Alternatives to Gravitational Teleport

Gravitational Teleport is a powerful tool allowing organizations to secure access to SSH servers and Kubernetes clusters via a centralized authentication method. However, if you need to secure access to databases, Windows servers or internal web applications in addition to Linux servers/Kubernetes, there are other options to consider. This blog post looks at a few alternatives and discusses the pros and cons of each. For the impatient, I’ve put together

Read more

SOC 2 Terminology Glossary

SOC 2 compliance, like so many things related to IT and security, is chock full of terms and acronyms to learn.  If you are just getting started with SOC 2, it’s helpful to get familiar with this alphabet soup ahead of time so you can move your compliance efforts forward with confidence.  Below is a SOC 2 terminology glossary to get you started: AICPA The American Institute of CPAs, formed

Read more

Writing Your Security Incident Response Policy

Writing Your Security Incident Response PolicyThis article will point you to the core concepts within the SIRP so that you understand the purpose of this policy before writing your own. The Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.  The tricky thing about this policy is that it needs

Read more

PostgreSQL logging best practices

There are several reasons why you might want an audit trail of users’ activity on a PostgreSQL database: When things go wrong you need to know what happened and who is responsible You store sensitive data, maybe even PII or PHI You are subject to compliance standards like SOC 2 or PCI DSS Both application and human access are in-scope. Since application activity can be logged directly within the app, I’ll focus

Read more

Alternatives to Hashicorp Vault

HashiCorp Vault is a powerful secrets management tool that is well suited to automating the creation, distribution, and destruction of secrets. However, if your goal is to secure access to sensitive systems, a secrets store is not the only approach. In this blog post we’ll look at a few alternatives, with my take on the strengths and weaknesses of each approach. First, however, a quick matrix comparison of features may

Read more

Identity Federation on AWS and Azure Instances

Why? That’s a good starting question to start with, what’s the goal? Here we’re talking about managing access to instances on AWS and Azure in a unified way and there’s a bunch of possibilities, including (not exhaustive): Local users from a csv list with a script Local users using a configuration management tool Using a central directory (NIS, AD, LDAP) Using strongDM While the two first options are legit for

Read more

Scaling Your SSH Strategy

In our last post, we discussed some of the challenges that are inherent to management of SSH keys across your infrastructure as you scale the number of team members and servers. In this post, we will dig into some of your options and the trade-offs that they provide. Review Before we get going, let’s recap the main criteria that we are concerned with for any solution that we implement. Briefly,

Read more

How To Prepare For Your First SOC 2 Audit A 30-90-120 Day Plan

Despite thousands of articles, there's shockingly little actionable advice to help startups complete SOC 2. When you don't have dedicated compliance teams or six figure budgets, we set out to answer: When to pull the trigger on SOC 2. Who needs to be involved in prep work & what tasks can/can not be delegated. How to narrow the scope and save as much time as possible. What are achievable best

Read more

The Key To Your SSH Strategy

If you work with systems that run any variety of Linux or BSD then the probability is high that you have dealt with SSH. Invented in 1995 and established as an internet standard by the IETF in 2006, Secure SHell has become the default mechanism for remote access to servers by individuals and teams everywhere. SSH Authentication Authenticating yourself to *nix servers can take a variety of forms, but the

Read more

How to create a Linux bastion host and log SSH commands Part 2 | A step-by-step tutorial

Want to secure remote access to a private network? In this series of technical posts, we will share step-by-step instructions to create a Linux bastion host and create an audit trail by logging SSH commands.   This article is split into three parts: Part 1: Creating your bastion hosts This post shows you how to create Linux virtual machines in Amazon Web Services, setup virtual networking, and create initial firewall rules

Read more