In the OpenZiti project, we have created an overlay network that makes network services dark. Part of that system is authenticating devices and users before they connect. The challenge is that most companies already have methods to authenticate human users and hardware devices. The challenge we faced with OpenZiti was to provide ways to integrate both users and devices through external Identity Providers (IdP). Our solution was to allow two of the fundamental building blocks of modern authentication systems to be validated by OpenZiti: x509 certificates and JWTs.

I find myself writing this high-level overview of public/private key cryptography often. Sometimes I even call it "an overview of asymmetric encryption." It depends on my mood. Rather than hunt for a simple overview and fail to find one I like, I created this. An article that I can control and point to in the future. Welcome. This is my high-level overview of public-private key cryptography.

Many kids love Minecraft for many different reasons. There comes a point in most users' lives where they decide they want to host their own Minecraft server allowing them and their friends to play on their own private server. It's kind of a big deal for some, it's like owning your own little world where you and your friends can collaboratively search for hidden caves or build giant pyramids with mazes of halls and tunnels.

For a long time, I've been concerned about relying on a company's focus on security. I generally expect the least focus on security as many companies just want to be first to market. Yikes, that sounds bad, but many companies indeed focus too little on security. I do not expose my internal network to the world by opening ports on my firewall. While I'd like access to a few things like my security camera system, network storage device, home assistant, etc., I am very concerned that some bad actor will somehow find my hosted service and find a way in because of some CVE that hasn't been patched. Now that I've drawn a severely dark picture let's bring some light in, haha.

Integrating with Ziti? An Introduction

What is something everyone wants but can be difficult or cumbersome to implement? Better security practices. Here we are going to explore Zero Trust via OpenZiti. Zero Trust is a concept where a network is never trusted and always reverified. Constantly revalidating all connections and participants to validate they should be there. OpenZiti seeks to alleviate the hassle of setting up a zero trust network and putting the power in developers to create more secure apps If you haven't heard of OpenZiti then you can check out the project here as well as an overview. Today we are going to be extending a very helpful http testing tool to talk over Ziti.

Introduction​

I work with Golang every day as a developer on the OpenZiti project. In learning Go, I've hit various stumbling blocks, settled on some best practices and hopefully gotten better at writing Go code. This series exists to share some of the 'Aha!' moments I've had overcoming obstacles and finding solutions that sparked joy.

Securing NodeJS Applications​

Welcome

If you are a NodeJS app developer or DevSecOps practitioner, and application security and business agility is important to you, then you're in the right place.

OpenZiti is Participating in Hacktoberfest, Prost!​

What's Hacktoberfest?​

Hacktoberfest is a month long journey many take to get a free t-shirt. Wait, no, it's a community gathering to support the open source community and projects. Every year, during the month of October, DigitalOcean hosts an event in which developers around the world join together to contribute to open source. You can contribute by submitting changes ranging in difficulty from fixing a typo to implementing a full-fledged feature on a project. As the official Hacktoberfest website says, "Quantity is fun, Quality is key."

OpenZiti project adds security layers that make your service available without exposing incoming ports, provides identity-specific end-to-end encryption, masks your network traffic protocols/ports, and allows developers to be more agile and secure than ever in all networking scenarios.

The Problem​

To put it plainly, I don't like opening up ports on my local firewall. However, I have a network attached storage (NAS) device that I want accessible from the internet so I have access from anywhere. So, how can I access my private network from anywhere without opening ports?