Skip to main content
banner image
venafi logo

5 Steps that May Be Leading You toward a Ticking SSH Bomb

5 Steps that May Be Leading You toward a Ticking SSH Bomb

infographic of three businessmen running from one businessman with a ticking time bomt
September 12, 2019 | Bart Lenaerts


No one wants a poorly managed SSH deployment to create the perfect threat surface for adversaries. If you are not properly protecting SSH connections, they can lead to very costly incidents. But what are the ingredients for this ticking time bomb?
 

When evidence is found of a stolen SSH client key, a security event can quickly become a serious incident. How can it get this far? Or, to be more specific, what are the shortcuts organizations are taking that may lead to severe SSH threat risks?
 

Will your organization benefit from an SSH risk assessment? Find out.

Here 5 signs that your SSH environment may have a ticking SSH bomb:

 

  1. The Fuel: A toxic growth in trusted connections
    SSH is known for its encryption and built-in automation. By using a single command and a key, a script or automation tool can reach out to another SSH identity, send a command and receive system information back. This type of SSH connection is often based on a high level of trust. Today, cloud migration or digital transformation can push resource-stretched organizations toward a toxic growth in these automated machine-to-machine connections — especially when IT productivity is given a high priority.

 

  1. The Blindside: Outdated or bypassed observation
    Traditional controls may not be able to cope with new environments and new growth. As connections grow outside the traditional perimeter, legacy controls — like jump or proxy servers — may get bypassed. Even worse they may become bottlenecks because they can no longer deal with the volume and intensity of the machine-to-machine connections. Also, deep PAM (privilege access management) controls like full-session recording may become irrelevant as DevOps processes continuously change the IT environment and programmatic sessions becomes hard to decipher.

 

  1. The Catalyst: Unassigned ownership of SSH identities
    This step is often the biggest tipping point. Once a cloud model is adopted, virtual machines and containers are created on a continuous basis. Venafi’s home grown risk assessments have indicated that SSH host keys and even private keys are often copied between machines and their clients. The underlying reason for this is the lack of ownership of these machine identity keys. Specifically, as IT Infrastructure, Operations and Security Teams all have their own priorities, lifecycle ownership of the SSH identities (or keys) literally falls between the cracks and highly trusted keys get lost, making them easy targets for adversaries.

 

  1. The Concealer: Weak audits or assessments
    Today, most organizations audit their SSH environment on a regular basis. Best practices have been defined by industry or governmental instances. However, once an audit has passed, there is a false sense of security that can take over—especially if the compliance mandate focuses on human interaction and a full audit of the machine identity lifecycle has been skipped.

 

  1. The Ignition: Malware or human error
    The last step that may indicate an active SSH bomb is a stolen SSH credential. This can happen in many forms, such as humans getting tricked by a phishing attack or day-one malware slowly extracting data. Once an SSH key has left the organization, limiting the exposure can become a challenge. And very quickly, a very expensive response may need to be put in place.

 

In an effort to stay left of the boom, security engineering teams often focus exclusively on this last step. When they do this, they are tempted to forget that their organization is still producing the fuel and catalysts for an SSH bomb. It’s important to protect the entire chain of exposure for SSH keys. To learn more about how you can shift more to the left and detonate a potential SSH time bomb, see our article on six steps for managing SSH keys.


Learn more about machine identity protection. Explore now.
 

Related posts

 

Like this blog? We think you will love this.
image of a young business man sitting and thinking from behind a desk
Featured Blog

Three Rs for Responding to SSH Threats [Are You Following Them?]

Situation Skidmap To illustrate the value of spee

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Bart Lenaerts
Bart Lenaerts

Bart is a Product Manager at Venafi. He has 20 plus years of experience in Network Systems & Security and is a passionate storyteller with strong operational and inter-personal management skills. His international background has allowed him experiences within both Fortune 500 and start-up environments.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat