This article was originally published on the Mysocket.io Blog here

In this article, we’re introducing SSH-aware sockets with SSH session recording and session replay. It is part of the Mysocket long-term vision to introduce more application-aware proxies. Having these identity and application-aware proxies allows the Mysocket service to provide more granular authorization policies specific to applications as well as better reporting and logging. Make sure to also watch the demo recording of this feature

The advantage of an identity-aware, ssh proxy.

We’ve talked previously about SSH zero trust and had a few demo videos showing the power of zero trust private access for SSH use-cases. …


This article was originally published on the mysocket.io blog: https://www.mysocket.io/post/continuous-access-evaluation-and-session-management

In this article, we’ll introduce session management as a first-class feature, crucial for security and compliance reasons. Session management and audibility will provide you with complete visibility and audit logging. It provides real-time information such as who is visiting what resources, when, and from where. We’ll also look at how mysocket does continuous access evaluation. Finally, we’ll show how you can terminate live TCP sessions with the click of a button!

Check this video for an audio/visual version of this blog and a demo of the new features

A quick level set

Before we…


This article was originally published on the mysocket blog

In this blog post, we’ll look at the mysocket journey of moving from a single cloud provider to a more flexible and heterogeneous multi-cloud infrastructure. We moved from using just AWS to now also include Stackpath. We’ll see how mysocket now relies on two independent anycast networks and what that means for the build and deploy processes as well as traffic load balancing options.

For the last few months, the mysocket infrastructure has been running on AWS without any issues. I chose AWS for no specific reason other than it has…


In this blog, we’ll look at how your users can ssh to servers and authenticate using OpenID connect. No need for passwords or even per user ssh keys. Instead, we’ll use Gmail as an example to authenticate users. Gmail is just an example; this could be your corp.com email as well.

Demo of starting an ssh session using Gmail credentials

Password management and key rollovers are a pain.

You’ve probably had the conversations about password and key rollovers, because of security compliance, or best practices, you need to roll your password and change your ssh keys every 90 days. …


Photo by Yves Scheuber on Unsplash

This article will take a closer look at network loops and how they can be abused as part of DDoS attacks. Network loops combined with existing reflection-based attacks can create a traffic amplification factor of over a thousand. In this article, we’ll see how an attacker will only need 50mb/s to fill up a 100gb/s link. I’ll demonstrate this in a lab environment.

This blog is also a call to action for all network engineers to clean up those lingering network loops as they aren’t just bad hygiene but a significant operational DDoS risk.

Network Loops

All network engineers are familiar with…


Today I’m excited to announce a feature a few of you have asked for — custom DNS names for your sockets.

Up until today, mysocket would generate a random DNS name for your socket. For example, floral-wildflower-1092.edge.mysocket.io. This was great to get started, but as more folks are interested in the zero trust features you asked us to add support for custom DNS names.

To support this on our end, we both need to make sure we accept connections for these custom DNS names and map them to the correct service. …


Some exciting news today, in this blog post, we’re introducing our new dashboard, portal.mysocket.io. The portal has similar functionality as the mysocketctl CLI tool but also provides access to statistics. Keep on reading; as for you power users, there’s another nice improvement related to tunnel authentication changes.

Demo of the mysocket.io portal

For the last two months, we’ve mostly focused on building out and proofing the underlying technology. We focused on the tunnels, the proxies, the distributed systems work, CLI and API, as well as the authentication and authorization components for our zero-trust features.

It’s been great to see a…


In this article, we’ll look at Mysocket’s zero-trust cloud-delivered, authenticating firewall. Allowing you to replace your trusted IP ranges with trusted identities.

Last month we introduced our first zero trust features by introducing the concept of Identity Aware Sockets. It’s been great to see folks giving this a spin and start using it as a remote access alternative for the traditional VPN.

Most services out there today are HTTP based, typically served over HTTPS. However, there are a few other commonly used services that are not HTTP based and, as a result, up until today, didn’t benefit from our…


It’s been two weeks since our last blog, so time for an update. I’m happy to report the introduction of our “Identity aware sockets” feature was well received, and we’ ‘ll continue to expand on that over the next few weeks.

In the meantime, we’ve spent time on rewriting the mysocket client, mysocketctl, in Go. The original version was written in Python3, and although it works fine, we’ve had numerous requests to publish binaries. This will make it easier to install the client as not everyone is familiar with pip or python. …


In this blog post, we’ll introduce an exciting new feature that, with the help of Mysocket, allows you to deploy your own Beyond Corp setup.

What is Zero Trust

The main concept behind Zero Trust is that users shouldn’t just be trusted because they are on your network. This implicit trust problem is something we typically see with, for example, corporate VPNs. With most corporate VPN’s once a user is authenticated, the user becomes part of the corporate network and, as a result, has access to many of the resources within the corporate infrastructure. …

Andree Toonk

Dutch Network geek based in Vancouver Canada. http://twitter.com/atoonk/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store