Player FM - Internet Radio Done Right
Checked 1+ y ago
Vor zwei Jahren hinzugefügt
Inhalt bereitgestellt von Teleport. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Teleport oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!
Gehen Sie mit der App Player FM offline!
Protocol
Alle als (un)gespielt markieren ...
Manage series 3488489
Inhalt bereitgestellt von Teleport. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Teleport oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Audio versions of Teleport best technical blog posts. https://goteleport.com/blog/
…
continue reading
11 Episoden
Alle als (un)gespielt markieren ...
Manage series 3488489
Inhalt bereitgestellt von Teleport. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Teleport oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Audio versions of Teleport best technical blog posts. https://goteleport.com/blog/
…
continue reading
11 Episoden
Alle Folgen
×Chapter 1 Preview. Preventing Breaches by Eliminating Secrets and Adopting Zero Trust Download PDF: https://goteleport.com/resources/books/indentity-native-infrastructure-access-management/ Traditional secret-based credentials can't scale to meet the complexity and size of cloud and on-premises infrastructure. Today's applications are spread across a diverse range of clouds and colocation facilities, as well as on-prem data centers. Each layer of this modern stack has its own attack vectors and protocols to consider. How can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic down into manageable pieces. You'll discover how different parts of the approach fit together in a way that enables engineering teams to build more secure applications without slowing down productivity.…
What is an SSH bastion and how is this different from an SSH jump server or an SSH proxy? https://goteleport.com/blog/ssh-bastion-host/ What is an SSH bastion and how is this different from an SSH jump server or an SSH proxy? In this post, we’ll answer this question and will show you how to set it up using two popular open source projects. OpenSSH is the older and better known SSH server. It comes pre-installed by default with the vast majority of Linux distributions and is the easier option to get started with. Teleport is a much newer SSH server, its first production-quality release came out in 2016. Teleport has been optimized for elastic multi-cloud environments and supports other access protocols in addition to SSH. Both Teleport and OpenSSH support bastions, and they are extremely similar as they are both single-binary Linux daemons. Both require a…
The industry best practices for SSH security include using certificates, two-factor authentication, and SSH bastion hosts. B https://goteleport.com/blog/how-to-ssh-properly/ There's no denying that SSH is the de facto tool for *nix server administration. It's far from perfect, but it was designed with security in mind, and there's been a huge amount of tooling written over the years to make it easier to use. In addition, many popular products and just about every server deployment system integrate with SSH somehow. It is universally supported across pretty much all architectures and distributions, from Raspberry Pi's all the way up to massive supercomputer clusters.…
The most common failures we’ve encountered with Kubernetes https://goteleport.com/blog/troubleshooting-kubernetes-networking/
Hacked via a Pull Request https://goteleport.com/blog/hack-via-pull-request/
Security Assertion Markup Language (SAML) 2.0 is one of the most widely used open standard for authentication and authorizing between multiple parties. https://goteleport.com/blog/how-saml-authentication-works/ At its core, Security Assertion Markup Language (SAML) 2.0 is a means to exchange authorization and authentication information between services. SAML is frequently used to implement internal corporate single sign-on (SSO) solutions where the user logs into a service that acts as the single source of identity which then grants access to a subset of other internal services. The advantage of adopting SAML/SSO from a security perspective are clear: Single source of identity. When an employee joins or leaves a company, you don’t have to worry about the myriad of internal services that now have to be updated, and the ones that will inevitably be missed. Enforce consistent authentication. SAML/SSO can be used to enforce consistent method of authentication across all internal corporate services, like multifactor authentication and session duration. This particular post will be focused on providing an overview of the how and why of SSO and SAML.…
In this blog post we’ll cover how to set up an SSH jump server. We’ll cover two open source projects. A traditional SSH jump server using OpenSSH. The advantage of this method is that your servers already have OpenSSH pre-installed. https://goteleport.com/blog/ssh-jump-server/ What is an SSH Jump Server? An SSH jump server is a regular Linux server, accessible from the Internet, which is used as a gateway to access other Linux machines on a private network using the SSH protocol. Sometimes an SSH jump server is also called a “jump host” or a “bastion host”. The purpose of an SSH jump server is to be the only gateway for access to your infrastructure reducing the size of any potential attack surface. Having a dedicated SSH access point also makes it easier to have an aggregated audit log of all SSH connections. Why not call it an SSH proxy? Partly due to historical reasons. In the earlier days of SSH, users had to SSH into a jump host and from there, they had to type ssh again to “jump” to a destination host. Today, this is done automatically using the ProxyJump option.…
What is OIDC and How it works. Did you know that in the United States, the Social Security Number was never intended to become the defacto method for physical identification? On its surface, this may come as a shock given how ubiquitously SSNs are used for this exact reason, but looking beneath the surface, we find that SSNs are terrible forms of identification. Ignoring the security concerns of a nine digit numeric code, an SSN is not for universal identification. Rather, it represents an impersonal abstraction of a person that is intended for a narrow use-case. However, the convenience of a universally accepted method of identification was too great to pass up, and we now find ourselves stuck in a troublesome place: How do we let institutions authenticate our identities without relying on a unique identifier that can be easily compromised? While we do not yet have a universally secure authentication method for our physical identities, we have come to solve this problem in the digital world. In this article, we will explore this same conundrum for our online identities in the form of the authentication layer, OIDC, built on the authorization protocol, OAuth. After a brief introduction to the topic of authentication and authorization, we will compare two common authentication methods (OIDC and SAML), discuss how OIDC works in relation to OAuth, and run through a brief case study.…
What’s worse than an unsafe private key? An unsafe public key. https://goteleport.com/blog/comparing-ssh-keys/
Yes! https://goteleport.com/blog/do-we-still-need-a-bastion/
P
Protocol
![Protocol podcast artwork](/static/images/64pixel.png)
All tunneling features supported by OpenSSH In this post, I’ll cover different tunneling features as supported by OpenSSH, which helps achieve security use cases such as remote web service access without exposing ports on the internet, accessing servers behind NAT, exposing local ports to the internet. OpenSSH is the most widely used open-source SSH server. It comes pre-installed by default with the vast majority of Linux distributions. https://goteleport.com/blog/ssh-tunneling-explained/…
Willkommen auf Player FM!
Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.