make security better, not worse.
What are SSH security best practices? How to SSH properly and improve the security of your SSH model using nothing but OpenSSH?
What is a microservice? What is Kubernetes for? In this post, we try to explain microservices, containers and Kubernetes in 10 minutes
Managing shell level access access is difficult enough when you know your users. So how do you implement secure access to a revolving door of users?
Unify indentity access controls across the entire stack with a single place to define, enforce, view, and manage global authorization.
The Twitter hack was not orchestrated by a sophisticated operation coordinated by a nation state. Twitter was hacked by an average teenager who was too young to have his own license.
This paper talks about how companies can secure infrastructure access by basing decisions on identity, not trusting private networks, and centralizing auditing/monitoring.
What is OIDC? This blog post compares two common authentication methods (OIDC and SAML) and discusses how OIDC works in relation to OAuth.
In this blog post we aim to provide some clarity on what SOC 2 is, what to expect from the certification process based on our own experiences preparing for our Teleport Cloud launch
Compare Zero Trust with “traditional” network security models focusing on the access portions of networks
Learn how we built SELinux support for Gravity 7.0, issues we had, and useful tips. Also learn how we are confining Kubernetes services and workloads.
How SaaS companies approach the trade-off between having solid cloud infrastructure security and upsetting their own engineers by overdoing it
You can SSH into self-driving robots using a reverse SSH tunnel, but this method only scales so far, and it requires more than 50 steps to set up.
Evolution from perimeter based security to Zero Trust security - how it protects modern organizations, remote workforces, and web applications.
The Zero Trust approach to SSH and security is based not on where you are, but who you are, making it possible to access resources in cloud-native, hybrid cloud, or legacy environments securely.
Teleport’s Enhanced Session Recording feature can add vital extra visibility into commands being run on your systems.
Most monitoring tools are great for a high-level view of how your applications and infrastructure are performing, but have many gaps when it comes to security. In this blog, we look at two areas where visibility is typically lacking: SSH and Kubernetes.
Find out how SAML 2.0 Authentication works. SAML implements corporate single sign-on (SSO) solutions and acts as the single source of identity.
How are some big, well-known companies approaching SSH? We took a look at three who are setting an example for others to follow.
Today we’re announcing a new milestone with Teleport 4.0 - IoT Security, FedRAMP Support
Discussion on Wormhole - networking plugin for Kubernetes. How do Kubernetes solutions trust the underlying network? - What about WireGuard/Wormhole?
Secure Shell (SSH) is a widely used Transport Layer Protocol to secure connections between clients and servers. In this post we explain how SSH handshake works.
We are excited to announce the new open source project: Teleport Wormhole, a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
How to restrict SSH sessions to specific commands? How to have a restricted shell for some users? In this article we cover some common ways to answer these questions.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
The recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
In this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
In this blog post we show how to record SSH sessions with OpenSSH sshd using Teleport as a recording proxy
How do you let your employees access company AWS infrastructure using their Github credentials? How do you restrict parts of your infrastructure to certain Github teams? How do you configure SSH to use Github credentials? This blog post covers it all.
Part 1 of the series of articles about managing Kubernetes clusters across multiple teams, regions or organizations.