The Security Industry ’ s Largest Blind
Volume 10
The Security Industry ’ s Largest Blind
By Matthew McKenna , SSH Communications Security
Confronting the Dangers of SSH Keys Head-On
What would happen if someone got a hold of your organization ’ s master password ?
This password never expired and was essentially untraceable , granting the person access to your organization ’ s critical systems and sensitive information .
Feb 2017 Edition
However , it is the source of the most critical form of access into our networks .
• IT administrators use the SSH protocol to remotely access operating systems , application databases and network devices .
• It is used by developers to access systems and move code between various systems and into cloud environments .
• It is used to securely move data between applications , both on premises and to our clouds .
• It is used by our vendors and outsourced managed service providers to maintain our systems .
• Perhaps the most worrisome application of the SSH protocol comes from hackers and malicious insiders ; it is their preferred method to move laterally throughout our networks .
Overlooking the Obvious Most security executives do not have a full appreciation of the power and degree of access that the SSH protocol provides . If we think about the likes of Snowden , Sony and Target , in each of these cases , there is sufficient evidence pointing to the use of SSH user keys to gain access to critical systems and ex-filtrate data .
Would this make you nervous ? Of course . Now imagine that this has been the case for a decade . Would you have a serious meltdown ?
If so , you would be justified in your concern . What ’ s worse , this is already happening today in our networks through the use of SSH user keys . These keys have largely been forgotten because really , who in your company is responsible for SSH ?
It is an encryption protocol that has existed for the last 20 years , quietly doing its job efficiently and effectively .
Matthew McKenna , CSO , SSH Communications Security
Though breaches occur for a variety of reasons and via many methods , the fact is that 100 percent of breaches are caused by a compromise in privileged credentials .
19