Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications

How Secure Shell Key Mismanagement Puts Your Data at Risk

SSH Communications Security : 03 June, 2013  (Special Report)
Tatu Ylönen, CEO and founder, SSH Communications Security examines the risks associated with the mismanagement of secure shell keys
How Secure Shell Key Mismanagement Puts Your Data at Risk

Nearly every major network environment today – including governments, large enterprises and financial institutions – uses a version of the Secure Shell data-in-transit protocol, to protect data as it moves throughout the network and allow for administrators to manage systems remotely.

Secure Shell works by creating an encryption key pair – one key for the user’s machine, and the other key for the server – while encrypting the data that is transmitted between those two keys. Organizations use Secure Shell to encrypt everything from logins to financial data, health records and other personally-identifiable information. While Secure Shell keys protect highly sensitive information, organizations have been astonishingly indifferent at managing the creation, location and access of Secure Shell keys giving access to critical assets.

When organizations are unable control the creation quantity and location of keys in the network, they are leaving themselves open to security breaches and noncompliance with federal regulations. Fortunately, there are best practices that organizations can take to prevent the risk associated with mismanagement by asserting control over their network environments.

An Issue Shrouded in Mystery

For a problem with such substantial risks, Secure Shell key mismanagement is surprisingly unknown. Obscured by its highly technical nature and everyday organizational challenges, the problem has remained cloaked in the IT department. System administrators aren’t often aware of the problem, since their daily responsibilities are centered on a fraction of the overall network. Even if executives and other business managers are alerted to the issue, they are often simply too busy to investigate its scope or possible consequences.

The problem, however, is pervasive and profound. Through discussions with major enterprises, governments and financial institutions, we have discovered that most organizations have between eight and one hundred Secure Shell keys in their environments that permit access to each Unix/Linux server.  Some of these keys also provide high-level root access, leaving servers vulnerable to “high-risk” insiders. These “insiders,” including anyone who has ever been given server access, have the potential to use mismanaged Secure Shell keys to secure permanent entrance to production servers.

Virus Threat Vector

The probability of Secure Shell keys being used maliciously to steal data increases daily. Media reports about network breaches are commonplace as attacks become more prevalent and sophisticated. Implementing Secure Shell keys as an attack vector in a virus is fairly simple, requiring only a few hundred lines of code. Once a virus gains successful entry, it can use improperly managed Secure Shell keys to spread from server to server.

In fact, key-based access networks are so tightly woven that it is highly likely that a successful attack will infect virtually all servers within an organization, particularly if the virus also uses other attack vectors to elevate privileges to “root” after breaching a server. With so many keys being distributed, odds are the virus will corrupt nearly all servers in a matter of seconds to minutes, including disaster recovery and backup machines that are usually also managed using such keys.

Under the worst circumstances, a virus using numerous attack vectors could spread Internet-wide, quickly and, merged with destruction technologies, could destroy immense amounts of data.  

Danger of Noncompliance

Organizations without proper Secure Shell key management protocols in place are not only at risk from security breaches; they are also non-compliant with mandatory security regulations and laws. SOX, FISMA, PCI and HIPAA are all industry requirements that demand both control of server access and the ability to terminate that access. Furthermore, organizations may also be neglecting internal security policies (in some cases, policies mandated by customers).

Fortunately for all who rely on it, Secure Shell itself is secure and trusted by millions of networks worldwide. These issues with security are the result of faulty guidelines relating to Secure Shell keys, insufficient time and resources to research the issue to develop solutions, a lack of understanding of the consequences of the problem and the hesitancy of auditors to flag issues that they cannot solve.

It is now obvious that the issue of Secure Shell key mismanagement cannot be dismissed. Without auditing, controlling, or terminating Secure Shell key-based access to their IT systems and data properly, most enterprises, government agencies, telcos and retailers are a clear target for a hacker.

A Plan of Action

It is now obvious that the issue of Secure Shell key mismanagement cannot be dismissed. Without auditing, controlling, or terminating Secure Shell key-based access to their IT systems and data properly, most enterprises, government agencies, telcos and retailers are a clear target for a hacker.

Taking the steps to address Secure Shell key mismanagement will require proper support and endorsement within the organization itself.

The core of the remediation project is comprised of multiple steps:

* Automating key setups and key removals; eliminating manual work, human errors, and reducing the number of administrators from several hundred to virtually none.
* Managing what commands can be executed using the key and where the key execution can happen.
* Requiring proper processes for all key setups and other key operations.
* Monitoring the environment in order to establish which keys are actually used and removing keys that are no longer in use.
* Rotating keys, i.e., changing every authorized key (and corresponding identity keys) regularly, so that any compromised (copied) keys cease to work.
* Identifying all current trust-relationships (who has access to what).

Going Forward

Due to this problem alone, nearly the entire Fortune 500 and many major government agencies operate out of compliance, and face significant security threats from hackers or malicious insiders. To fully address the issue, it will take several years and thousands of properly trained people. CIOs, CISOs and enterprise IT risk management professionals must make it a priority to ensure that SSH user keys are properly managed in their organizations.

While Secure Shell continues to be the industry standard for data-in-transit security, today’s data security realities demand that organizations take pivotal steps to improve access management of their Secure Shell networks.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012