And how to fix that…
Lack of control over SSH Keys is making hackers surpass Secure Shell security layer. The SSH Trick is when hackers use SSH Keys to log into servers. Most organizations are inadequately prepared for detecting a misuse of SSH keys. The trick is predominant, I realized this when I came across a report by Ponemon Institute that details vulnerabilities related to SSH keys.
The highlights of the findings:
- 51% of organizations have already been compromised via SSH
- 60% cannot detect new SSH keys on their networks or rely on administrators to report new keys
- 74% have no SSH policies or are manually enforcing their SSH policies
- 54% of organizations using scripted solutions to find new SSH keys were still compromised by rogue SSH keys on their networks in the last 24 months
- Global financial impact from one SSH-related security incident was between US $100,000 to $500,000 per organization
Hackers can purchase SSH Keys on the Darkweb. How the keys got out of the enterprise walls and to dark web? Attribute it to system inadequacies that were not thought of by the bank at the time of setting an NIST compliant IT System.
As per an article on Business Wire, despite being used to provide the highest privileged access to administrators, SSH is poorly managed by most respondent. The study conducted by Dimensional Research analyzed responses from IT and Security Professionals, reported:
- About 61% respondents said they don’t limit or monitor the number of administrators for SSH
- Only 35% enforce policies that prohibit SSH users from configuring their authorized keys
- More than 90% claim of not having an inventory of all SSH keys
- The findings suggest that lack of controls over SSH Keys leave enterprises open to attacks from malicious parties. Keys are not aligned with access based requirements and often passed-on within IT team members leaving to security related issues. The mismanagement is widespread and hackers are making way to enterprise IT systems through SSH Keys.
Furthermore, SSH Keys often are overlooked in IAM planning, implementation and audits. Furthermore, an IAM system if synchronized with SSH keys can also simplify access procedures and provide homogeneity to access control systems. Moreover, when considering cyber-security is considered, IAM technology can be used to initiate, capture, record and manage user identities and their related access permissions in an automated fashion. That ought to simplify things a bit.
To sum it up, given the vulnerabilities associated with SSH keys – it is crucial for businesses to keeping a close watch on assess made through the keys. Alignment, testing and auditing of SSH Keys related workflows can subvert an impending damage. It is high time to bring focus on security aspect of SSH Key and manage specific challenges related to unsolicited access threat.