Information security starts with ‘Who’ has ‘What’ access to systems and data and ‘How’ that information is being accessed. Keeping in perspective the important data routed via SSH, there are a few important questions for IT department heads to ponder over:
- Can the It team detect the use of an unauthorized SSH key on the enterprise network?
- How does the organization mitigate risks wherein SSH keys do not expire?
- What kind of security systems are implemented by IT security folks for SSH key integration within cloud environments?
Enterprises have been using SSH keys to access IT systems and to securely transmit data. However, they often neglect management of SSH keys that require robust access management and identity linked protection. SSH keys have often been overlooked in identity and access management planning, implementation and audits. In a scenario where SSH key and IAM technology are not integrated, when a user gets created, management of SSH keys related to granting access is done manually without any oversight or controls.
The SSH keys grant access to enterprise resources such as production servers, databases, routers, firewalls, disaster recovery IT systems, databases including financial information, payment channels, intellectual property and sensitive information. Furthermore, SSH keys often grant access to privileged accounts at an operating system level. In many cases, the SSH key is utilized at the command line level within an IT system.
Many organizations report varied issues related to SSH keys, including no record of keys, no provisioning or termination processes for users. Most often, system administrators self- provision permanent key-based access without governance policies, processes or oversight. The mismanagement is believed to be systematic in nature.
Most large organizations have accumulated a great number of SSH keys within their environments. Now they are finding enterprise-wide deployment issues in Secure Shell management. These issues have been overlooked due to lack of governance for years, encouraging misuse of SSH keys, violating corporate access policies and opening backdoors for cyber criminals.
SSH keys synchronized with IAM capabilities bring customers better access processes to keep SSH key management from becoming a cybersecurity risk that may get out of control. It also widens the security umbrella and strategically aligns cyber security considerations.
This calls for auditing of SSH security related vulnerabilities. As there has been a greater understanding of dealing with SSH security issues, specific SSH key related challenges can be curtailed. This will help in creating a reliable access management mechanism and preventing keys from being used to circumvent controls that exist for SSH keys.
What’s making hackers surpass SSH keys?
Lack of control over SSH keys allows hackers to infiltrate through existing perimeter layers of security. The hacker’s use of SSH to infiltrate your enterprise is like giving away the keys to the kingdom.
Hackers can purchase SSH keys on the dark web. However, the question is how the keys got beyondenterprise walls and to dark web. Attribute it to system inadequacies that were not thought of by companies at the time of setting NIST compliant IT system. Further, despite being used to provide the highest privileged access to administrators, SSH keys are poorly managed by most organizations.
SSH keys often are overlooked in IAM planning, implementation and audits. Given the vulnerabilities associated with SSH keys, it is crucial for businesses to keep a close watch on unauthorized privileged access, lateral movement across the enterprise and unmonitored exfiltration. A robust program of SSH key management can prevent major and costly cybersecurity breaches. For more information on SSH key management, experts at Avancer can discuss specific solutions. Write to us at info@avancercorp.com.