Poorly managed SSH keys pose serious risks for most companies
Three in four have no processes for managing keys that provide access to
critical servers
By Jaikumar Vijayan (Computerworld (US)) 22nd February,
2014http://www.arnnet.com.au/article/538884/poorly_managed_ssh_keys_pose_serious_risks_most_companies/?fp=2&fpid=1
Many companies are dangerously exposed to threats like the recently revealed
Mask Advanced Persistent Threat because they don't properly manage the Secure
Shell (SSH) cryptographic keys used to authenticate access to critical internal
systems and services.
A Ponemon Institute survey of more than 2,100 systems administrators at Global
2000 companies discovered that three out of four enterprises are vulnerable to
root-level attacks against their systems because of their failure to secure SSH
keys.
Even though more than half of the surveyed enterprises had suffered SSH-key
related compromises, 53% said they still had no centralized control over the
keys and 60% said they had no way to detect new keys introduced in the
organizations. About 46% said they never change or rotate SSH keys -- even
though the keys never expire.
Those findings reveal a significant gap in enterprise security controls, said
Larry Ponemon, founder and CEO of the Ponemon Institute. "It's hard to believe
that companies allow themselves to be so insecure," he said. "This doesn't
appear to be a situation where this vulnerability has to even be a
vulnerability."
SSH keys allow administrators to remotely login to and operate a system via a
secure encrypted tunnel. Administrators use such keys to authenticate access to
critical database systems, application servers, cloud systems and security
systems. SSH keys are also used to authenticate machines running automated
processes and services and to protect data in transit.
SSH keys never expire, meaning that once a key is used to authenticate access
to a system, the same key can be used in perpetuity unless it is changed. A
hacker who acquires an unsecured SSH key can use it to gain access to the
server or service to which it is attached and then use that access to try and
find more keys for jumping on to other systems in a network.
Because SSH keys provide administrator-level, fully encrypted access to
enterprise systems, any compromise of the keys could allow an attacker to gain
complete control of a system while they remain hidden from view.
SSH uses an encryption key pair to enable a secure connection between two
systems. One key is for the server and the other for the client device that
wants access to the server. An organization might have numerous SSH keys with
access to a single server.
Large enterprises can have tens of thousands of SSH keys on their network --
most of which are poorly managed, said Kevin Bocek, vice president of product
marketing and threat research at security vendor Venafi, which commissioned the
Ponemon survey.
Companies often have little knowledge about the presence of such keys on their
networks and therefore do little to manage them.
"SSH is really critical as a root-level access [tool]," Bocek said. "It is an
encrypted channel that goes around traditional host protections."
By stealing SSH keys, attackers like those behind The Mask APT can impersonate
admins, snoop around and take complete control of a target's network without
being detected, he said. There are signs that National Security Agency
contractor Edward Snowden might have used SSH keys or a similar digital
certificate to access and steal documents without being detected, he said.
Systems administrators typically introduce SSH keys into an environment with
little awareness of how the keys can be misused, Bocek said. Though IT security
teams at some organizations have attempted to gain control over key management,
many enterprises still leave the task to the administrators, he said.
In the Ponemon survey, about 74% of the respondents said they allow
administrators to independently control and manage SSH keys. As a result,
enterprise security teams often have very little visibility into the scale of
the problem and even less information about how to manage it.
To get a handle on the problem, enterprises must figure out where SSH is in use
and how many keys might be floating about on their networks. They then need to
find a way to correlate the keys back to the appropriate servers, evaluate
whether they're needed and put in place a process for automatically changing
keys.
Jaikumar Vijayan covers data security and privacy issues, financial services
security and e-voting for Computerworld. Follow Jaikumar on Twitter at
@jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is
[email protected].
_______________________________________________
Link mailing list
[email protected]
http://mailman.anu.edu.au/mailman/listinfo/link
