The previous post revisited the zssh project and demonstrated how to implement a simple ssh client using the extended modules provided by the Golang project. It also modified that simple program and showed what it takes to incorporate OpenZiti, creating a zero trust ssh client. This post focuses on another aspect of zssh and OpenZiti: multi-factor authentication.

A few years ago, the OpenZiti project developed and published two client tools to make ssh and scp available over an OpenZiti overlay network without requiring the sshd port to be exposed to the internet. If interested, read the original posts about zssh and zscp. Continuing with the belief that security-related code should be open source and auditable, the project is available on GitHub.

One of the most incredible achievements of the late 20th century is the internet.  It has connected the world in ways never imagined and enabled businesses, organizations, and individuals to do incredible things efficiently and at a global scale.  One of the groups it has enabled, unfortunately, is criminals.  Since the first networks were connected, criminals and malicious users have exploited weaknesses in software and configuration to disrupt business and steal money, technology, and peace of mind.  The connectivity of the modern world is the greatest feature and the greatest weakness.  Recently, Zero Trust has become the new security model.  Zero Trust is an evolution of earlier models, addressing their weaknesses and giving a framework to deliver much more secure systems and networks.  NetFoundry, the sponsor of the free and open-source OpenZiti project, is at the forefront of this movement, providing many Zero Trust features, and enabling others.  The API-driven and software-embeddable nature of the OpenZiti project gives flexibility for simple solutions that have outsized impacts in reducing some of the most common risks seen in information systems today.

I authored my first NGINX module to offload OpenZiti connections into a legacy application deployment. That work can be seen in Github in the OpenZiti ngx_ziti_module and an article explaining its operation can be found here: NGINX& ZeroTrust API Security

Intro

Monitoring is very important in today's technology world. It allows system administrators to

• detect early signs of failures and security breaches, and address them before they cause outages

• improve resource utilization

• reduce time spent on active monitoring and instead be alert-driven

With the first version of ngx_ziti_module, it is possible to take an NGINX-exposed Web API and make it completely dark. This means no open ports in NGINX, and it brings the Zero Trust capabilities of OpenZiti to any NGINX deployment. Yes, replace open ports with open source! OpenZiti works in existing applications or new ones.

Securing NodeJS Applications​

Welcome

If you are a NodeJS app developer or DevSecOps practitioner, and application security and business agility is important to you, then you're in the right place.

I Created a Zero Trust Overlay Network to Access HomeAssistant​

Backstory​

Solving Problems​

I wanted a way to check on my house (mainly my dogs) while I was away. So, I did what any trendy person would do and bought an IP camera with pan and tilt, which was great. A quick sign-up to their proprietary app, and I could view live video of my pups tearing apart my house from anywhere in the world.

In the previous post we talked about how we could take a well-known application and improve its security by zitifying it, producing zssh. The logical next step after zitifying ssh would be to extend the functionality of zssh to cover moving files securely as well, enter zscp. A zitified scp effectively creates a more secure command line tool for sending and receiving files between ziti-empowered devices. Once zitified, we can use zscp using ziti identity names just like we did in zitifying ssh. I recommend reading the previous article if you haven't to learn more about the benefits of zitifying tools like ssh and scp.

Mobile Point of Sale (mPOS) app – embed zero trust networking​

Written with Sagarkumar S of Enlume Technologies

Point of sale application developers and solution providers need to provide secure, reliable applications to retailers.  However, retailers need to create duplicate networks with extra hardware and configuration to separate their point of sale (POS) data for PCI compliance.  Now, there is a better way.  Use the simple Ziti SDKs to embed zero trust networking, inside the POS app, so that the POS app is secure on any network - micro-segmented and zero trust.