"Crunchy on the outside, chewy in the middle". That's how Google described its perimeter-based security targeted high-profile companies such as Google, Adobe, Akamai, Rackspace, etc., with said primary reason of modifying the source codes. In response, Google initiated a perimeter-less and trustless access control system now popularly known as BeyondCorp. BeyondCorp comes from a realization that VPN perimeter network security is obsolete.

I predict that 2023 will be the year of Passkeys. Passkeys are a new passwordless authentication method allowing users to create online accounts and sign in without entering a password. Passkeys have been years in the making and finally, industry fido alliance collaboration (fido2) and the adoption between Apple, Microsoft, and Google have now made it a reality. Passkeys leverage the WebAuthn API to let users log into various websites and applications.

Copying files between computers is a common task, and there are a lot of protocols designed to do just that. But not all protocols are created equally. Many people use the popular OpenSSH scp command to transfer files, but few understand the risks surrounding it. This blog post will attempt to explain what the SCP and SFTP protocols are, how they work, and why SFTP should be used wherever possible.

If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.

At its core, Active Directory domain services (AD DS) is a structured data store of objects in the domain controller. It is a directory service from Microsoft for identity management and access control in Windows domain networks. Active Directory can authenticate users, groups, services and computers to protected information. In addition to that, AD DS also helps to implement security policies and permissions. AD DS enforces them for all computers in your network.

In Teleport 8, we introduced the TLS Routing feature that can multiplex all client connections on a single TLS/SSL port. Recently we've added support for TLS Routing for Database Access when Teleport is deployed behind an AWS Application Load Balancer (ALB). In this article, we will take a deep look at the problem with Teleport behind an ALB and how we solved it.

It’s the news everyone’s been waiting for: Teleport’s version 11 release! This release is packed with features from SFTP support all the way to GitHub Actions Machine ID compatibility. Let’s dive in!

Kubernetes is a very complex product where creating and managing clusters requires a great deal of knowledge on a wide range of topics. The introduction of managed clusters brought simplicity to the process allowing users to focus on extracting the most out of the system. One of the areas of most interest and different configurations is authentication and authorization. In authentication, the main objective, and most critical of all, is to ensure the identity and validity of users and machines.

As companies increasingly move to remote workforces, the need for secure and rapid offboarding has never been greater. Flywheel, a digital agency that specializes in healthcare and life sciences, has found great success using Teleport to streamline its offboarding process. Flywheel had been using a traditional VPN solution to grant access to customer environments, but found the process to be slow and cumbersome.

One of the most important features Teleport has to offer is that it centralizes all of your infrastructure’s audit logging into one central place, mapping every query, every command and every session to an individual user's identity. As you hire more engineers and resources scale, it can become increasingly difficult to manage all of this log data. Luckily Teleport’s extensibility makes this log data extremely easy to format, export and monitor all in a secure, event-driven way.