The most innovative financial services companies know that they need to be agile, but without sacrificing security. Teleport is how they do it.
Moving to a SaaS model can be complicated for hardware and software vendors. Here is what you need to know.
Passwordless access is a big trend in DevSecOps. Here is why it makes infrastructure access so much easier.
There is a growing sense that protecting sensitive accounts with passwords is not enough. But API keys are passwords too and need to be replaced.
Energy markets are critical infrastructure. Protecting them is just as critical. This blog shows how you can get started.
This blog presents data highlighting the threat that Financial Services companies face due to insecure infrastructure and what they can do about it.
Just in time for re:Invent 2021, here is the list of top 10 things you should know about AWS and Teleport.
Here’s how to explain password security to your non-technical friends & family over the holidays.
Passwordless is a phrase generating a lot of buzz in the consumer space. But our infrastructure is full of passwords too and that needs to stop.
On the surface, trusted platform modules and hardware security modules seem to be performing similar functions. In this blog post we dive a bit deeper to find out what is the difference between the two.
Just-in-time access requests enable DevOps teams to implement the principle of least privilege without introducing roadblocks to productivity. This post will show you how.
Find out how to implement access controls for your DevOps workflows like CICD, GitOps and more using Teleport.
As our company has been growing quickly, we’ve faced the build-vs-buy question numerous times. In this blog post we’re sharing our rationale for making these decisions.
Access proxy is an important tool for securing access to infrastructure. But reducing latency when accessing distributed computing resources is a challenge. Today we are announcing the multi-region support for Teleport cloud and explaining how we've built it.
In this blog post we’ll explain how an attacker can get access into a cloud environment by sending a malicious pull request.
We are thrilled to announce the general availability of Session and Identity Locking feature that allows quick incident containment.
Do you want to become a cybersecurity expert but don’t know where to start? We have interviewed several computer security professionals and here’s what we’ve learned.
Secure remote access to cloud infrastructure is painful. Access Plane technology allows consolidating access in one place.
In this blog post we explain how hardware security modules (HSM) help protect sensitive data and how Teleport 7.2 uses HSM to make remote access more secure.
Utilizing the power of Datalog and logic programming to answer difficult access-related questions.
The guide for Okta Directory security hardening using Terraform
Announcing the release of Teleport 7.0 which brings support for MongoDB. Users of MongoDB can now enjoy consolidated identity-based secure access to all of their MongoDB instances across all environments.
With the rise of security threats comes an increased need for strong security measures, but it’s hard to know where to invest your time and money, especially if you’re a small startup.
In this blog post we illustrate how we use Teleport to achieve SOC2 compliance at Teleport
Kubernetes is driven by an HTTP API server which allows complete configuration and control of Kubernetes runtime. Therefore, securing access to the API server is one of the most critical security controls to ensure resilient Kubernetes in production.
Overview of the best practices for securing access to MongoDB databases.
An introduction to KRSI and how you can use it to dynamically prevent data exfiltration based on IP ranges.
Access requests is a new modern technique to implement the principle of least privilege for accessing cloud-native infrastructure. In this blog post, we’ll cover how to get started with access requests using Teleport
Russell examines the available mechanisms for securely transferring user sessions across different web applications running at different domains.
We revamped the second-factor authentication in Teleport 6.0. This post provides a birds-eye view of U2F and other cryptographic hardware standards.
Learn what SAML 2.0 Authentication is and how it works. SAML implements corporate single sign-on (SSO) solutions for centralized identity management.
A comprehensive overview of the best practices for securing access to PostgreSQL databases.
Understanding Server-Side Request Forgery (SSRF) and Its Mitigations.
Understanding Cross-Site Request Forgery (CSRF) and its Mitigations.
Making sense of authorization, policy and access management systems.
Understanding Cross-Site Scripting (XSS) and Its Mitigations.
How to deploy SSH certificates in production to make security better, not worse.
What are SSH security best practices? How to SSH properly and improve the security of your SSH model using nothing but OpenSSH?
What is a microservice? What is Kubernetes for? In this post, we try to explain microservices, containers and Kubernetes in 10 minutes
Managing shell level access access is difficult enough when you know your users. So how do you implement secure access to a revolving door of users?
Unify indentity access controls across the entire stack with a single place to define, enforce, view, and manage global authorization.
The Twitter hack was not orchestrated by a sophisticated operation coordinated by a nation state. Twitter was hacked by an average teenager who was too young to have his own license.
This paper talks about how companies can secure infrastructure access by basing decisions on identity, not trusting private networks, and centralizing auditing/monitoring.
What is OIDC? This blog post compares two common authentication methods (OIDC and SAML) and discusses how OIDC works in relation to OAuth.
In this blog post we aim to provide some clarity on what SOC 2 is, what to expect from the certification process based on our own experiences preparing for our Teleport Cloud launch
Compare Zero Trust with “traditional” network security models focusing on the access portions of networks
Learn how we built SELinux support for Gravity 7.0, issues we had, and useful tips. Also learn how we are confining Kubernetes services and workloads.
How SaaS companies approach the trade-off between having solid cloud infrastructure security and upsetting their own engineers by overdoing it
You can SSH into self-driving robots using a reverse SSH tunnel, but this method only scales so far, and it requires more than 50 steps to set up.
Evolution from perimeter based security to Zero Trust security - how it protects modern organizations, remote workforces, and web applications.
The Zero Trust approach to SSH and security is based not on where you are, but who you are, making it possible to access resources in cloud-native, hybrid cloud, or legacy environments securely.
Teleport’s Enhanced Session Recording feature can add vital extra visibility into commands being run on your systems.
Most monitoring tools are great for a high-level view of how your applications and infrastructure are performing, but have many gaps when it comes to security. In this blog, we look at two areas where visibility is typically lacking: SSH and Kubernetes.
How are some big, well-known companies approaching SSH? We took a look at three who are setting an example for others to follow.
Today we’re announcing a new milestone with Teleport 4.0 - IoT Security, FedRAMP Support
Discussion on Wormhole - networking plugin for Kubernetes. How do Kubernetes solutions trust the underlying network? - What about WireGuard/Wormhole?
Secure Shell (SSH) is a widely used Transport Layer Protocol to secure connections between clients and servers. In this post we explain how SSH handshake works.
We are excited to announce the new open source project: Teleport Wormhole, a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
How to restrict SSH sessions to specific commands? How to have a restricted shell for some users? In this article we cover some common ways to answer these questions.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
The recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
In this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
In this blog post we show how to record SSH sessions with OpenSSH sshd using Teleport as a recording proxy
How do you let your employees access company AWS infrastructure using their Github credentials? How do you restrict parts of your infrastructure to certain Github teams? How do you configure SSH to use Github credentials? This blog post covers it all.
Part 1 of the series of articles about managing Kubernetes clusters across multiple teams, regions or organizations.