Benchmark: Tailscale Security Best Practices
To obtain the latest version of the official guide, please visit Tailsacle Security Overview and Best Practices.
Overview
Tailscale has many security features that can be used to increase our network security. This benchmark provides best practices for using these features to harden our Tailscale deployment.
See also an overview of Tailscale’s security, including how Tailscale builds in security by design, and internal controls are used to help keep our information safe.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-tailscale-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Tailscale Security Best Practices.
Run this benchmark in your terminal:
powerpipe benchmark run tailscale_compliance.benchmark.security_best_practicesSnapshot and share results via Turbot Pipes:
powerpipe benchmark run tailscale_compliance.benchmark.security_best_practices --shareControls
- Assign Admin roles
- Use check mode for Tailscale SSH
- Enable device authorization
- Customize node key expiration
- Upgrade Tailscale clients in a timely manner
- Use groups in ACLs
- Use tags in ACLs