Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Session Control for SSH and Kubernetes in Teleport 4.4

Teleport 4.4 is here! The major innovation we’re introducing in this version is much improved control over interactive sessions for SSH and Kubernetes protocols. We’ll do a deeper dive into session control later, but for those who aren’t familiar with it, Teleport is an open source project. It provides access to SSH servers and Kubernetes clusters on any infrastructure, on any cloud, or any IoT device, anywhere, even behind NAT.

Teleport 4.4: Concurrent Session Control & Session Streaming

A SSH session can be interactive or non-interactive. The session starts when a computer or human connects to a node using SSH. SSH sessions can be established using public/private key cryptography or can use short lived SSH Certificates, similar to how Teleport works. Organizations often want to know who is accessing the systems and provide a greater level of control over who and when people are accessing them, which is where Teleport 4.4 comes into play.

Website Security: How to Protect Your Website Checklist

Putting a website on the internet means exposing that website to hacking attempts, port scans, traffic sniffers and data miners. If you’re lucky, you might get some legitimate traffic as well, but not if someone takes down or defaces your site first. Most of us know to look for the lock icon when we're browsing to make sure a site is secure, but that only scratches the surface of what can be done to protect a web server.

What is SQL injection?

An SQL injection (also known as SQLi) is a technique for the “injection” of SQL commands by attackers to access and manipulate databases. Using SQL code via user input that a web application (eg, web form) sends to its database server, attackers can gain access to information, which could include sensitive data or personal customer information. SQL injection is a common issue with database-driven websites.

Egnyte Rolls Out New Governance and Compliance Tools for the Remote-work Era

From the beginning, Egnyte was architected so that your content would not have to be “boxed in” to any one single environment, but rather can flow seamlessly up, down, side to side across multiple clouds. There are good reasons for this. Sometimes it makes sense for data to be miles away, while other times it needs to be closer to where users actually are (at the edge), or offline altogether.

Raising the Red Flag on the Insider Threat from Ransomware

There was nothing in particular that should have drawn attention to the two individuals sitting for drinks at the bar in Reno. Just two old colleagues catching up over some drinks. But if someone had paid close enough attention (and perhaps spoke Russian), then they might have overheard that one of the pair was attempting to recruit the other into what was possibly one of the biggest ransomware operations to date.

6 top risk factors to triage vulnerabilities effectively

Common Vulnerability Scoring System (CVSS) scores have been viewed as the de facto measure to prioritize vulnerabilities. Vulnerabilities are assigned CVSS scores ranging from one to 10, with 10 being the most severe. However, they were never intended as a means of risk prioritization. If you’ve relied on CVSS scores alone to safeguard your organization, here’s why you’re probably using them incorrectly.

Featured Post

Project Management Lessons Learned From Risk Management

While risk management can be draining, it offers crucial lessons that enable managers to implement projects efficiently. If you undertake a thorough risk analysis before any project, you'll identify all the gaps and create mitigation strategies. This way, you'll save time and resources.

PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options

Organizations are increasingly turning to Kubernetes, but they’re having trouble balancing security in the process. In its State of Container and Kubernetes Security Fall 2020 survey, for instance, StackRox found that 91% of respondents were using Kubernetes to orchestrate their containers and that three quarters of organizations were using the open-source container-orchestration system in production.