Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

X11 forwarding, ssh -X, is an SSH protocol that enables users to run graphical applications on a remote server and interact with them using their local display and I/O devices. It is commonly relied upon by developers for securely interacting with remote machines across wide and heterogeneous server fleets.

The WebAuthentication API, or WebAuthn, facilitates secure authentication based on public-key credentials. The idea of passwordless and public-key authentication is not new, but the compatibility and interoperability of various elements in the authentication process were always weak. WebAuthn API aims to solve that problem by bringing the uniform authentication API into web browsers.

In a Kubernetes cluster, Control Plane controls Nodes, Nodes control Pods, Pods control containers, and containers control applications. But what controls the Control Plane? Kubernetes exposes APIs that let you configure the entire Kubernetes cluster management lifecycle. Thus, securing access to the Kubernetes API is one of the most security-sensitive aspects to consider when considering Kubernetes security.

Databases are a critical component of an organization’s infrastructure and a primary target for hackers and cybercriminals. This makes it essential that you have standard practices to secure your database. This article discusses the steps and procedures of securing CockroachDB, a renowned SQL-based and distributed database. CockroachLabs offers both hosted CockroachDB-as-a-Service offering and an enterprise self-hosted version.

Controlling your Windows PC remotely can open a world of possibilities; remote work, remote assistance, remote system diagnosis and network troubleshooting are just some of the advantages of using Remote Desktop Protocol or RDP. Developed by Microsoft, RDP allows you to remotely connect to another computer over a network, giving you full access to and control over the computer’s software, data and resources.

X.509 is the first thing that comes to mind when discussing digital certificates. After all, it is the most widely used digital certificate in the PKI ecosystem and is the core component of SSL/TLS protocols, the technology that powers HTTPS. X.509 was first released on 25 November 1988 and is powerful, extensible and widely supported. But it's not the only certificate format available out there. For example, the popular email encryption program PGP uses a custom certificate format instead of X.509.

In a certificate-based authentication, a user or machine proves their identity to the servers and networks with a certificate that is digitally signed by a certificate authority, a trusted centralized entity responsible for issuing and managing certificates. Many popular servers support certificate-based authentication, but people often opt-in for a password or key-based authentication to avoid certificate management overhead.

This blog is the final part of a series about secure access to Amazon RDS. In Part 1, we covered how to use OSS Teleport as an identity-aware access proxy to access Amazon RDS instances running in private subnets. Part 2 explained implementing single sign-on (SSO) for Amazon RDS access using Okta and Teleport. Part 3 showed how to configure Teleport access requests to enable just-in-time access requests for Amazon RDS access.