Skip to main content
banner image
venafi logo

LIVE SANS Webinar—Securing SSH Itself with the Critical Security Controls

LIVE SANS Webinar—Securing SSH Itself with the Critical Security Controls

generic_blog_banner_image
November 16, 2015 | Gavin Hill
Key Takeaways
  • Improperly implemented and configured SSH deployments are vulnerable to attack and compromise
  • When deployed properly, SSH keys are harder to crack, steal, or guess than passwords
  • A live webinar by SANS and Venafi explains SSH vulnerabilities and how to remediate them

SANS Institute and Venafi are cohosting a live webinar this Wednesday on the Secure Shell (SSH) network protocol, its vulnerabilities, and how organizations can address these vulnerabilities using SANS Critical Security Controls (CSCs).

When I read news stories about SSH-based attacks, I always wonder if organizations are paying attention. Are they taking the news stories as cautionary tales? Or are they taking the stories as isolated incidents that don't affect them? Or are they ignoring the stories altogether?

If your organization is in either of the latter two camps, I have news for you. While SSH is a sound technology, it has its vulnerabilities—all technologies do. And because it is providing privileged access to your organization's highest-value digital assets, you should know what these vulnerabilities are and how to address them. If you don't, how can you be sure you've adequately protecting your SSH implementation from the bad guys who seek out and prey upon SSH vulnerabilities?

In other words, how can you tell if you're properly securing the technology that secures your digital wealth?

Experts agree that SSH must be secured. Read this recent blog on the new NIST paper on SSH titled, Security of Interactive and Automated Access Management using Secure Shell (SSH), which emphasizes that SSH provides access to nearly all mission-critical systems and organizations should have an active SSH key management and security initiative to ensure their SSH keys remain protected.

This Wednesday, I’m cohosting a webinar with SANS SSH expert, Barb Filkins, to give organizations precisely the information they need to implement this type of initiative. In the webinar, Securing SSH Itself with the Critical Security Controls, we’ll share how the bad guys exploit SSH vulnerabilities to give themselves privileged access to organizations' most confidential and critical data. And follow up with ways organizations can stop the bad guys cold.

SANS Webinar on Securing SSH

A few SSH vulnerabilities lie in the technology itself, but the webinar will show that most lie with a wide variety of implementation and configuration mistakes. For example, harried key administrators can inadvertently deploy authorized keys to root user accounts rather than to regular user accounts. Then when SSH keys are compromised, this opens the door to attacks where bad guys gain privileged access to everything from organizations' firewalls to their most coveted (and perhaps heavily regulated) data—costing organizations millions.

The webinar will also explain how to remediate these SSH vulnerabilities so SSH can be a strong tool for enabling and controlling access. When configured correctly, SSH keys are harder to crack, steal, or guess than are passwords.

In the webinar, you'll see how the SANS CSCs map to the National Institute of Standards and Technology (NIST) best practices for properly implementing SSH, a good complement to the new NIST paper on SSH. For example, CSC subcontrols and NIST's best practices both recommend that organizations automate key-provisioning processes, keep a complete inventory of enabled SSH identity keys, and rotate these keys regularly.

You'll also learn how, with Venafi, you can effectively implement these SANS and NIST recommendations—easily creating a complete key inventory, managing SSH keys throughout their lifecycles, and automating SSH key issuance and revocation. Venafi, as the Immune System for the Internet™, also seeks, destroys, and replaces keys that are compromised, much as the human immune system seeks and destroys cells that threaten the body.

Most enterprises do not have companywide SSH policies and management practices—instead turning to administrators to manage their own keys. This ad hoc approach to SSH key management and security doesn’t keep organizations safe. It’s time to learn how to implement effective SSH key protection that secures your critical systems and data. And, besides, you'll enjoy the webinar much more than reading a story about your organization's SSH-based data breach in the morning news.  

I hope you join me at the SSH webinar this Wednesday!

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

shutter

3 Steps that Stop the Speed of DevOps from Introducing Security Risk

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

generic_blog_banner_image

Venafi at RSA 2016: Breaking Closed Systems with Code Signing

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat