Zero Trust

Let me start by painting a picture for you—one that I’m sure many of you can relate to. You’ve got a new project on the horizon, a tight deadline, and the need to spin up a handful of temporary servers just to get things off the ground. Maybe it’s a quick proof of concept, or perhaps it’s a staging environment where you’ll be running tests for the next week or two. Sounds simple enough, right? But if you’re anything like me, this is where the headaches start. I can’t tell you how many times I’ve found myself in this exact scenario. I need those servers up and running, accessible from wherever I am, but the last thing I want to do is expose them that easily to the internet for management. We all know the drill—open ports are just invitations for trouble, and managing access to these servers quickly becomes a rabbit hole of security groups, firewall rules, and SSH key management, VPN's (I've done crazy stuff as adding PortKnocking and configuring each server indivudually). Before

I'm sure this is not something just happened to me. How many times have you faced the problem of sharing some local service or development version of something you're building to a college? How many times have you faced the issue to share a file located in your endpoint and having to update it first to a share file service, so your peer, customer, partner, etc can download it? And how many times did you put that in public mode? did you forget to delete it? Those things happened to me time to time, and even when I became good with my policies on sharing, deleting, etc... what a pain in the rear... And now, I found zrok ! Ziggy-zrok zrok  is an open-source built on top of OpenZiti (Yes, the programmable zero-trust network overlay). As an OpenZiti Native Application, Zrok offers a unique combination of public and private resource sharing, as well as easy web sharing capabilities. As an open-source platform, Zrok can be self-hosted or used through the managed offering provided by N

 I have recently bought my new Yubikey, and for those of you who known me, I'm doing lots of work on Zero Trust lately; so after my new Yubikey arrived I decided to use it in order to gain access to my current protected assets. In this entry, we'll see the integration between CloudZiti (keep in mind you can use OpenZiti  instead and get the same results, it's just I do rather prefer not having a single open port) and a YubiKey.  As you problably know at this time, OpenZiti is an open-source implementation of the Ziti platform, actually CloudZiti has been built on top of it, providing secure and scalable network access to applications, services and identities.  I don't think you need to know what a YubiKey is, just rememver that basically it's an authentication device that supports multiple protocols, including One-Time Password ( OTP ) for enhanced security. My idea is combining both technologies and improve the security and reliability of my network infrastructure