Skip to main content
banner image
venafi logo

Have You Put a Welcome Mat Out for Attackers? Forrester Research Shows Gaps in SSH Security.

Have You Put a Welcome Mat Out for Attackers? Forrester Research Shows Gaps in SSH Security.

July 22, 2014 | Gavin Hill

Organizations have become reliant on SSH to provide authentication and establish elevated privileges between administrators, applications, and virtual machines in the data center and out to cloud. SSH helps enterprises establish trust. However, there is a darker side to SSH, a dirty little secret that research published by Forrester exposes. Most bad actors understand this secret and continuously take advantage of it. In fact, the problem is becoming worse as organizations become more reliant on SSH to administer workloads in the cloud.

Lax Policy Enforcement

On a daily basis, IT security professionals must balance a myriad of threats and security challenges, all while ensuring the business remains operational. When you take into account the elevated privileges SSH provides, you would assume that enterprises make SSH keys more secure and apply more well-defined, stringent polices than simple usernames and passwords, which provide fewer privileges. But this is not the case. Most organizations have a 30-, 60-, or 90-day password rotation policy. However, Forrester research shows that most organizations have no policies or controls to secure SSH keys. Almost three-quarters (73%) of organizations hardly ever rotate SSH keys. They also rely on system administrators to self-govern their SSH keys. This negligence provides bad actors with near unfettered access to enterprise networks with elevated privileges, sometimes for a span of several years (see an example of a multi-year APT attack).

In the last 24 months, nearly 50% of survey respondents reported that they had to respond to security incidents related to the compromise or misuse of SSH keys. Unfortunately, even with such a high frequency in security incidents, information security professionals don’t seem to be taking the issue seriously. Only 9% of organizations scan for unauthorized SSH activity every 12 hours. The remaining survey respondents either do not scan at all or at a frequency that ranges from greater than every 12 hours to every month. When compared to vulnerability scanning or AV scanning, you would never consider 12 hours to be sufficient.

Closing the Gaps in SSH Security

When considering the importance of SSH and the fact that they provide the ‘keys to the kingdom’—your enterprise network—the security of SSH keys should be a high priority. Forrester research recommends the following minimum steps be taken to close the SSH security gaps:

  1. Ensure there is centralized visibility and control over SSH keys. Reliance on disparate administrative controls is proven to be ineffective.
  2. Ensure there is centralized policy enforcement. Policy enforcement helps reduce the number of mistakes made when configuring SSH.
  3. Ensure there is a clear understanding of baseline usage. Without an understanding of how SSH keys are used and by whom, it is near impossible to detect any security incident related to SSH compromise.
  4. Ensure there is continuous monitoring of the network to identify any anomalous SSH usage. With a clear baseline of SSH usage and continuous monitoring you can dramatically reduce your organizations threat surface.
  5. Ensure remediation of identified SSH vulnerabilities is acted upon swiftly. An SSH compromise provides bad actors with elevated privileges to the enterprise network.
Like this blog? We think you will love this.
how ssh works
Featured Blog

How Secure Shell (SSH) Keys Work

How it works SSH is a type of network protocol that creates a cryptographically secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more