Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2022

Goodbye passwords. Why Teleport is joining the FIDO Alliance

Passwords and other shared secrets are the number one cause of data breaches. The security risks of passwords is widely recognized in the consumer space with the leading tech companies (and competitors) including Microsoft, Google, Apple joining together to create the FIDO Alliance to reduce the over-reliance on passwords. With FIDO, passwords are replaced with more secure, and easier to use biometric and cryptographic authentication.

What's New in Teleport 10

This post introduces all the features released in Teleport 10. Teleport 10 includes version 10.0, 10.1, 10.2 and 10.3. You can always find an up-to-date status of Teleport releases in our docs. Teleport 10 is the biggest release so far in the history of Teleport in terms of feature sets. Before we dive into all the Teleport 10 features, let me first introduce you to...

How to Access Infrastructure Without Usernames and Passwords

A password is a secret, and a secret can be lost, stolen or traded on dark web marketplaces. Most engineers know this, that’s why every SSH tutorial begins with the instructions for disabling passwords and enabling private/public key pairs. But a private key is just another form of a secret. In this article, I will try to explain why all forms of secrets are bad for you.

Securing MySQL Databases with SSL/TLS.

Many databases were born over 25 years ago, back in the unadulterated times of LAN parties and IRC. SSL was just for banks and sending unencrypted database traffic accounts was just how you did things. When databases use unencrypted connections, it means someone with access to the network could watch all and inspect all database traffic.

Production MySQL SSL with Teleport Machine ID

In the first part of this blog post, we setup SSL/TLS for a MySQL database, using the built in self-signed certificates. The main problem using out of the box self-signed certificates is that clients can't verify that they're talking to the right database host, and it's not possible to verify the certificate chain. In this post we'll cover upgrading the client connection to VERIFY_IDENTITY and how to use Machine ID to continuously renew certificates.

Securing Microsoft SQL Server

Microsoft SQL Server is a popular relational database management system created and maintained by Microsoft. It’s effective in numerous use cases: storage and retrieval of data as part of a DBMS, transaction processing and analytics applications. However, there are some essential measures you must take to protect your database from cybercriminals and security breaches, as the default security settings are relatively insufficient to keep your database safe.

Secure Amazon EKS Access with Teleport

Enterprises are embracing the cloud native paradigm for agility, scalability, composability, and portability. Kubernetes, the open source container orchestration engine, is the foundation of modern, cloud native workloads. AWS customers can leverage managed Kubernetes available in the form of Amazon Elastic Kubernetes Service (EKS) or deploy a cluster based on upstream Kubernetes distribution running in a set of Amazon EC2 instances.

Trustless Infrastructure: Securing Critical Assets with Teleport

The global pandemic and push for remote work are putting companies’ IT infrastructures at greater risk than before. This risk grows as infrastructure is scaled, and more people gain access to highly sensitive data, such as access keys to a valuable password vault. Another vulnerability is the use of passwords since they can also be compromised. To overcome these risks and protect critical infrastructure, the implementation of a zero-trust access solution is needed. But how can we accomplish that without slowing down engineers or adding administrative overhead?

Teleport Demo - 30 Minute Overview

0:00 Intro

1:00 Architecture Overview

3:00 Single Sign On Integration

5:00 Teleport Server Access

7:00 tsh and session recordings

9:00 Teleport App Access

11:00 RBAC Mapping

12:05 Teleport K8s Access

15:00 Teleport DB Access

18:00 Teleport RDP Access

22:00 Access Requests

24:00 Teleport Slackbot

26:00 Active Session Joining
27:00: Trusted Clusters

28:00 Open Source vs Enterprise

WebAuthn Explained

The WebAuthentication API, or WebAuthn, facilitates secure authentication based on public-key credentials. The idea of passwordless and public-key authentication is not new, but the compatibility and interoperability of various elements in the authentication process were always weak. WebAuthn API aims to solve that problem by bringing the uniform authentication API into web browsers.