TY
While attending school in Helsinki, I discovered that a hacker attack was targeting our university network. To shield it from the attack, I wrote a program to protect data as it moved throughout the network. I called it the “secure shell,” or SSH for short. Today, SSH keys are used in nearly every major network environment—including large enterprises, financial institutions and governments—to protect data in transit and remotely manage systems.
SSH creates one key for the server and a second for the user, and then encrypts any data transmitted between the pair. Organizations use SSH to encrypt everything sensitive: logins, health records, financial data and other personal information are all protected by SSH.
Despite the highly valuable nature of the information SSH typically protects, organizations are distressingly lax with managing how SSH keys are created and dispersed within their networks. When control over this process breaks down, organizations leave themselves vulnerable to security breaches and fail to comply with federal regulations.
It seems improbable that such a significant problem could be this little understood, yet few even know it exists. Over the years, SSH key mismanagement has been obscured by the technical, complex network infrastructure where it resides. Network administrators typically only monitor a small piece of the network at any one time, and therefore often lack a comprehensive understanding of system-wide issues. If network administrators themselves aren’t fully aware of the problem, it’s even less likely for executives and non-IT managers to make it a priority, much less know it exists at all.
Someone has Stolen Your SSH Keys
The possibility of malicious actors using stolen or lost SSH keys to gain illicit network access is increasing by the day. Implementing SSH keys as part of a virus is very simple. Once a virus gains successful entry, it can use improperly managed SSH keys to spread throughout an entire organization.
In fact, networks using SSH keys are so tightly interconnected that a successful attack is likely to infect all of an organization’s servers, especially if the virus gains root privileges after breaching a server. Even back-up servers can be corrupted if they use the same keys. In a worst-case scenario, a virus using numerous attack vectors could spread Internet-wide and corrupt immense amounts of data very quickly.
Disregard for Regulations
Security breaches are not the only problem for organizations without proper SSH key management protocols; they also fail to comply with mandatory federal requirements that call for control over server access as well as the ability to terminate that access. Moreover, organizations may also be ignoring internal security policies mandated by customers.
While these risks are a result of faulty guidelines and negligence, rather than any weaknesses or defects in the SSH protocol itself, SSH key mismanagement must not be overlooked any longer. By failing to control SSH key-based access to networks and servers, organizations are sitting ducks for an attacker.
Remediating an Issue
To solve this problem, IT teams need support and endorsement from throughout the entire organization, including C-suite executives.
A remediation project to address mismanagement of SSH keys requires multiple steps:
- Enforcing proper procedures for all key operations.
- Monitoring the network to discover which keys are actually used so that keys no longer in use may be removed.
- Rotating keys regularly so that any compromised keys no longer work.
- Automating key management: reducing human error and the number of administrators from several hundred to a select few.
- Controlling where each key can be used and what for.
- Unearthing exactly who has access to what.
Moving Forward
While SSH is the standard for securing data in transit, organizations must take on more active roles in managing access to their SSH networks.
The majority of Fortune 500 companies and major government agencies continue to operate out of compliance, and are opening themselves up to major security threats from hackers and rogue employees. Fully addressing this issue will take significant investments in time and manpower. CIOs and other IT management professionals must make the proper management of SSH user keys a top priority.
About the Author:
Tatu Ylönen is the CEO and founder of SSH Communications Security. While working as a researcher at Helsinki University of Technology, Tatu Ylönen began working on a solution to combat a password-sniffing attack that targeted the university’s networks. What resulted was the development of the secure shell (SSH), a security technology that would quickly replace vulnerable rlogin, TELNET and rsh protocols as the gold standard for data-in-transit security.
Tatu has been a key driver in the emergence of security technology, including SSH & SFTP protocols and co-author of globally recognized IETF standards. He has been with SSH since its inception in 1995, holding various roles including CEO, CTO and as a board member.
In October 2011 Tatu returned as chief executive officer of SSH Communications Security, bringing his experience as a network security innovator to SSH’s product line. He is charting an exciting new course for the future of the space that he invented.
Tatu holds a Master of Science degree from the Helsinki University of Technology.