Secure the network
Use Tailscale security features to help prevent security issues with your Tailscale network (known as a tailnet).
Manage access policy
Access control lists (ACLs) let you precisely define permissions for users and devices in your tailnet. Permissions are defined using ACL syntax and are stored in the tailnet policy file.
Manage permissions using ACLs
Learn how to use ACLs for managing access to your tailnet resources.
Manage client access
Tailscale provides features for securely accessing devices in your tailnet, and for managing the Tailscale client application.
Tailscale SSH
Use Tailscale SSH to let Tailscale manage the authentication and authorization of SSH connections for your tailnet. You can use SSH as you may have done previously, and you can optionally verify high-risk connections by using check mode.
Manage Tailscale SSH connections
Learn how to enable and establish Tailscale SSH connections.
HTTPS certificates
Connections between tailnet devices are end-to-end encrypted. Items such as browsers and web APIs are not aware of that, however. They can warn users or disable features based on the fact that HTTP URLs to your tailnet services look unencrypted. To provide your servers with TLS certificates, you can enable HTTPS.
Manage HTTPS certificates
Learn how to enable HTTPS certificates.
Mobile device management
If you are using a mobile device management (MDM) solution, you can apply a set of system policies across devices that are running Tailscale. These system policies can be used to customize the behavior of the Tailscale client to match the policies and use cases of your organization.
Customize Tailscale using system policies
Learn how to configure Tailscale clients with an MDM solution.
Manage tailnet security
Tailscale provides features for helping secure your tailnet, including tailnet configuration.
Tailnet lock
Tailnet lock provides an additional level of security where new nodes added to your tailnet must be signed by a trusted tailnet lock key before they are allowed to connect to other nodes. Specifically, tailnet lock lets you cryptographically verify the public keys distributed by the Tailscale coordination server before trusting them for network connectivity.
Enable and use tailnet lock
Learn how to verify that no node is added to your tailnet without being signed by trusted nodes in your tailnet.
Security
Tailscale provides recommendations for helping to secure your tailnet.
Best practices to secure your tailnet
Learn about the recommendations to help secure your tailnet.
Shared responsibility
Securing a virtual private network requires both the provider and the user to share in the burden of responsibility.
Shared responsibility model
Learn about the Tailscale and user responsibilities for helping secure tailnets.