This article was originally published on the mysocket.io blog: https://www.mysocket.io/post/continuous-access-evaluation-and-session-management

In this article, we’ll introduce session management as a first-class feature, crucial for security and compliance reasons. Session management and audibility will provide you with complete visibility and audit logging. It provides real-time information such as who is visiting what resources, when, and from where. We’ll also look at how mysocket does continuous access evaluation. Finally, we’ll show how you can terminate live TCP sessions with the click of a button!

A quick level set

Before we…

This article was originally published on the mysocket blog

In this blog post, we’ll look at the mysocket journey of moving from a single cloud provider to a more flexible and heterogeneous multi-cloud infrastructure. We moved from using just AWS to now also include Stackpath. We’ll see how mysocket now relies on two independent anycast networks and what that means for the build and deploy processes as well as traffic load balancing options.

For the last few months, the mysocket infrastructure has been running on AWS without any issues. I chose AWS for no specific reason other than it has…

In this blog, we’ll look at how your users can ssh to servers and authenticate using OpenID connect. No need for passwords or even per user ssh keys. Instead, we’ll use Gmail as an example to authenticate users. Gmail is just an example; this could be your corp.com email as well.

Password management and key rollovers are a pain.

You’ve probably had the conversations about password and key rollovers, because of security compliance, or best practices, you need to roll your password and change your ssh keys every 90 days. …

This article will take a closer look at network loops and how they can be abused as part of DDoS attacks. Network loops combined with existing reflection-based attacks can create a traffic amplification factor of over a thousand. In this article, we’ll see how an attacker will only need 50mb/s to fill up a 100gb/s link. I’ll demonstrate this in a lab environment.

This blog is also a call to action for all network engineers to clean up those lingering network loops as they aren’t just bad hygiene but a significant operational DDoS risk.

Network Loops

All network engineers are familiar with…

Today I’m excited to announce a feature a few of you have asked for — custom DNS names for your sockets.

Up until today, mysocket would generate a random DNS name for your socket. For example, floral-wildflower-1092.edge.mysocket.io. This was great to get started, but as more folks are interested in the zero trust features you asked us to add support for custom DNS names.

To support this on our end, we both need to make sure we accept connections for these custom DNS names and map them to the correct service. …

Some exciting news today, in this blog post, we’re introducing our new dashboard, portal.mysocket.io. The portal has similar functionality as the mysocketctl CLI tool but also provides access to statistics. Keep on reading; as for you power users, there’s another nice improvement related to tunnel authentication changes.

For the last two months, we’ve mostly focused on building out and proofing the underlying technology. We focused on the tunnels, the proxies, the distributed systems work, CLI and API, as well as the authentication and authorization components for our zero-trust features.

It’s been great to see a…

In this article, we’ll look at Mysocket’s zero-trust cloud-delivered, authenticating firewall. Allowing you to replace your trusted IP ranges with trusted identities.

Last month we introduced our first zero trust features by introducing the concept of Identity Aware Sockets. It’s been great to see folks giving this a spin and start using it as a remote access alternative for the traditional VPN.

Most services out there today are HTTP based, typically served over HTTPS. However, there are a few other commonly used services that are not HTTP based and, as a result, up until today, didn’t benefit from our…

It’s been two weeks since our last blog, so time for an update. I’m happy to report the introduction of our “Identity aware sockets” feature was well received, and we’ ‘ll continue to expand on that over the next few weeks.

In the meantime, we’ve spent time on rewriting the mysocket client, mysocketctl, in Go. The original version was written in Python3, and although it works fine, we’ve had numerous requests to publish binaries. This will make it easier to install the client as not everyone is familiar with pip or python. …